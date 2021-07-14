On the morning of June 15, 2020, several employees at one of the world’s largest social networking companies received a call from a colleague in the IT department asking them to provide credentials to an internal customer service portal. A handful of them offered the information and went on with their day.

That seemingly routine call from the IT department, however, was actually a spear-phishing attack by a Florida teenager. By late afternoon, the company was under attack. The teen and two accomplices had taken over some of the platform’s most prominent user accounts, including politicians and billionaire CEOs, and used them to bilk platform users out of roughly $120,000 through a bitcoin scheme.



The attack was only the most public example of a deeply troubling trend: Hackers—from teenagers to foreign governments—are exploiting vulnerabilities created in organizations by the move to remote work in response to the pandemic. As early as April, the government reported a 400 percent increase in cyberattacks compared to before the covid-19 crisis. According to experts, one key issue is that organizations simply aren’t set up to protect themselves when their employees are geographically distributed. “With remote work, traditional control policies that expect people to only be connecting to their applications or their data sources from within the enterprise are now gone,” explained Jason Keenaghan, zero trust strategy leader at IBM Security. “And it’s opened up an exposure to enterprises.” The increase in

daily cyberattacks immediately

after the covid-19 crisis began.

The attack was only the most public example of a deeply troubling trend: Hackers—from teenagers to foreign governments—are exploiting vulnerabilities created in organizations by the move to remote work in response to the pandemic. As early as April, the government reported a 400 percent increase in cyberattacks compared to before the covid-19 crisis. According to experts, one key issue is that organizations simply aren’t set up to protect themselves when their employees are geographically distributed. “With remote work, traditional control policies that expect people to only be connecting to their applications or their data sources from within the enterprise are now gone,” explained Jason Keenaghan, zero trust strategy leader at IBM Security. “And it’s opened up an exposure to enterprises.”

Organizations aren’t defenseless, however. In response to this new threat environment, institutions are turning to a security approach first conceptualized a decade ago and which has become increasingly popular in recent years. The approach relies on a simple premise: trust no one.