Stay-at-home call puts focus back on security

With the government having changed its advice to encourage those who can work from home to continue doing so, the security channel is being advised that it needs to stay on high alert to protect vulnerable remote workers.

Throughout the Covid-19 pandemic, people working from home have been targeted by cyber criminals looking to exploit staff who are removed from the safety of their corporate environment.

With the prime minister announcing earlier this week that the latest advice is to stay at home where possible, just weeks after he had been encouraging people to return to offices, the focus has returned to protecting those operating well beyond the usual corporate perimeter.

Sridhar Iyengar, managing director at Zoho Europe, expressed some of the frustration felt by many at the changing advice, saying: “Employers and workers in all businesses will likely be facing some stress and confusion, as the government’s advice on home working shifts once again. The right tools, coupled with the right leadership and culture, can make all the difference between a business flourishing and failing.

“Employing some level of continuity and flexibility in business models is essential in enabling workplaces to seamlessly adapt to the ongoing situation.”

Iyengar added that a hybrid-working approach would give staff the right tools and help maintain company culture.

Cyber criminals are waiting to exploit anyone who fails to take the right approach to working from home.

“Current events have created a new set of opportunities for cyber criminals,” said Vincentas Grinius, CEO at Heficed. “Hackers have been exploiting increased dependency on solid network infrastructures and exposed their shortcomings that previously may have been set aside.

“The market is still experiencing quite an aftershock of the first Covid-19 wave, and until the dust settles, it is unlikely that scammers will stop searching for weak spots to take advantage of.”

Heficed has been tracking a steep rise in the number of attacks launched this year, up by 300%.

“We have definitely noticed a sharp increase in abuse and cyber attacks during the pandemic period,” said Grinius. “However, it is also clear that this new trend is not going away any time soon.

“A crisis like this increases distress and vulnerability, which cyber criminals aim to exploit. As hackers are getting more sophisticated, we must become more inventive, predictive and adaptive. It is the online community’s imperative to ensure people’s security and understand that what happens on the internet often translates into the real world.”

WatchGuard has also been monitoring a rising level of attacks and warned that criminals are becoming more sophisticated in trying to trick vulnerable targets.

The firm has released its latest Internet security report, and the headline findings indicate that although there was an 8% decrease in overall malware detections in the second quarter of 2020, 70% of all attacks involved zero-day malware, representing a 12% increase over the previous quarter.

“Businesses aren’t the only ones that have adjusted operations due to the Covid-19 pandemic – cyber criminals have too,” said Corey Nachreiner, CTO of WatchGuard.

“The rise in sophisticated attacks, despite the fact that overall malware detections declined in Q2, likely due to the shift to remote work, shows that attackers are turning to more evasive tactics that traditional signature-based anti-malware defences simply can’t catch.

“Every organisation should be prioritising behaviour-based threat detection, cloud-based sandboxing, and a layered set of security services to protect both the core network, as well as remote workforces.”

As well as facing rising threats, it has also become clear that the challenge of increasing staff security training has been too much for many companies.

Specops Software found that, on average, just 29% of business sectors have initiated additional cyber security training. The overwhelming majority of staff (94%) saw it as the responsibility of their company to keep them up to date with training.

“The fact of the matter is that you can put as many security systems and procedures in place as you wish, but usually the weakest link is always the human being involved,” said Darren James, Specops Software’s cyber security expert. “Providing cyber security training is essential.

Subjects such as password hygiene, email scam/phishing/malware awareness and social media usage are important and the more attention we can bring to it via training at work, the less likely people in general will fall victim to these crimes.”