Keeping your network and infrastructure free from threats is always a priority, but with so many people working remotely, businesses have encountered problems doing so. In fact, hackers and scammers have come out of the woodwork to try and gain entry into unauthorized networks or to flat-out steal data. This month, we thought we would take a look at how the COVID-19 pandemic has exacerbated the threats out there.
A lot of people are working remotely. In fact, one study showed that 58 percent of all knowledge workers--which are workers that deal in information--are now working remotely. With so many people being asked to work remotely, and no time to plan out a strategy to get them secured, many employees are working with unsecured access to company resources. In fact, unsecured remote desktops have risen by over 40 percent. This is a major concern, because cybercriminals can use brute force methods to gain access to a desktop. If that desktop is part of a larger computing network, they gain access to that as well. Not a good situation.
With so many unsecured connections out there, brute force attacks are up nearly 400 percent over numbers in 2019. Kaspersky published a report stating as much, and it really isn’t a surprise. IT administrators were given very little or no advanced notice that they were to implement all the services employees would need. This created the current situation where there are many problems securing authentication points and keeping software effectively updated.
Hackers and scammers are using COVID-19, and the fact people are almost universally concerned about it in one fashion or another, to overcome people’s cyber awareness. This was seen almost immediately as COVID-19-related phishing attacks were deployed en masse. In fact, in April of 2020, there were nearly 70 times more COVID-19-related phishing attacks than the previous month.
Since people are constantly accessing Internet-based resources, and are getting messages from all over, many people are less deliberate in their ongoing scrutiny of incoming emails, the predominant vector phishing attacks come in. The truth is that people were the weakest link in a company’s cybersecurity platform before the pandemic, but it pales in comparison to how much of a liability some are today without constant oversight.
As mentioned earlier and understood by many security-minded people out there, hackers are opportunists. A global pandemic is just the kind of situation that hackers look to take advantage of; and they have. There are literally billions of COVID-19 pages up on the Internet, so ascertaining which are legitimate and which are nefarious is going to be difficult. Additionally, thousands of domains are added each day, of which 90 percent are scams. Not a good look for humanity when the largest health crisis in decades is met with people trying to steal money and data from others.
Technology’s job is to support the way people work, and with today’s strategies in place, more attacks are resulting in more breaches. This is largely because--even with a sharp change in strategy--companies are still trusting their users to do the right thing. They know that most of them will, and some won’t. The only way to get ahead during these uncertain times is to move to a zero trust strategy.
That’s not to say that users aren’t still going to have to do the right things, but under the zero trust model, the user is allowed to access their work regardless of where they are or what machine they are using. It’s less critical because instead of monitoring user behavior the zero trust model relies on the constant monitoring of the machines being used. Zero trust strategies constantly interrogate the network signal, the machine they are on, the data that is being transmitted, and the health of the software that is being used. If something is off, it is noticed and remediated immediately.
In the new zero trust perspective, risk is managed on a case-by-case basis, and that level of hyper awareness will go a long way toward mitigating further risk. During the COVID-19 pandemic, scammers have run rampant, video conferencing has been hijacked, phishing emails are more common and intricate than ever, but they don’t have to hurt your business. None of these circumstances matter when you seal up your network in a way where the most risk is mitigated.
If you would like to know more about how the COVID-19 pandemic has affected business and technology, or you would like to learn more about zero trust strategies and how to coordinate your business’ cybersecurity initiatives to give your newly remote workforce the best chance to help your business grow and prosper, call the IT professionals at Ashby Networking today at 916-960-0700.