The COVID-19 pandemic has exacerbated the minefield of cyber and technology risks that businesses are contending with on a daily basis. Many companies have had to react quickly to address new risks to their infrastructure, endpoints, and mission-critical data. They’ve also had to respond to new challenges created by the work-from-home (WFH) environment - from closing security gaps with new technology, to educating now-remote employees to avoid phishing attacks and practice good cyber hygiene, to strengthening the protection of third-party apps needed to work from home.
No matter how comprehensive a company’s cyber readiness is, cyber criminals are nearly always one step ahead. As Candid Wüest (pictured), vice president of Cyber Protection Research at Acronis explained: “The cyber attackers and criminals are quick to adapt. We’ve seen it in the past, where criminals have been very fast in adapting to major events, such as a big earthquake, and then creating nice looking lures that play on the fear and the uncertainty of the people.”
This trend has once again reared its ugly head during the COVID-19 pandemic. According to the recently published Acronis Cyber Readiness Report 2020, 31% of companies around the world have experienced a cyberattack at least once a day during the pandemic, and 9% of companies said they’ve been targeted at least once an hour.
The Acronis report, which is based on a survey of 3,400 IT managers and remote workers from 17 countries across four continents, shows that hackers have plagued companies with phishing campaigns, distributed denial of service (DDoS), and video conferencing attacks during the pandemic. Canadian companies were among the most affected by videoconferencing attacks, with approximately 50% of Canadian respondents highlighting this as a key problem over the past few months.
“Most companies already had some kind of video conferencing installed [pre-pandemic], but, of course, the sheer usage of it spiked and skyrocketed over the past few months,” Wüest told Insurance Business. “During the pandemic, we’ve seen more cybercriminals using video conferencing tools for phishing. So, you would receive an invite for a Zoom meeting or a Microsoft Teams meeting, but it’s not a real meeting, it’s just [the hacker] trying to get [access to] your password when you log in. There were also instances of Zoom bombing, where people guess the password or try to find Zoom meetings without a password, and then login and do something disruptive in the background.”
Companies will have to find ways to mitigate some of these remote work risks … and fast. According to the Acronis report, only 12% of employees worldwide want to return to office-based work full-time. Rather, employees are calling for a new normal, with the majority of Canadian respondents calling for a ‘30% office / 70% remote’ split.
“There’s a multitude of things that companies can do [to protect themselves with more people working remotely], starting with proper communications and policies, and really defining what employees should and shouldn’t do,” said Wüest. “A lot of the respondents said they have never received any clear guidance around questions like: ‘Which video conferencing system should I use? Which file sharing service should I use? What password management system should I use?’
“But then, of course, we will also have the issue that remote support is usually a bit more tricky. For example, if something breaks down, how do you get that employee a new replacement machine? Can you just send them to the next electronic shop and get it done there, or can you have a local distributor where you send an image and they will reimage a new laptop and get it out to the employee? The logistics can be challenging.”
Another thing companies need to think about with more remote working and remote services is how to keep systems updated with regular patching. With more employees working from home, companies no longer have the guard of a local firewall or intrusion detection system.
“In this era of remote work, employees are working on the same network that maybe their children are using to play Fortnite or stream video games. There might be more suspicious and targeted devices on the home network [than there would be on an office network],” Wüest commented. “And it’s likely that the broadband router and wireless access point is weaker on the home network as well. As we all know, hardly anybody checks if there are updates that need to be applied to routers, and nobody really knows if the default password has actually been changed. So, if companies are to be cyber ready for the new normal of remote work, we probably all need to do better at protecting our home networks as well.”
