For the recently published cybersecurity report, the security solutions provider Malwarebytes surveyed IT and cybersecurity decision-makers. Accordingly, there is an increase of 20 percent in cybersecurity violations as a result of home office due to Covid-19. […]
The newest Cybersecurity Report “Enduring from Home – Impact of Covid-19 on Corporate Security” from Malwarebytes, a provider specializing in security solutions, combines its telemetry with the results of a survey of 200 IT and cybersecurity decision-makers from small businesses to large corporations. The aim is to uncover security gaps in the new work situation that many people are unfamiliar with.
The data shows that the potential for cyberattacks and security breaches has increased since organizations switched to a work-from-home (WFH) model. 20 percent of respondents say they have faced a security breach by a remote worker since the pandemic began. There is a cost to this: 24 percent of respondents say they have to pay for unexpected costs of fixing a cybersecurity breach or malware attack.
In addition, 28 percent of respondents say they also use personal devices, which opens up new opportunities for cyber attacks. This number becomes even more problematic when you look at another poll figure that shows that 61 percent of the organizations surveyed do not ask their employees to use security solutions on their personal devices.
“The fundamental move to work in the home office has dramatically underscored the need for a comprehensive security concept as well as IT instructions and training to prevent security breaches,” said Marcin, CEO and co-founder of Malwarebytes. Many organizations would not have fixed the loopholes in their cybersecurity plans when they moved to a remote workforce and had security issues as a result. Kleczynski warns, “The use of more, often unauthorized, devices reveals the urgent need not only for a complete, multi-level security model, but also reveals new guidelines for working from home. Companies have never been at greater risk than they are now and hackers are becoming more active. “
More attacks, lack of security awareness
In terms of the threat landscape, security researchers at Malwarebytes observe that cyber criminals specialize in exploiting improperly secured corporate VPNs, cloud-based services, and business emails. The number of phishing emails that use Covid-19 as bait has also risen sharply. These emails contain malware like AveMaria and NetWiredRC that allow remote desktop access, webcam control, password theft, and more. Data from Malwarebytes shows AveMaria saw a huge 1,219 percent increase from January to April 2020. According to this, AveMaria mainly targets large companies. Similarly, the security researchers at NetWiredRC observed a 99 percent increase from January to June 2020, with small and medium-sized companies primarily in their sights.
“Threat actors are adapting quickly to find new ways to capitalize on the new work situation,” said Adam Kujawa, director of Malwarebytes Labs. “We have seen a significant increase in attacks on cloud and collaboration tools. This shows us that we need to reassess cybersecurity in terms of these tools and the vulnerabilities of working in distributed environments in order to contain threats more effectively. “
Nevertheless, the companies seem to have a high degree of confidence in the transition to working from home, as around three quarters (73.2 percent) of the respondents gave their organizations a score of 7 or more in preparation for the transition to the WFH (scale 1- 10; 10 maximum points). In the course of the move to the home office, however, 45 percent of the organizations did not carry out the necessary security and online data protection analyzes of software tools. Although 61 percent of the organizations provided their employees with devices for work when required, 65 percent had no virus protection solution installed for these devices.
Those interested can find more information in Blog by Malwarebytes.