Tuesday 25 August 2020 7:00 am

DEBATE: Will cyber attacks increase as we return to the office?

Rich Turner is SVP EMEA at CyberArk.
and Chris Hodson
Chris Hodson is CISO at Tanium.

Will we see an increase in cyber attacks as more businesses return to the office?

Chris Hodson, CISO at Tanium, says YES

Cyber criminals exploited business disruption in the rush to get workers set up from home in March. Our research saw a 92 per cent spike in attacks targeted at companies in the first two months of lockdown, and they’ll respond again as offices fill up.

These distributed workforces — where some staff work from home and some in the office — will cause even more headaches for IT teams.

The problem is that most organisations still struggle to fully understand how their staff are accessing sensitive business information. Vulnerability management is vital for organisations to prioritise possible threats and to minimise risk — but you can only manage what you can see. Lockdown exacerbated these issues, as we saw an increase in employees using personal devices to access company data. But this lack of full visibility is an issue as we move back to “normal” ways of working — and hackers know this all too well now.

This situation will continue to present a problem until businesses understand that a hacker just needs one unsecured laptop or mobile to disrupt a whole company.

Read more: High-profile Twitter users’ private messages hacked in cyber attack

Rich Turner, SVP EMEA at CyberArk, says NO

We shouldn’t automatically expect cyber attacks to increase as workers return to the office, though of course they trend upwards over time. The cyber habits of remote workers contributed to raised threat levels during lockdown, with hackers using social engineering attacks like phishing successfully. Corporate networks are also better defended than employees’ own home networks, and the diminished reliance on VPNs for security and access will reduce the remote working threat.

The danger is that employees assume they’re returning to a completely secure environment. Many businesses are making the transition in phases, and providing access to information and assets from both within and without corporate networks is challenging.

Addressing this requires an identity-driven approach to security which applies the right level of authentication and security controls to individuals based on their role, what they need to access, and how long they need to access it for.

This will be vital in order to stop attackers gaining privileged access to critical data and assets.

Main image credit: Getty

City A.M.'s opinion pages are a place for thought-provoking views and debate. These views are not necessarily shared by City A.M.