The coronavirus pandemic and lockdown have forced organizations to make dramatic changes over a short period of time. One of the biggest changes has been the shift to a remote workforce nationwide. Because of the abruptness and speed of that transition, proper cybersecurity has not necessarily been followed, prompting cybercriminals to level more attacks against remote workers, devices, and assets.
Based on a recent survey by security provider Keeper Security looks at the types of threats aimed at organizations with remote workers and offers advice on how to better protect your workforce. Sponsored by Keeper Security and conducted by Ponemon Institute, the survey reached 2,215 IT and security workers in the US, UK, and other countries. The objective was to determine how the cybersecurity of organizations has been affected by the move to telework.
All the respondents to the survey were in organizations that furloughed or shifted their employees to remote work because of COVID-19. Before the coronavirus, around 22% of them had remote workers; now around 58% of them maintain a remote workforce. And since the transition, 60% of the organizations surveyed have seen a rise in cyberattacks.
Among the respondents in the US, 63% have witnessed an increase in phishing and social engineering, 52% noted a jump in credential theft, and 50% reported a rise in account takeovers. Other types of threats that have plagued organizations this year include general malware, Distributed Denial of Services (DDoS) attacks, web-based attacks, malicious insider attacks, compromised and stolen devices, and advanced malware and zero-day attacks.
Many of the threats have been able to sneak past traditional security protection. Some 51% of the respondents said that malware and other exploits were able to evade their intrusion detection systems, while 49% said that such threats got past their antivirus tools. As such, only 44% of those surveyed rated their security measures as effective, down from the 71% who offered the same opinion prior to the pandemic.
The survey also elicited thoughts and concerns as to how the shift to remote working has impacted cybersecurity defenses.
Lack of security. Almost half of the respondents said they worry about the lack of security in a remote worker's environment. Specifically, IT and security professionals are most concerned about their inability to manage or control a remote worker's physical security.
Risks to data. Respondents also worry about the risks to sensitive data. Some 71% of those surveyed said that remote workers put the organization at risk for data breaches, while 57% said that such workers are prime targets for cybercriminals looking to exploit various vulnerabilities.
Inability to respond to cyberattacks. Caught off-guard by the abrupt lockdown, respondents said their organizations were not prepared for the effect it would have on their ability to respond to a cyberattack. Some 56% said the time required to respond to an attack has increased, while 42% said their organizations have no understanding of how to defend against attacks due to remote working.
Vulnerabilities caused by Bring-Your-Own-Device (BYOD). Some 67% of the respondents said that the use of personal devices by remote workers to access business-critical applications and assets has hurt their security posture. Smartphones, laptops, and mobile devices are now considered the most vulnerable endpoints.
Budget constraints. Only 45% of those surveyed said their organization's security budget is sufficient for handling cybersecurity risks caused by remote workers. Just 39% said their organizations have the expertise required to manage and mitigate risks triggered by remote working.[1]
How to make your organization more secure.
To better manage and improve your cybersecurity posture amid this shift to remote working:
- Require all remote workers to use authentication methods, preferably multi-factor authentication.
- All employees should receive cyber threat training that covers phishing techniques and social media postings.
- All data in transmission and at rest should be encrypted.
- Make sure remote workers who are using their own devices (BYOD) have enabled basic security features such as a PIN, fingerprint, or facial ID feature.
- Ensure that the access to sensitive and confidential information given to remote employees is based on their role and responsibility.
- Secure all types of remote worker devices including desktop and laptop computers, smartphones, and tablets against common threats.
- Require remote workers to keep computers and mobile devices patched and updated.
- Join and become active in your local Infragard chapter, there is no charge for membership. infragard.com
- Educate remote workers on how to recognize unusual or suspicious activity on devices being used for remote working and then contact your organization's help desk or security center to report the activity.
- Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.
- To increase the security of remote working, organizations should require periodic password changes, prohibit employees from reusing the same passwords on internal systems, and require minimum password lengths.
Red Sky Alliance has been analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports.
The installation, updating, and monitoring of firewalls, cybersecurity, and proper employee training are keys to blocking attacks. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence REDSHORT Briefings:
Created for security managers, by security professionals, focused on sharing information for the good of the infosec community.
https://attendee.gotowebinar.com/register/8782169210544615949
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
[1] https://www.techrepublic.com/article/how-to-improve-the-cybersecurity-of-your-remote-workers/
Comments