| || |
With a potential recession on the horizon, we know you want resources to help your business master the moment. We've put together our Agility & Excellence Resource Center to bring you strategies and solutions with a finger on the pulse of what's ahead.
Companies today face a barrage of newfound cyber vulnerabilities with employees working remotely and the threat of an impending recession looming large. Emerging technologies and geopolitical tensions only compound these risks, making for a precarious situation. The specific hazards businesses encounter in this unique moment make them increasingly susceptible to cybersecurity threats. However, a clear understanding of where vulnerabilities exist can equip leaders to minimize risks.
Remote Work Vulnerabilities
The rise of remote work has become the new norm in today's world. However, it also brings a wave of novel cybersecurity risks that organizations must consider. Remote workers often access public Wi-Fi networks at coffee shops or libraries, wherein they tend to be less guarded. Therefore, they make themselves vulnerable to cyber criminals who can access confidential information or install malware.
Additionally, remote workers may inadvertently share sensitive information through insecure channels or with unauthorized individuals, putting their organization's data at risk. Moreover, the devices used by remote workers are often located in less secure environments, such as their homes or other remote locations, making them more vulnerable to theft or unauthorized access.
There are also other risks that organizations may not thoroughly consider. For example, remote workers may experience isolation and lack in-person interactions, potentially making them more open to specific cyber attacks. For instance, a remote employee who lacks familiarity with their coworkers may be more susceptible to falling for impersonated phishing emails, leading to potential data breaches or unauthorized access to sensitive information. Additionally, the absence of in-person communication may also make remote employees easy targets for social engineering attacks, such as a fake voice on the phone impersonating a CFO and requesting a fraudulent money transfer.
The second significant risk that is sometimes not adequately addressed arises from remote workers, alongside hybrid and in-person workers, commonly utilizing their smartphones to access work-related content, such as checking emails or logging into teleconferences. This practice exposes them to malicious cyber attacks and, in the event of device theft, could potentially grant unauthorized access to company documents and information, thus posing a significant threat to the organization's overall security posture. And, employees may not have updated security software on their personal devices, leaving them exposed to malware and other cyber threats.
As the adage goes, history tends to repeat itself, and looking back can often provide insight into what we can expect in the future. Cyber crime rose 40% in the two years following the 2008 recession's peak in 2009. At that time, cloud services and smartphones were emerging technologies, and therefore their impact on cyber crime was relatively limited. However, fast forward to today, and we are now more dependent on technology than ever. Given the extent to which we rely on technology in our personal and professional lives, it stands to reason that cyber crime during a recession today could increase even more dramatically than it did 15 years ago.
During a recession, it's common for companies to make cost-cutting measures and halt their hiring processes. Unfortunately, cybersecurity is not immune to these actions. The corporate world has been facing a severe talent shortage for almost two years, with the cybersecurity field alone experiencing a global shortage of 3.4 million workers.
Furthermore, when making budget cuts, cybersecurity is often one of the first areas to be impacted. A recent JumpCloud report found that 44% of respondents plan to reduce their cybersecurity spending in the upcoming year.
A lack of cybersecurity professionals and a proper budget puts organizations at significant risk, leaving them vulnerable to cyber-attacks and ultimately hindering the process of recovery should such an attack occur.
As an additional concern, employees may be more willing to click on malicious links if they are worried about their job security.
Weaponized AI Chatbots
As can be expected, the emergence of new technologies often brings with it a Pandora's box of cybersecurity risks. The world of artificial intelligence is no exception, as cyber criminals have wasted no time in harnessing the darker potential of AI chatbots like ChatGPT. The Better Business Bureau recently announced that hackers are using the sophisticated capabilities of ChatGPT's advanced conversational models to craft realistic and tailored phishing emails and fine-tune their malicious malware, and sophisticated phishing attacks created by AI and machine learning can bypass traditional security measures.
Business leaders are acutely aware of this looming threat, as evidenced by a recent survey conducted by BlackBerry, which revealed that 51% of IT decision-makers anticipate a successful cyberattack attributed to ChatGPT within the coming year.
Continued Geopolitical Tensions
Geopolitical tensions have long cast ominous shadows over the cybersecurity landscape, and recent events only underscore their significant impact.
Last summer, U.S. cybersecurity authorities urged businesses to maintain heightened vigilance against potential cyberattacks, seen as a direct fallout from Russia's ongoing conflict in Ukraine. Their caution continues to paint a foreboding picture of imminent digital strikes that could reverberate across the corporate landscape.
In addition to the war in Ukraine, NATO adversaries are forging unseemly alliances in cyberspace, and nation-states are collaborating with cyber criminals, putting the heightened vulnerability of U.S. organizations at the global forefront. Additionally, nation-states may use cyber attacks to steal intellectual property or disrupt critical infrastructure.
Get Ahead of the Risk
In today's cybersecurity landscape, organizations must be agile and innovative in their approach to tackling the unique risks at hand. To outmaneuver these ever-looming digital threats, it is crucial to explore many strategic avenues.
Are you interested in evaluating your current security strategies? Our data privacy and cybersecurity team performs assessments of critical infrastructure operations technology and industrial control systems. We stand ready to assist you with your organization's cybersecurity defense. Contact us today.
Copyright © 2023, CBIZ, Inc. All rights reserved. Contents of this publication may not be reproduced without the express written consent of CBIZ. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.
CBIZ MHM is the brand name for CBIZ MHM, LLC, a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of publicly-traded and privately-held companies. CBIZ MHM, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ).