Businesses are overconfident about the state of their security
N.F. Mendoza Tech Republic
60% of remote workers use personal devices, many without protection from their business’ cybersecurity, a new report found.
Despite an uptick in cyberattacks during the COVID-19 crisis, a new study from CrowdStrike reports that 50% of worldwide top-level leaders surveyed think serious cyber crime is in the same state as it was before the pandemic.
CrowdStrike, a cybersecurity tech company, revealed that 89% of decision makers and business leaders believe their companies are not at greater risk of a cyberattack while employees work from home.
But nothing could be further from the truth, according to the report: There was a 100-times increase in COVID-19-themed malicious files in April. Businesses are not properly educating employees about emerging threats. CrowdStrike reported twice as many intrusions in Q1 2020 as it did in all of 2019.
“There’s no sign of these attacks slowing down, which aligns with the spike in remote working due to the pandemic,” said James Yeager, vice president of public sector and healthcare at CrowdStrike. Cybersecurity education needed ASAP
Further, more than half (53%) of poll participants admitted their company has “not provided any additional cybersecurity training on the risks associated with remote work,” cited the report.
CrowdStrike’s “World Security Index” also showed that 60% of employees use their personal devices as they work remotely, and, likely without the security of the company’s cyber protection.
In a May 4 blog post, CrowdStrike cited the reasons cybersecurity is desperately needed:
- Use of personal devices and email for business or handling sensitive information
- Provisioning corporate assets to support remote working arrangements
- Proper deployment and configuration of remote services, corporate VPNs and related two-factor authentication methods.
Bad actors are keenly aware of these vulnerabilities and are ready to take the opportunity for a cyberattack. The results of the survey and the attitude of business leaders confirms the need to look closely at what security measures the company is taking so they do not further make it easier for criminals.
Vulnerability invites threats
Threats include phishing, e-crime, targeted intrusion, targeting remote services, vishing robocalls, and tech-support scams, according to CrowdStrike. Therefore, it’s critical that businesses and employees become vigilant of the potential cyber threats as they make transitions to alternative business continuity plans, and that they are informed of the immediate steps they can take to mitigate potential risks, the report said.
“Cybercriminals are using people’s fear, and shifted workplace environments to benefit themselves financially through the use of stolen data,” said Michael Sentonas, chief technology officer at CrowdStrike, said in a press release.
Yeager said, “Cyberattacks are not slowing down, so business leaders should confidently predict a rise in the current trajectory of threat activity, and ensure they take a more proactive stance to defend against them.”
Security changes are quickly needed because “there’s no sign of these attacks slowing down, which aligns with the spike in remote working due to the pandemic,” Yeager said. “This tells us that devices are vulnerable and more needs to be done in order to protect and defend them against both e-crime and nation-state threats.”
“As more work is conducted from home, and in many cases on personal devices, businesses must stay vigilant, ensuring that their employees are trained on possible risks and taking the necessary precautions to maintain security of their networks, devices and data,” Sentonas added.
“Organizations, now more than ever, are in a position where they must be aggressive about their own digital transformation or they will not survive,” Yeager stressed. “With remote workforces and the nature of work requiring a growing digital footprint, business leaders, boards and IT decision makers have to accept that a slew of sudden and profound cybersecurity challenges is already here.”
Yeager continued: “This means a flexible and robust cybersecurity posture and diligent cybersecurity training program is required—but not an afterthought. As companies flex to align with shelter-in-place guidelines and empower their employees to work from home, security has to be one of the first items addressed.”
CrowdStrike recommends adopting a strong defensive posture by ensuring that remote services, VPNs and multifactor authentication solutions are fully patched and properly integrated, and by providing security awareness training for employees working from home.
And the results could end up quite positive, Yeager said. “As communities work to define and adapt to a new normal, we will certainly see the impact of widespread shelter in place impact businesses for some time. We’ve already seen an increase in usage of cloud-based collaboration solutions, telemedicine. As more work is done remotely, it’s likely we will see a shift to performing some functions remotely in a more sustained manner, after the pandemic subsides.”
This is notable, he added, “For organizations who realize some of the financial benefits and operational efficiencies gained during the early stages of the crisis. This means that a distributed workforce and broader use of devices and new software solutions are likely to be a part of organizations ‘new normal’, which they will need to be vigilant about from a security standpoint.”
The information was gathered by YouGov from April 14 to 29, and polled 4,048 top executives at businesses in the US, Japan, Australia, German, Great Britain, India, Singapore, the Netherlands, and France.