While the COVID-19 pandemic has been raging, workers obliged to log in from home have become increasingly vulnerable to hacks as criminals look to exploit the attack surface that more remote working has created.
In a report published in April, security software firm Sophos found that 37% of organisations were hit by ransomware in 2021 in the previous 12 months, while successful encryption of data by hackers stood at just over 50%. Overall, the picture seems to be looking a bit better for businesses, but the continued prevalence of WFH means they are by no means out of the woods. Fewer hacks might mean bigger hacks, and theft rather than encryption might be the new focus, as might more powerful, more dangerous tools.
A mixture of working from home, BYOD (Bring Your Own Device) computers and the increased use of personal mobile devices to connect to the Internet creates even more opportunity for cyber criminals. Phishing and man-in-the-middle attacks are the most favoured weapons, and users often don’t even know they’ve been hacked until it’s too late. In these cases, it is people who are the weakest link and even skilled, knowledgable IT departments struggle to protect them in these situations. Virtual private networks (VPNs) can help, but experts point out that they don’t work well with mobiles and present an open goal in terms of gaining access to an organisation’s wider infrastructure, not just the host device.
Businesses are encouraged to adopt policies such as 2FA and Zero Trust Network Access (ZTNA) as well as privileged access management solutions. Security systems need to cover multiple platforms and focus on the dominant operating system, which is currently Windows, rather than cater for all. An effective multi-site backup strategy is also strongly encouraged.
Source: ITPro
Informed Sauce is hosting an Infinidat-sponsored event in London on 2 December about protecting businesses from cyber crime.
Short talks from the Metropolitan Police, a military-trained cyber threat expert and sponsor Infinidat’s EMEA Field CTO will be followed by a panel-led, room-wide moderated discussion, with plenty of opportunities for you to contribute your thoughts and ask questions.
Visit the event microsite for more details and to sign up.