Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

‘A staggering problem’: Working from home could lead to massive data leaks

Add as a preferred source on Google
 

The corporate security situation right now is like trying to quickly assemble a shelter during a rainstorm, experts say: Even if you get something set up, you’re still likely to have some water leaking through.

Recommended Videos

Everyone working from home, plus a reported increase in attempted cyberattacks means security systems straining under these unique conditions are especially vulnerable to massive hacks and data breaches — which could be underway right now and may not be reported about for another six months.

“I’m terrified about it” said Ben Goodman, senior vice president of global business and corporate development at ForgeRock. “A lot of users are being thrust into a work from home environment, and they’re not at all used to this.”

It takes a lot to make sure users are properly implementing security best practices, he told Digital Trends — practices that most companies didn’t train for before employees were forced to work remotely.

“I think we’re going to have an unprecedented number of breaches being announced following the pandemic,” said Kayne McGladrey, member of the Institute of Electrical and Electronics Engineers.

“The amount of risk is at an all-time high,” agreed Chris Hertz, chief revenue officer for the cybersecurity company DivvyCloud. “If I were a cybersecurity professional, I would not be sleeping right now. It’s a staggering problem.”

An annual survey from DivvyCloud reported that 49% of respondents who use the public cloud in their jobs said “their developers and engineers at times ignore or circumvent cloud security and compliance policies.”

In addition, cyberattacks are on the rise, a trend that was already happening before the pandemic, and now has dramatically increased, said Hertz. 2018 and 2019 saw a record number of ransomware attacks that totaled $5 trillion in damages.

“Right now is one of the most critical periods for IT security professionals that we’ve had in last decades,” Hertz told Digital Trends. “As one of my colleagues says, we’ve planned for hurricanes, earthquakes, tornadoes, but not for a pandemic that would send literally everyone home for six to 12 months. That was never the framework we’re thinking of.”

No corporate continuity plans

The difference between a company suffering a breach and coming through the pandemic unscathed could come down how much of their workforce was online before the coronavirus pandemic hit. Employees who weren’t already working online may cause trouble.

James Carder, chief security officer at LogRhythm, a security intelligence company, said he was concerned about the number of security concessions that corporations would have to make in order to quickly for their workforces online.

“Those that already had effective work from home infrastructures in place will fare better than those that had minimal work from home,” Carder said. “Those businesses that had a big emphasis on going to one place to do something, whatever that was, they’re probably struggling.”

Goodman estimated that whatever ad hoc systems corporations had cobbled together to get their employees online would not pass muster when put under pressure. “I have a feeling that for years to come we’ll potentially see that there were data breaches and hacks because of these systems being built too rapidly,” Goodman said.

“In a matter of weeks, we’ve gone from working at desks and on computers connected to systems controlled by employer, to using own machine on our own networks connecting through SaS applications,” Goodman said. “The likelihood all this has been done insecure manner is low.”

The chances that a business had a continuity plan for something like COVID-19 is unlikely. “No disaster recovery plan considered a pandemic at this scale,” said Carder. “I’m fairly sure no one had that binder on their shelves.”

“The breaches are already occurring and will grow over time,” said Alan Snyder, CEO of mobile cybersecurity company NowSecure. “For decades enterprises have built out layers of perimeter security assuming people mostly worked inside those 4 walls. The company network perimeter has completely blown up and fragmented.”

Zoom is ‘a cautionary tale’

The effects of a scramble to move an entire workforce online have already been seen with video-conferencing service Zoom and its security issues, experts said.

“Zoom is a classic example of people sacrificing security for expediency,” Hertz said.

It didn’t take long for everyone’s favorite video conferencing software to get thrown under the privacy bus. The company’s massive spike in popularity exposed some privacy and security holes that experts say are actually pretty common in a lot of apps. Zoom was forced to answer those concerns under the spotlight.

“Zoom had these issues even before the pandemic,” Goodman said. “They prioritized user experience over everything else, and the truth is, it works. I’ve worked with a lot of these tools and Zoom is the most user-friendly. But I think it’s a cautionary tale.”

Zoom likely isn’t the only app that has done this, it’s just the poster child.

“In general, these video chatting apps are probably pretty popular, and you’ll probably have the same challenges,” said Heather Federman, vice president of privacy and policy for BigID, a data privacy firm.

Designing with privacy in mind was a challenge even before the pandemic, Federman said. The financial incentives are just not there for developers to prioritize it.

“The problem is highlighted right now, but I don’t see that changing,” she said.

Both Goodman and Hertz were also skeptical that privacy would come to the forefront anytime soon. “Apps still get rewarded for user experience,” Goodman said. “Sadly it’s up to enterprise security people and savvy users to be careful.”

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Every app on my phone has decided I need AI, and none of them bothered to ask
AI assistants are invading everything from photo libraries to messaging apps, and dismissing them only seems to guarantee they’ll return later.
Electronics, Phone, Mobile Phone

My wife doesn’t use AI very much. She isn’t philosophically opposed to it, nor is she waiting for the machines to overthrow civilization. She simply opens Google Photos because she wants to look at her photos.

Lately, however, the app keeps greeting her with invitations to try its AI tools. Google would very much like her to search her library conversationally, generate something new, or ask Gemini to edit a photo. She dismisses the prompt, gets on with her life, and eventually meets it again.

Read more
Shopping for Back-to-school? These are the gaming laptops I’d recommend
Powerful enough for AAA games, practical enough for everyday lectures, assignments, and everything in between.
oled gaming laptop

Every gamer knows the pain of trying to do too much with the wrong hardware. Back-to-School is the perfect excuse to fix that. A good gaming laptop shouldn’t just hit high frame rates -- it should also survive endless browser tabs, assignments, coding sessions, video edits, and everything else college throws at it. These five machines strike that balance better than most, which is exactly why they’d be my picks this semester.

Alienware 16 Aurora

Read more
Google’s AI just recreated the best goal ever by Pele that was never actually filmed
My heart is full after watching the clip, and it will bring tears of joy to every true football fan.
Pele footballer.

If you look at the AI landscape, a majority of its usage in the film and television industry has been pretty controversial. Bringing dead actors to life on a screen, using AI to record vintage songs that were never completed, or just using it to film scenes or handle any other part of the creative process — the backlash has been pretty vocal. But there are a few slivers of hopeful AI usage, too, and Google just delivered one of those in a heartwarming fashion using Gemini AI.

I wonder the world never archived

Read more