20 percent of companies working remotely have suffered a breach
Since organizations have shifted to a work from home model, the potential for cyberattacks and breaches has increased. In fact, since the start of the pandemic, 20 percent of respondents say they faced a security breach as a result of a remote worker.
New research from Malwarebytes shows that this in turn has led to higher costs, with 24 percent of respondents saying they paid unexpected expenses to address a cybersecurity breach or malware attack following shelter-in-place orders.
In addition, 28 percent of respondents admit they're using personal devices for work-related activities more than their work-issued devices, which could create new opportunities for cyberattacks. This figure becomes more problematic next to another survey finding, which indicates that 61 percent of respondents’ organizations did not urge employees to use antivirus solutions on their personal devices.
"Our fundamental shift to working remotely has dramatically underscored the need for comprehensive security, as well as IT guidance and training to avoid breaches. Many organizations failed to understand the gaps in their cybersecurity plans when transitioning to a remote workforce, experiencing a breach as a result," says Marcin Kleczynski, CEO and co-founder of Malwarebytes. "The use of more, often unauthorized, devices has exposed the critical need for not just a complete, layered security stack, but new policies to address work from home environments. Businesses have never been more at risk and hackers are taking notice."
Malwarebytes observes that cybercriminals have adapted to take advantage of improperly secured corporate VPNs, cloud-based services, and business email -- all which could be used for infiltration of corporate assets. There has also been a surge in phishing emails that use COVID-19 as a lure to cover up malicious activity. These emails often contain commercial malware, such as AveMaria and NetWiredRC, which allow for remote desktop access, webcam control, password theft and more. Malwarebytes' data shows that AveMaria saw a massive jump of 1,219 percent from January to April 2020.
"Threat actors are adapting quickly as the landscape shifts to find new ways to capitalize on the remote workforce," say Adam Kujawa, director at Malwarebytes Labs. "We saw a substantial increase in the use of cloud and collaboration tools, paired with concerns about the security of these tools. This tells us that we need to closely evaluate cybersecurity in relation to these tools, as well as the vulnerabilities of working in dispersed environments, in order to mitigate threats more effectively."
The full report is available from the Malwarebytes site.
Image credit: Rawpixel.com / Shutterstock