Article

Who loves a good crisis? Hackers, that’s who

Posted: 15th May 2020
|
Hacking attempts have soared since the Covid-19 pandemic began. We take a look at the main threats to your business security and how can you help to mitigate an ever increasing attack surface.
You probably won’t need reminding that the World is in crisis. However, with nearing three-quarters of UK businesses having placed at least some staff on furlough, there are few signs that hackers are set to down tools. In fact, they’re busier than ever and this is why:

Hackers don't have morals

This shouldn’t come as a surprise but cyber criminals, by very definition, are somewhat lacking in morals. They don’t care that IT folk are stressed and working harder than ever to get their organisations set up for remote working. In fact, they see it as an opportunity, a chance to go for the jugular, to hit us while we’re down. The FBI has disclosed that reports of hacking attempts have soared by three- or four-fold since the global pandemic began. As a result, it’s not just biological viruses that we need to be worried about right now.

Never a better time to hack

As mentioned, IT is stretched and stressed right now. Not only that, but the attack surface of businesses globally has expanded. Let’s take a look at some of the vulnerabilities that hackers will be looking to exploit.

The VPN conundrum

Millions of workers are currently working from home. For those companies not invested in cloud computing this has invariably meant granting access to corporate networks via VPN in order to enable remote working. However, VPNs have inherent security issues that can be exploited in order for an attacker to gain access to a network. And once in your network, you may find they can often move around freely as VPNs are not generally designed to detect suspicious behaviour and take pro-active action. Keeping on top of patching VPNs and other edge devices can be time consuming and fraught at the best of times, let alone during a global pandemic.

BYOD? More like BYOV (Bring Your Own Virus)

Employees working on personal devices without a secure remote working solution poses a massive security risk for any company. A huge amount of trust is placed with individuals to make sure they’re working safely – at the very minimum, having anti-virus software on their chosen device.

In our recent Get Home Working Done survey, nearly a quarter of respondents (24.5%) said they were using a personal device to work from home and over half (58%) said they have saved work documents to personal devices – a major security concern putting company data at risk of breach.

The rise of SaaS app adoption

SaaS applications are being consumed at an ever greater pace in the workplace. However, allowing access to these applications on an unprotected or unmonitored device opens up businesses to a world of trouble. Web browsers are susceptible to hacking including session hijacking, key logging, screen capturing… to name just a few. SaaS apps are also very susceptible to insider threat. Imagine a user accessing SaaS apps on a network and device outside of your control? The possibility of company data being downloaded unchecked and for malicious reasons is very real.

IT teams would normally block access to the SaaS apps outside of the company network (although many SaaS apps don’t have this functionality), but doing this during the current crisis would massively impact the productivity of workforce’s.

Taking advantage of the vulnerable

The Covid-19 pandemic has given attackers the perfect opportunity to take advantage of remote workers, playing on their stress and anxiety during troubled times. Microsoft has seen a marked increase in phishing and social engineering attacks whereby hackers insert malicious links into emails – often using Covid-19 related keywords – that lead to infected websites. They can gain access to networks, steal credentials and elevate privileges, with the ultimate aim of stealing data or disrupting systems in order to achieve a big ransom payout.

Reducing your attack surface

Adopting a standard cloud solution like Hosted Desktops can keep your business safe. Even when you adopt a BYOD policy, your data is protected within the perimeter of the server and no data is stored on devices. You therefore don’t need to rely on the security of the user’s device and all security patching and updates can be controlled centrally and applied to all users simultaneously.

Using a solution such as Citrix Workspace is a great way to enable a secure, single sign-on to all files, apps (including those pesky SaaS apps) and desktops. This allows for centralised monitoring and control of all user interactions. When it comes to securing email, investing in software such as Mimecast can vastly reduce the number of malicious emails making it to inboxes. Providing threat awareness training to employees is also an essential step.

We’re currently giving free, no-obligation advice to help you enable remote working during the COVID-19 pandemic.

If you want to know more about how our solutions can help your business stay online during these trying times, get in touch today.

About The Author

Martin is a keen badminton player and Newcastle United supporter (for his sins). Outside of sport he loves spending time with his wife and two young children; usually watching copious amounts of Hey Duggee and building masterpieces out of Lego.

New Research

Our recent, nationwide research shows what can be learnt from working during lockdown. Download the report today.

Sign up to newsletter?*
Privacy Notice: We won’t sign you up to any marketing mailing lists (unless you ask us to*) but we may email you to make sure you have been able to access the content successfully. View our privacy policy.