- Published: Tuesday, 03 November 2020 09:05
Working from home policies, whilst necessary to curtail COVID-19, have exposed smaller enterprises to a level of sophisticated cyber attack ordinarily reserved for large multi-nationals and the impact will lead to a further sharp rise in data breaches, according to Dave Waterson, CEO at security protection software company, SentryBay. He forecasts a rise of as much as 40 percent in attacks in the year to come, primarily targeting vulnerable endpoint devices.
The pandemic has been widely exploited by malicious cyber actors and advanced persistent threat groups using COVID-19 themes, putting individuals, small and medium businesses and large organizations at risk of scams and phishing attacks. However, it is the geographically widespread location of employees that is exacerbating the risk, which is set to increase rather than decrease as the second wave of the virus forces people back to working in their homes.
“Working from home (WFH) has meant that sensitive company data has a broader physical footprint, and organizations have less control over how it is being accessed if their employees are outside the safety of the corporate perimeter,” said Dave Waterson. “Where previously smaller enterprises, which are often less well protected, were able to fly under the radar and avoid cyber attacks, this is no longer the case, and they are increasingly being hit with insidious, damaging, breaches that they are ill-equipped to deal with in the current climate.”
Waterson believes that, in 2021, the greatest danger to organizations will come from key logging and screen-grabbing malware, primarily because they are the attack vector through which sensitive data is most often, and most easily, stolen. Both use endpoint devices to gain access and, despite the rise in use of anti-virus and two-factor authentication, this will not guard against an attack.
“2FA does not stop sensitive data passing through the application after login,” continued Waterson. “Keylogging malware is normally ranked as the leading cyber threat to businesses, but standard anti-virus solutions do not provide sufficient protection. Unless data is protected as it is entered from the keyboard or onto the screen, it opens the door to criminals and therefore we are anticipating a massive growth in attacks on organizations.”
The risk of a breach is heightened not just because WFH is now so prevalent, but also due to a general rise in online activity. SentryBay predicts that malicious actors will target children or other members of the household to gain access to a parent’s corporate network.
With COVID restrictions and less people on the high street, the run up to Christmas will see a jump in ecommerce purchasing which is already being targeted by cyber criminals through phishing scams and fraudulent sites that spoof well known retailers.
SentryBay encourages organizations to think about the broader picture when it comes to protecting their employees, and their data. Identifying risk outside the corporation now means the families and friends of employees, and the devices they are using. To keep all connections safe, they need to look for solutions that are specifically designed to protect against all vulnerabilities, not just the most obvious ones.