Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

The Security Vulnerabilities Emerging from the Coronavirus Pandemic

By Josh Horwitz
keys-cyber-enews
June 17, 2020

Among the many business implications of the coronavirus pandemic is an increase in security episodes. In a recent study by Barracuda Networks, 46 percent of respondents had experienced at least one security incident since lockdown restrictions were in place, with 51 percent recording an increase in the number of email phishing attacks. A quick Google News search returns countless examples of the latter, with Netflix, Microsoft, the CDC and the WHO among the organizations impersonated by hackers in coronavirus-related phishing campaigns.

Troubling as these incidents are, the pandemic has exposed deeper, more significant cracks in enterprise security. As companies plan for a phased return to normal operations, it’s imperative that they are aware of these vulnerabilities and make addressing them a central part of their coronavirus response.

Following are a few key risks the current working climate has brought to light. 

1. IT Infrastructure is not Prepared for Widespread Remote Working

In recent years, remote working has become increasingly popular with many employees “WFH’ing” one or two days per week. That situation is vastly different from today, however, when sixty-two percent of employed Americans are working from home due to the pandemic. It’s clear that IT infrastructure was not adequately prepared for this significant increase.

There are numerous security implications as a result. For example, companies using Windows Active Directory Server may not have had VPNs set up for all people now working remotely. This, in turn, would prevent the employees’ computers from connecting directly to a domain controller, meaning that periodic password resets could not be completed. This can lead to network trust and secure channel issues, both of which cause additional IT headaches and impede productivity. As organizations struggle to manage this and other challenges related to supporting a newly remote workforce, it’s incredibly common for speed to take precedence over best practice, increasing the likelihood of vulnerabilities arising from human error, as well as issues with compliance and performance.

So, what’s the takeaway for organizations? Digital transformation initiatives and disruptive technologies like AI and 5G deserve their place on the corporate agenda, but not at the cost of security. Whether it’s investing in a new IT project or revising business continuity planning with lessons learned from the pandemic, it’s critical that companies explore any security implications thoroughly before rolling out the change.

 

2. New Risks Arise from Band-aid Approaches to Remote Working

Fifty-one percent of the respondents in the Barracuda survey believe their workforce was not properly educated about the security risks of remote working prior to the pandemic. This situation is further complicated for employees working remotely along with roommates, spouses or children also conducting more activities online. If everyone is utilizing the same network, there is an increased risk of malware being inadvertently installed.

In addition, many IT organizations are permitting employees to use personal devices, email accounts and cloud storage to avoid business disruption. While the approach is understandable the security threat is equally apparent. BYOD means that employees are bypassing the policies and procedures required to protect corporate assets, making it significantly easier for hackers to access this information.

When planning for the post-coronavirus recovery, companies must implement robust remote working policies that mandate the creation and use of a separate Wi-Fi network exclusively for business use, among other security best practices. Determining how to ensure business continuity without allowing BYOD threats to increase will vary based on the individual organization, but this is a critical step to shoring up security.

 

3. It’s Difficult to Detect Anomalies in Unprecedented Times—for Humans and Machines Alike

A central tenet of modern security relies on discerning normal from abnormal, and many companies avail of machine learning and bot detection to identify and address system anomalies. This approach works well when it’s business as usual but, when the circumstances are radically different, it’s much less effective. As a result, organizations are dependent on other security measures or forced to step up manual threat detection efforts. For companies already struggling with the IT challenges outlined above, this is a burdensome requirement that can easily lead to security holes.

In a similar vein, hackers are relying on the fear, confusion and stress surrounding the pandemic, banking on the fact that people will be more likely to fall for social engineering campaigns as a result. For example, an email from a colleague asking to borrow a password would raise a red flag in normal times, however, it’s easy to see how an employee could be tricked into answering the query given our current circumstances.

Determining how threat detection technology can evolve is a complicated matter. Figuring out how to educate employees to detect human anomalies is much more straightforward. Companies should issue guidance on how they will be communicating about the matter and include reminders on phishing vigilance whenever they are faced with an unusual work situation. This will be important as organizations navigate a return to physical workplaces, as hackers will likely look for ways to capitalize on the “back to normal” theme.

 

4. Software is Often Designed for Convenience Rather Than Security

Zoom’s headline-making pandemic-related security woes underscore what can happen when technology is architected for ease of use rather than security. This should serve as a good reminder for companies to audit their vendor landscape and, wherever possible, ensure all technology offers robust security features. Mandating that all employees frequently check and install updates and patches is also important, particularly for software with less than ideal security.

 

5. Security Often Falters at the Password Layer

Ninety-one percent of respondents in a LogMeIn survey recognize that sharing passwords across multiple accounts introduces security concerns, yet 59 percent admitted to doing it anyway. This underscores that security leaders must expect poor password hygiene from their users and revise their approach to account security accordingly. When people are working remotely and creating new digital accounts, this becomes more important than ever. As they look to the future, organizations must determine how they can not only ensure the strength and uniqueness of passwords at their creation, but also how they can monitor these credentials and ensure they don’t become compromised down the road.

 

Considering the Future 

We are certainly operating in unprecedented times, but it’s highly possible we will face another remote working scenario when the second wave of the virus hits. As such, it’s important that companies not only consider the security vulnerabilities outlined above as part of their return to work but also as they plan for the possibility of another lockdown. With hackers always eager to capitalize on lack of preparedness, employee confusion and other factors, companies simply cannot afford to ignore the spotlight the coronavirus has shed on enterprise security.

KEYWORDS: COVID-19 cyber security information security phishing risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Josh horwitz enzoic

Josh Horwitz is an enterprise software executive and entrepreneur with over 25 years experience. He was the founder of the cloud-based, enterprise customer-marketing platform, Boulder Logic, whose clients included Microsoft, Siemens, Dell, and CSC. Prior to founding his company, Josh held senior technology and sales positions with both start-ups and Fortune 500 companies, including IBM where he developed marketing programs to help build Lotus Domino to over 40 million users. Josh earned his MBA from Babson’s F.W. Olin Graduate School of Business and his BA from Washington University in St. Louis. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • voting election

    It’s time to modernize the voting process

    See More
  • key-enews

    Battling Account Takeover Risks Without Compromising User Experience

    See More
  • The Cyber 101 Discussion

    New vulnerabilities exposed as IT teams respond to the pandemic

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing