When businesses around the world shifted to remote work in response to the Covid-19 pandemic, IT departments were forced to deal with a decentralized workforce nearly overnight, with little time to adapt to their changing reality and the new cybersecurity landscape.
However, cyber attackers are taking advantage of what are the increasing number of vulnerable points that have come to light as a result of remote working and a workforce now conducting the majority of its work and interactions online via virtual, physical, cloud and SaaS environments. According to findings by Google’s Threat Analysis Group (TAG), early on in the pandemic, Google had already “detected 18 million malware and phishing Gmail messages per day related to Covid-19, in addition to more than 240 million Covid-related daily spam messages.”
All the vulnerabilities of a particular business taken together constitute what is known as its ‘attack surface.’ The larger the attack surface, the higher the chances of a data breach as a result of an unauthorized user gaining access to the system. When exploited by malicious parties, any vulnerable point can potentially lead to loss of critical data and disruption of business operations.
The attack surface increases when remote workers use unsecured Wi-Fi connections, private or public, on their work devices while having what is often cloud-based external access to email services and other internal resources. In addition, the use of new technologies, like cloud-based video conferencing and collaboration services to facilitate remote communication, have further increased data vulnerabilities.
Companies Sprint to the Cloud Amid Covid-19
Switching to remote work has driven both enterprises and SMBs to move their operations to public clouds, and, according to Gartner, this trend looks set to continue in the future. The Flexera 2020 State of the Cloud Report also revealed that the use of public clouds continues to grow as one-fifth of businesses already spend over USD 12 million on public clouds. According to the same report, over half of those businesses forecast an increase in their spending on public clouds as the pandemic drags on.
However, trusting that data stored in a cloud like G Suite or Microsoft 365 is safe is a common and dangerous misconception. With the cyberthreats resulting from the Covid-19 crisis, cloud-based data requires even higher levels of protection than before the pandemic. Unprotected cloud data exposes businesses to a range of risks caused by accidental data deletion, security threats, retention policy gaps and legal compliance issues.
Data breaches and data leaks are also a much bigger risk today. With so many work interactions taking place online, remote work has presented malicious actors with more opportunities to compromise business data and security, and phishing scams are becoming ever more sophisticated, from online shopping scams to government-backed phishing. If an employee fails to recognize a malicious link or download file, all data stored in the cloud can be compromised.
Poor access management is another increased risk that companies are seeing. Data breaches and data leaks often result from poor access management rather than the security vulnerabilities of cloud services. When a company fails to put in place secure authentication mechanisms and properly assign access privileges, its data will get compromised sooner or later.
Of all the risks, human error is the most common reason for data loss. Accidental deletions, file corruption and gaps in retention policies are only a few of the possible scenarios. The danger of human error is that often the discovery that data has been corrupted or lost happens too late for any possible recovery to take place. Employee training mitigates the risk of human error but doesn’t fully eliminate it.
Backups become more important amongst the pandemic
With the pandemic showing no signs of slowing down and new threats and schemes constantly evolving, companies are must evolve their data protection strategies to pre-empt and respond. However, this is where the cloud can help. Equal to its vulnerabilities during the pandemic, are the cloud’s strengths. The cloud allows IT administrators working from home – and without access to physical machines – to minimize disruptions to operations and ensure continuous availability.
With a remote workforce, a data protection strategy that includes cloud integration for backup and recovery functionality can provide the tools necessary to respond to a data breach or even user error. Regardless of whether a remote employee accidentally deletes a file or a production server goes down, IT administrators are able to perform instant granular or full recoveries or even recover physical machines to virtual machines by using cloud backups. Cloud storage can be accessed from any geographical region at any time, with an internet connection. In a time where physical access to offices is limited, keeping data off-site and in the cloud makes sense, and also provides an advanced level of security and data protection. Storing copies of data in the cloud serve as a guarantee of data safety in disaster. It is also a cost-effective approach.
Beyond the pandemic-related vulnerabilities, cloud storage used as a backup destination offers great benefits for businesses. In addition to high availability, that is, on-demand access to backup data, cloud storage is cost-effective with pay-per-use pricing and easily scalable to hold terabytes of data. The cloud can be easily scaled up or down, depending on data volume and requirements. Virtual infrastructure can be upgraded by adding storage, memory, or processing power. It is also straightforward to scale down by reducing the amount of disk space, memory, or processors allocated. Some services also offer a range of tiering classes to optimize costs depending on the length of data retention and immutable storage to protect backup data against ransomware and deletion.
These are just a few of the benefits companies have seen while expanding their use of cloud-based data protection solutions since the pandemic began. When it comes to business resiliency, companies must ensure they have a safe and secure way of making data more available than ever before in order to drive decisions quickly. With careful, considered use of the cloud and strategic backups, businesses are well-positioned to maintain not just business as usual in the remote working landscape, but a rather a safe, secure and fully optimized working environment that is well positioned to support growth.
Veniamin Simonov, Director of Product Management, NAKIVO