… we should bolster security practices and policies instead of dwell in complacency, as one US survey seems to indicate that remote-working may at risks of Cybersecurity Threats.
By now, the whole world knows that the massive global move to remote-working has attracted more cyber attackers and scammers. In yet another survey, the results point to the same trend.
This time, cybersecurity solutions firm Malwarebytes has chipped in with more figures from its survey of 200 IT and cybersecurity decision makers from small businesses to large enterprises in the USA.
Their study shows 20% of respondents that said they had faced a security breach as a result of a remote worker. This in turn led to higher costs, with 24% of respondents saying they paid unexpected expenses to address a cybersecurity breach or malware attack following shelter-in-place orders. In addition, 28% of respondents admitted they were using personal devices for work-related activities more than their work-issued devices, which could create new opportunities for cyberattacks.
This figure becomes more problematic next to another survey result, which indicated that 61% of respondents’ organizations did not urge employees to use cybersecurity solutions on their personal devices.
Said Marcin Kleczynski, Malwarebytes’ CEO and co-founder: “Many organizations failed to understand the gaps in their cybersecurity plans when transitioning to a remote workforce, experiencing a breach as a result. The use of more, often unauthorized, devices has exposed the critical need for not just a complete, layered security stack, but new policies to address work from home environments. Businesses have never been more at risk and hackers are taking notice.”
AveMaria and NetWiredRC in the limelight
Cybercriminals have learned to take advantage of improperly-secured corporate VPNs, cloud-based services, and business email—all which could be used for infiltration of corporate assets. There has also been a surge in COVID-19-related phishing emails containing commercial malware such as AveMaria and NetWiredRC. These two allow hackers to gain access remote desktops, webcams, password data and more. Incidents involving AveMaria have risen by 1,219% from January to April 2020 (targeting large enterprises), those involving NetWiredRC had risen by 99% from January to June (primarily targeting small- and medium-sized organizations).
Despite the known increase in cyberthreats, the report observed that businesses appear to have a high level of confidence about the transition to working from home, with roughly three quarters (73.2%) of those surveyed giving their organizations a score of 7 or above on preparedness for the transition to WFH.
A majority of companies with fewer than 700 employees (84.1%) moved more than half of their workforce, but not all (61–80%). On the other hand, companies with at least 700 employees opted to move almost all their workforce home (81–100%).
In the wake of this shift, 45% of polled organizations did not perform security and online privacy analyses of software tools deemed necessary for WFH collaboration. Also, 61% provided work-issued devices to employees as needed but 65% of respondents’ organizations did not deploy a new cybersecurity solution for those same devices.
Readers interested in Asian cyberthreat statistics can refer to various articles and expert opinions already published in CybersecAsia.net.