Malwarebytes announced the findings
from its latest report, Enduring from Home: COVID-19's Impact on Business
Security. The report combines Malwarebytes telemetry with survey results from 200
IT and cybersecurity decision makers from small businesses to large enterprises
to unearth new security concerns in remote work environments.
The data showed that since
organizations moved to a work from home (WFH) model, the potential for
cyberattacks and breaches has increased. In fact, since the start of the
pandemic, 20 percent
of respondents said they faced a security breach as a
result of a remote worker. This in turn led to higher costs, with 24 percent of respondents saying they
paid unexpected expenses to address a cybersecurity breach
or malware attack following shelter-in-place orders.
In addition, 28 percent of respondents admitted
they're using personal devices for work-related activities more than their
work-issued devices, which could create new opportunities for
cyberattacks. This figure becomes more problematic next to another survey
result, which indicated that 61 percent of respondents' organizations did not
urge employees to use antivirus solutions on their personal devices.
"Our fundamental shift to
working remotely has dramatically underscored the need for comprehensive
security, as well as IT guidance and training to avoid breaches. Many
organizations failed to understand the gaps in their cybersecurity plans when
transitioning to a remote workforce, experiencing a breach as a result," said
Marcin Kleczynski, CEO and co-founder of Malwarebytes. "The use of more, often
unauthorized, devices has exposed the critical need for not just a complete,
layered security stack, but new policies to address work from home
environments. Businesses have never been more at risk and hackers are taking
notice."
On the threat landscape,
Malwarebytes observed that cybercriminals have adapted to take advantage of
improperly secured corporate VPNs, cloud-based services, and business email-all
which could be used for infiltration of corporate assets. There has also been a
surge in phishing emails that use COVID-19 as a lure to cover up malicious
activity. These emails contain commercial malware, such as AveMaria and
NetWiredRC, which allow for remote desktop access, webcam control, password
theft and more. Malwarebytes data showed that AveMaria saw a bump of 1,219 percent
from January to April 2020, an enormous increase from
2019. According to Malwarebytes telemetry, AveMaria mostly targeted large
enterprise businesses. Similarly, NetWiredRC
observed a 99 percent increase in detections from January to June, primarily
targeting small- and medium-sized organizations.
"Threat actors are adapting
quickly as the landscape shifts to find new ways to capitalize on the remote
workforce," said Adam Kujawa, director at Malwarebytes Labs. "We saw a
substantial increase in the use of cloud and collaboration tools, paired with
concerns about the security of these tools. This tells us that we need to
closely evaluate cybersecurity in relation to these tools, as well as the
vulnerabilities of working in dispersed environments, in order to mitigate
threats more effectively."
Despite this, companies
appear to have a high level of confidence about the transition to working from
home, with roughly three quarters (73.2 percent) of those surveyed giving their
organizations a score of 7 or above on preparedness for the transition to WFH.
A majority of companies with less than 700 employees (84.1 percent) moved more
than half of their workforce, but not all (61-80 percent). On the other hand,
companies with at least 700 employees opted to move almost all their workforce
home (81-100 percent). In the wake of this shift, 45 percent of respondents' organizations
did not perform security and online privacy analyses of
software tools deemed necessary for WFH collaboration. And frightfully, while
61 percent of respondents' organizations provided work-issued devices to
employees as needed, 65
percent of respondents' organizations did not deploy a new antivirus solution for
those same devices.
For a detailed look at the
full report, visit:
https://resources.malwarebytes.com/files/2020/08/Malwarebytes_EnduringFromHome_Report_FINAL.pdf