Remote Working During Coronavirus Pandemic Leads to Rise in Cyber-attacks, Say Security Professionals

Published on: July 15th, 2020

The vast majority of cybersecurity executives believe the global shift to homeworking during the Covid-19 pandemic has led to a rise in cyber-attacks, a new survey has revealed.

Published today (July 14), the third Global Threat Report (PDF) from VMware Carbon Black also found little confidence among respondents that the rollout to remote working had been done securely.

The study took a deep dive into the effects Covid-19 had on the security of remote working, with 91% of executives stating that working from home has led to a rise in attacks.

Respondents from the UK, US, Italy, and Singapore were polled in March and April of this year.

The study found that 85% of chief information officers (CIOs), chief technology officers (CTOs), and chief information security officers (CISOs) felt that their workforce had not been properly equipped to work from home, with 28% citing “severe and significant gaps” in security.

More than a quarter (29%) cited an inability to implement multi-factor authentication as the biggest threat facing their organization, rising to 50% for financial services organizations, and 46% for companies with 251-500 employees.

Covid-19 related malware was the biggest threat to smaller organizations with 50-250 employees (43%).

Increased attacks

The findings were discovered in the context of a larger study produced in the early days of the pandemic, which found that 90% of security professionals had already witnessed a growing volume of attacks over the previous 12 months.

Four in five (80%) also thought attacks had become more sophisticated since 2019.

Of around 3,000 professionals surveyed in more than a dozen countries, 94% had suffered a data breach resulting from a cyber-attack. Organizations experienced an average of 2.17 breaches each, although this fell from 3.4 in the report’s previous edition.

This larger study polled respondents from countries across the world including Japan, Canada, France, and Germany. The average breach frequency was highest in France (3.7) and lowest in Canada (one breach).

Manufacturing and engineering companies suffered more cyber-attacks and data breaches than any other sector.

The “leap in attack frequency and sustained increase in sophistication” showed that “however fast global businesses may be adapting to the intensifying environment, the cyber threat landscape is evolving faster”, said Rick McElroy, cybersecurity strategist at VMware Carbon Black.

 

Read more of the latest news about cyber-attacks

 

Custom malware and Google Drive attacks were the most frequently experienced forms of cyber-attack by 18% of respondents apiece, while process hollowing attacks more than trebled from 3% to 9.5%.

“Adversaries are adopting more advanced tactics as the commoditization of malware is making more sophisticated attack techniques available to a bigger cohort of cybercriminals,” concluded McElroy.

Conversely, phishing and ransomware attacks only accounted for 6% of attacks each, down from 34% and 18% in the previous two reports.

It “appears that unsophisticated ‘spray and pray’ tactics are being rejected in favor of accessing networks undetected and gaining persistence for longer term campaigns,” reads the report.

Identifying risks

The rising adoption of third-party applications prompted 35% of cybersecurity professionals to cite “workload/applications” as the biggest security risk.

Network vulnerabilities were identified by almost as many – 34% – followed by mobile devices (21%) and endpoints (7%).

The root cause of 18% of breaches, OS vulnerabilities were the most common entry point for attackers, followed by third party application breaches and ‘island hopping’, both polling at 13%.

Seven percent of breached businesses were compromised via their supply chain.

Some 70% of security professionals felt their organization had suffered reputational damage from a data breach, although only 30% suffered financial losses – down from 44% in October 2019.

Twice as many financial services companies suffered “severe” reputational damage than respondents across all sectors ¬– 34% versus 17%.

 

YOU MAY LIKE Simplicity should underpin enterprise security in a Covid-19 world

 

The vast majority of respondents – 96% – expected their budgets to grow over the next 12 months, with 46.5% anticipating a rise in 5G-focused security spending.

Threat hunting is becoming ubiquitous, meanwhile, apparently by dint of its effectiveness: 88% of respondents now deployed the defensive method, and 86% said it had strengthened their company’s defences.

Respondents were using an average of 8.91 different security tools to manage their security program. This reactive, “bolted-on” approach to tackling emerging threats “has resulted in siloed, hard-to-manage environments”, said the report.

The Daily Swig has contacted VMWare for further comment.

This article was originally published on The Daily Swig.