Security Impact of Covid19
by EW in
Digital Threats Trends vulnerabilities

…a full 40 percent of those companies (polled) reported seeing increased cyberattacks as they enable remote working.

Link: https://threatpost.com/coronavirus-poll-cyberattacks-work-from-home/153958/?utm_source=rss&utm_medium=rss&utm_campaign=coronavirus-poll-cyberattacks-work-from-home

Summary:

  • Authored by Tara Seals on Thu 19 March, the article on Threat Post details the results of a poll on the affects the pandemic has had on security teams. Highlights below:
  • Cyber threats are increasing as attackers capitalise on disruption to workforces, security organisations are having to adapt
  • Of around 200 security practitioners, 30% said they were prepared for their workforce shifting to remote working
    • 52% partly prepared but had significant challenges for a portion of the workforce
    • 5% not prepared at all
  • 70% said enabling remote working was relatively new
    • 81% said at least 50% of their workforce would be new remote workers by 20 March
    • 41% said they had a pre-existing plan that has been successfully implemented, but 11% said they had insufficient plans
  • Phishing and Social Engineering reported as most common COVID-19 related threats with 23% affected by these attacks
    • Around 10% reported an uptick in Coronavirus themed scams
  • 43% said end-user awareness was the biggest perceived challenge
    • Next biggest concern: 20% said securing sensitive data off-prem
    • 10% said patching and updates followed by mobile devices at 6%
  • 55% said cloud security was NOT a prioritised concern
    • Reliance on cloud services (SaaS, IaaS, etc) for remote working should be prioritised
    • Biggest risk factor with cloud is typically Shadow-IT. Remote workers vastly more compelled to circumvent business-owned IT systems
  • Most organisations, 34%, rated securing endpoints as the highest priority, followed by endpoint security user education (33%)
  • Multifactor was the most-implemented technical control (22% of respondants) for remote working across all applications
    • 11% provided secured laptops
    • Only 37% require a VPN to access corporate resources
  • Reagarding security practice, patching and updating remains a key fundamental security practice, and emphasis on the following:
    • Segmenting networks to limit VPN user access internally
    • Least privilege models are more relevant than ever
  • There are positive effects of consolidating worker profiles to remote workers, e.g, enforcing device compliance for connectivity

Tags: , , , , , , , , , , , , , ,

Share Post:
Facebook Twitter Pinterest

Related Posts

Ransomware Finastra Digital Threats

Ransomware Delayed Deployment Trend

NCC Phishing Analysis Attack Campaigns

Analysis of 1,300 Phishing Campaigns Shows Significant Sector Differences

No Comments

Leave a Reply