With the introduction of Covid-19 the world has changed in many ways. We saw changes take place in all aspects of life, and the workplace was not left unaffected. We saw many industries change the way they carry out work, but one of the biggest changes has most definitely been the spike in people who are working from home. While this change has been a positive change for a lot of people and has had its benefits, it does not come without its risks and has proven to be a massive security risk for companies all over the globe.
With most tasks being carried out online workers are more susceptible to be targeted by various forms of online scams, without the security protections in place that are provided within office settings with the scams only getting increasingly advanced by the day.
Between January and April 2020, we saw a massive increase in cloud-based attacks with a whopping 630% increase being reported. Ultimately, it looks like remote working is not set to be a short term ‘trend’, and as a result, remote workers will continue to be a target for cyber criminals.
However, we are not in the business of scaring people but simply put just wanted to put the statistics out there so people can be aware of the issue and make sure that they can be more responsible within their new (home) workplace. I will be providing links to the sources for all statistics talked about and more importantly will be putting out a few more blogs talking about straightforward ways to overcome these risks to the workplace and how to easily spot these scams.
- 95% of cybersecurity breaches are caused by human error.
Unfortunately, this one hurts the most and while hard to admit, is absolutely true. While working from home is a great privilege and allows us to balance our lives a bit easier, we definitely should not be taking it for granted whether you are an employee or employer. Due diligence should be taken to make sure the risks are minimised and more importantly if a risk does occur knowing how to properly deal with it can be just as effective. It is critical that companies take steps to reduce the risk from cyber security threats, through:
· Educating staff in managing sensitive data from home
· Monitoring all devices being used so that errors and mishaps can quickly be identified
· Validation of security effectiveness of service providers, suppliers, and partners; ensuring there are no weaknesses in the supply chain
· Assessing ability to deal with a cyber attack
quickly and efficiently, as well as recovery levels to ensure IT infrastructures are back up and running as soon as possible
With the right IT controls and the right training and information readily available for the end-user, working from home can be just as secure as working from an office.
- Phishing emails have spiked by over 600% since the end of February as cyber-criminals look to capitalize on the fear and uncertainty generated by the COVID-19 pandemic.
Now this again does sound scary but the numbers get so high because ultimately people do not know how to spot these types of email or even what they are. So what is phishing? Phishing is a type of social engineering attack in which cyber criminals trick victims into handing over sensitive information or installing malware.
Often they do this via malicious emails that appear to be from trusted senders, but sometimes use other means. There are typically two types of phishing emails -
1. Malicious email attachments, which usually have enticing names, such as ‘INVOICE’, install malware on victims machines when opened.
2. Malicious links point to websites that are often clones of legitimate ones, which download malware or whose login pages contain credential-harvesting scripts.
It is also important to note that Email phishing attacks were the most common source of data breaches while working from home.
- There is a cyberattack every 39 seconds
A cyber-attack can constitute anything but will mainly be things like malware, phishing, ransomware, denial of service, among other methods
- The top malicious email attachment types are .doc and .dot which make up 37%, the next highest is .exe at 19.5%.
- Remote work has increased the average cost of a data breach by USD 137,000.
2021 had the highest average cost in 17 years, data breach costs rose from USD 3.86 million to USD 4.24 million, the highest average total cost in the 17-year history of this report. The average cost was USD 1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not a factor.
- Half a million Zoom user accounts were compromised and sold on a dark web forum in April 2020.
Zoom of course has been under a lot of criticism over the years, and there have been several mishaps and scandals mostly relating to data breaches. However, it is not all doom and gloom and there are plenty of better alternatives depending on what it is you are looking for. A quick google search would be most effective as there are many sites that show exactly what security benefits you are getting from different video conferencing tools like google meet or Microsoft teams.
Sources -
https://www.varonis.com/blog/cybersecurity-statistics