In the current context of the COVID-19 pandemic, teleworking exposes companies and organisations to cyber attacks. These are major issues and challenges for CIOs and CISOs!
Almost one third of the world's population is now locked down and soon almost one billion people will be teleworking[1]. This situation is unique in human history. Technology is enabling business continuity for many companies and organisations in many economic sectors. Large companies and SMEs are often well prepared and have already been practising telework for many years on a daily basis for targeted categories of employees: managers, consultants, engineers, etc. Under the governance of the CIO and CISO, they have been able to adapt quickly and massively to move into telework mode. Other companies, organisations or administrations which are less mature in this way of working have had to manage the global health crisis by deploying unsecured and untested infrastructures, workstations and network links in an emergency, with access to critical applications or resources. In addition, CIOs are faced with a decline in staffing levels which leads to difficulties in managing and strengthening security for implementing telework.
Cybercriminals are infiltrating the computer networks of companies, administrations and private individuals.
Cyber-malware is unethical and exploits all the vulnerabilities arising from this global crisis. Cybercriminals are infiltrating the computer networks of companies, administrations and individuals. In France, on Saturday 14 March, on the eve of the first round of municipal elections, the metropolis of Aix-Marseille-Provence declared a massive and widespread cyberattack, paralysing a large part of its equipment, including in the territories. On the same day, in the UK, the Hammersmith Medicines Research Centre, which works on COVID-19, suffered a ransomware attack. On Sunday 22 March, the AP-HP was the target of a computer attack requiring the temporary shutdown of external access to emails and teleworking tools. Companies such as Omnia Holdings, Tesla, Space X and Lockheed Martin also faced major cyber attacks in March. Cyber attacks, cyber fraud, data theft, phishing and other sophisticated scams are exploding all over the world.
The level of risk clearly increases when teleworking is implemented in a hurry, with workstations that have not been previously validated, updated and secured (antivirus/malware, VPN link or secure cloud), or when employees use their personal digital equipment. In the current context, there will be a significant risk exposure divide between organisations that have defined, prepared and regularly validated a true Pandemic Business Continuity Plan (BCP) and those that have not.
There is a wide range of technological and innovative tools for securing telework environments: Identity Access Management (IAM), Multi-Factor Authentication (MFA), Virtual Private Network (VPN), anti-virus/malware, network segmentation, Artificial Intelligence-based Endpoint Detection and Response solutions, etc.
