Chester Wisniewski, a principal research scientist at security outfit Sophos, told iTWire during an interview: "I see no evidence of that [and ] I have no idea what they're talking about. The number of attacks related to the pandemic, of course, have increased dramatically, but the total number of attacks hasn't changed.
"We saw attacks change from fake shipping notices into 'you've got COVID, click here'. But we didn't see an increase in the number of attacks at all, not an increase in the number of spam attacks, not an increase in the number of ransomware attacks."
Wisniewski said he had not seen a dramatic change in any of the numbers in Sophos' data from the beginning of the year. "So if we look at January, February, we don't see a big change from January, February versus March and April," he added.
He has helped organisations design enterprise-scale defence strategies, has served as the primary technical lead on architecting Sophos' first email security appliance, and also consulted on security planning with some big global brands.
A great deal of the interview with Wisniewski focused on how things would look post-COVID, and he agreed that there would be some changes as compared to the period before the lockdown.
For one, he said employers would be keen to look at any savings that could be made by continuing with some COVID-era practices, without jeopardising the welfare of employees.
He pointed to his own organisation as an example. "Look at the real estate that Sophos has here in Vancouver for 300 staff. And that square footage in that building costs us a fortune in the CBD. If we could cut the amount of square footage in half, the savings would be monumental to the company just for the space, let alone the coffee and the other perks."
Wisniewski said adapting to a return to office would mean different things, depending on the industry. Sectors like shipping, logistics and manufacturing tended to have a somewhat immature security model compared to sectors like finance, technology and government. And the bigger the organisation and the bigger the IT staff,. the less the issues that would be encountered.
But the fact that organisations, in general, had been moving towards a zero trust networking model would ensure that there was no calamity when people went back to work. Wisniewski pointed to the fact that today more than 90% of sites were using encryption, a far cry from the situation a decade ago.
"You know, when [Edward] Snowden leaked all the NSA stuff, less than 20% of all the websites in the world were encrypted. Everything was leaking everywhere. We were worried about Wi-Fi security, we were worried about VPNs, we were worried about this, we were worried about that. Now it's over 90% of all websites in the developed world that are encrypted and the 10% that aren't are literally like an eight-year-old soccer blog for your kids League Soccer that's not maintained anymore.
"So the safety of using TLS encryption means that I don't really care if your home Wi-Fi isn't perfect. Or if you're working from the local cafe, it doesn't matter anymore. We're generally using the same safety no matter where we are. What's important is that visibility and monitoring where I started out with is present no matter where I'm at.
"I need to know that your computer is safe, that it's, you know, patched or it's up-to-date, that your security software is not turned off. I need to know those things are in place, no matter where you are, whether you're at the cafe, whether you're at home, whether you're at the office. And if we accomplish that, then it's up to the business to decide if they're for it. I don't really think there's that much security risk."
He anticipated that some machines, taken home by workers to use during the lockdown, would need a rash of patches. But again, these were not the majority. There were some organisations where machines needed to be on the internal LAN to receive their weekly or monthly dose of patches.
"We've had some of this internally where we use Microsoft System Centre Configuration Manager to manage some of our machines. Then other machines, we were managing patches externally through just controlling which Windows Updates got automatically downloaded from Microsoft.
"All the machines that were pointed at Microsoft, no matter where they're in the world, they've been getting their updates according to policy. And we've been able to keep an eye on that.
"But a few of the legacy machines, the four- and five-year-old machines that we were just getting ready to replace, some of those were pointed at internal update points. So they are only getting updates when they VPN in; the problem is the user may only VPN in for a half an hour a day and never get that two gigabyte Windows Update downloaded. And that that update may not have happened."
Wisniewski said he had suggested the equivalent of quarantine for unpatched machines. "I've been recommending that organisations look at creating, either bringing those machines in onto the guest Wi-Fi, or creating a quarantine Wi-Fi, until IT is able to give a quick check of those machines to be sure they're fit for duty."
He said he did not anticipate a rash of malware infections when people returned to work. "I would hope not to see too much on the malware infection side. From what I'm seeing, nothing has gotten particularly worse. I think the biggest thing is going to be regulatory and data being spread around places it doesn't belong.
"You know, I think there's going to be a lot of company documents shared in places they don't belong. Policies breached, that kind of stuff. I think it's prudent to make sure those patches are in place. And you know, antivirus stuff.
"But to be honest, I don't expect that to be a big problem. I don't think we're going to see big outbreaks when people come back. One of the things we'll see is some that shadow IT will continue to be used even though it may be prohibited by policy."