Cyber attack has been on the rise ever since the Covid-19 pandemic hit different parts of the world. Since the virus thrived in a crowded and confined spaces, many employers introduced the work-from-home system. Every decision that we make comes with its own set of pros and cons – similarly the flexibility of allowing employees to work from home during and post pandemic has also caused headache for employers and businesses as working remotely introduces some risks of cyber attack that threaten the organization’s cybersecurity posture.
In an article, “Remote work: Cybercriminals take Advantage of Employees Vulnerabilities”, it was reported that most people in Africa who work from home are not engaging in safe online behaviour and putting both themselves, and the business, at risk for cyber attack, which coincidentally correlates with a survey conducted by Kaspersky Lab and B2B International, where 5,000 businesses around the globe answered the question on the role that employees play in the fight against cybercrime.
Kaspersky report on Cyber Attack
The findings of that survey reported that 52% or just half of businesses believe their staff, whether intentionally or through their own carelessness or lack of knowledge, are putting the businesses they work for at risk. Brene Brown, an American professor, lecturer, author, and podcast host once said that “vulnerability is the birthplace of innovation, creativity and change” and employee’s vulnerability while working from home are being exploited cybercriminals where they could launch their cyber attack towards the victim.
For Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 AFRICA, this draws a thick red marker around the need to ensure that people and security training remain a priority while offices continue with hybrid ways of working. “People adopt different behaviors at home as a rule,” she adds. “It is home, after all. There has to be a solid mental shift now that the home has become the office, and this shift involves making sure that the same security checkboxes that were ticked at the office are also ticked at home.
This is even more important because cybercriminals are taking advantage of system and employee vulnerabilities right now, and really going in on the offensive,” she concluded. In an earlier article by ESPC, it was also reported that the main reason for cyberattacks is that cybercriminals are exploiting the human layer – THE PEOPLE, whom are the weakest link in security because they are not made aware of the current cyber attacks that are facing them.
To achieve positive information security behaviour, it may be necessary to introduce motivational, enforcement or corrective strategies by the organizations’ management. There must be a continuous process to introduce new awareness and behaviour requirements and spread it in the organization. Existing awareness and behaviour requirements may have to be optimized.
Image Source: KnowBe4 Africa