Since the COVID-19 pandemic upended how we work, live, and learn, working and learning from home went from nice to have to how things are overnight. The sudden shift left IT departments around the world scrambling to keep work going and support users.
While many IT departments adapted quickly to their heightened security needs with the overnight addition of so many new ‘remote offices,’ others didn’t and hackers figured it out—fast. The Hacker News paints a no-holds-barred picture of what happened and, more importantly, what happens next.
For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the COVID-19 pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called into service with little to no warning and even less opportunity for testing. Needless to say, the situation wasn't ideal from a cybersecurity standpoint. — How COVID-19 Has Changed Business Cybersecurity Priorities Forever
When everyone started to work from home in March (in North America), there was a feeling this would be temporary. We’d all be back to offices in a month, maybe two. How bad could it get, right? And as The Hacker News points out, most IT departments felt the same way: let’s make this work for now. It was more of a band aid than a long-term cure.
The trouble is, there's still so much uncertainty surrounding when – or even if – businesses are going to revert to their pre-pandemic operating norms. That new reality is upending many of the assumptions that IT planners made about what their cybersecurity priorities were going to be heading into 2020.
No one planning for 2020 in late 2019 could have foreseen this. Now that reality has set in, IT is focused on new challenges and requirements. Even if your company isn’t one that will be remote long into 2021 like Google, Sony Music, Amazon corporate and others or permanently remote like Facebook, Twitter, Slack and Square.
Some of the biggest challenges IT faces now and going into next year include:
- Persistent visibility into every remote device, no matter where it is and remote control over it
- Monitoring access to internal systems from remote locations
- Setting and monitoring better access control structures
- Educating users about IT security
- Finding the time and budget to do it all
These are compelling technical and resource challenges and Absolute has been at the forefront of tackling them. Our COVID-19 Remote Work and Learning Dashboard provides new data and trends on devices, collaboration tools, and threats.
Sadly, our research shows sensitive data on devices is piling up on endpoints yet insecurity grows. Nearly 7 out of 10 Windows 10 devices have versions more than a year old. On average, Windows 10 devices are also 76 days out of date on patching and 1 in 4 devices have critical security apps out of compliance.
In schools, remote learning forced device use way up. But so is the number of days out of date with current patching — it’s now at 186 days. And 41 percent of devices are 2+ versions behind across Windows 10, MacOS and Chrome OS.
The attack surfaces at work and school are huge and getting bigger with each passing week. Confirmed by cybersecurity experts interviewed by ZDNet, the two most common flaws used to exploit systems through the pandemic are out of date/unpatched systems and weak passwords. Getting people to use better passwords is a never ending challenge, but at least with Absolute Resilience you can patch and update systems.
Absolute is the only undeletable tether to every device, embedded in the bios, that allows for continuous visibility and control. You can ensure VPNs are always working and configured. You can force updates and patches to protect machines even when they aren’t connected to your network.
Learn more about Absolute solutions for enterprise, education, government, healthcare, and finance and then book a demo to see how Absolute saves you time, money, and headaches.