Protecting Organization From Cyber-Threats: Business at Risk During COVID-19

The pandemic-era pivot to remote work was meant to be temporary. It was not. Five years on, the threat model that emerged in 2020 is now the default. The companies that adapted built durable defences. The ones that bolted-on quick fixes are still paying the bill in breaches.

Here is what changed permanently and how to defend against it today.

What actually changed

• The perimeter dissolved. Work happens wherever the laptop is, on whatever network the user finds.
• SaaS adoption accelerated by years. Most companies now depend on dozens of cloud apps that the security team did not pick.
• Identity became the new control plane. If you cannot trust the network, you have to trust identity, which means identity has to actually be trustworthy.
• Endpoint hygiene drifted. Personal devices, family-shared machines, and unpatched home routers all enter the trust boundary.
• Phishing got better. Remote workers cannot easily turn to the colleague at the next desk to ask "is this real?"

The threats that thrived

• Business email compromise. Wire-transfer fraud and vendor-impersonation scams that prey on isolated approvers.
• Credential phishing. Lookalike SSO pages harvesting passwords and session cookies in real time.
• Ransomware via remote access. Exposed RDP, weak VPN credentials, and unpatched edge devices as the entry point.
• Cloud misconfiguration. Rushed migrations leaving buckets, databases, and admin panels open to the internet.
• Supply-chain compromise. Attackers move upstream into a vendor and inherit access to every customer.

The controls that work in a permanently distributed world

The pattern that worked converges on a small set of disciplines:

• Identity-first security. Centralise on one identity provider, enforce MFA everywhere, prefer passkeys for high-value roles, and tie every SaaS purchase to SSO from day one.
• Zero trust networking. Replace flat VPNs with per-application access brokered by identity and device posture.
• Endpoint posture as input. Disk encryption, OS patch level, EDR running. If any check fails, access is reduced or denied.
• Risk-based authentication. Step up to MFA on unusual sessions, sensitive actions, and access from new devices.
• Phishing-resistant MFA for admins. Hardware keys or passkeys, not SMS.
• Out-of-band confirmation for money movement. Wire transfers, vendor-bank-detail changes, payroll edits. Always a second channel.
• Cloud security posture management. Continuous scanning of cloud configs for the misconfigurations that cause most breaches.
• Tabletop exercises. Practise the ransomware day, the BEC day, the cloud breach day, before you have to live one.

The people piece

Remote teams need different security culture. Make reporting suspicious activity socially easy. Normalise slowing down on payment changes. Run short, frequent phishing simulations and reward reports, not punish clicks. Security awareness is not a poster in the break room any more, because there is no break room.

The bottom line

The pandemic accelerated trends that were already underway. The companies that treated 2020 as a permanent change in operating model came out stronger. The ones that kept waiting to "go back" are now the easiest targets in their sectors. Build for the world you actually live in.