The risks of long-term lockdown

Posted On 27 Nov 2020
Comment: Off

The risks associated with working from home have been well-documented this year, from a decline in productivity and feelings of isolation through to difficulties in accessing stable broadband. But according to Dave Waterson, CEO at SentryBay perhaps the greatest risk of all has been the level of exposure companies have faced from cyber-attacks when their employees are outside the corporate security perimeter.

We carried out a survey in April amongst 1550 UK employees working remotely due to Covid-19, which showed that that 42% had received suspicious emails and 18% had been forced to tackle an actual security breach in just the first five weeks of lockdown. This onslaught of malicious cyber activity led to almost half (49%) of those surveyed feeling vulnerable due to the insecurity of the devices they were using (which included home PCs and smartphones as well as corporate laptops and PCs) to connect with their corporate networks.

Malicious actors are adept at evolving their methods in order to inflict the maximum payload, and this is now having the effect of exposing smaller enterprises to a level of sophisticated cyber-attack ordinarily reserved for large multi-nationals.

Risks of cyber-attack are increased by the geographically dispersed location of employees.  Even as we contemplate returning to a tiered system of lockdown, it seems unlikely that remote employees will return on a regular basis to the office within the next few months. In fact, even if a vaccine becomes widely available, companies are likely to support working-from-home policies moving forward.

This being the case, confidential company data now has a broader physical footprint, and organisations have less control over how it is being accessed if their employees are outside the company safety net. Smaller enterprises were previously afforded some protection by dint of their size – they simply flew under the cyber-attack radar. But as attacks have become more virulent, they have also become more widespread, and this has left these companies facing dangerous, highly damaging breaches that they are ill-equipped to deal with in the current climate.

Cyber attacks to grow by 40%

It’s for this reason that in 2021, we believe attacks could increase by as much as 40 percent with vulnerable endpoint devices that have not yet been secured, being the main target. Now is the time to address this.

And we are not the only ones to think so. An Interpol assessment of the impact of COVID-19 on cybercrime in August, said: ‘The increased online dependency for people around the world is creating new opportunities, with many businesses and individuals not ensuring their cyber defences are up to date’. Worryingly, Interpol also pointed out that when a COVID-19 vaccination becomes available, it is highly probable that there would be another spike, particularly in phishing attacks, related to these medical products as well as network intrusion and cyberattacks to steal data.

Identifying the biggest attack vectors

Identifying where the main risks lie is important, and we anticipate that for smaller enterprises, these will come from keylogging and screen-grabbing malware. The reason for this is simple, they are the attack vector through which sensitive data is most often, and most easily, stolen. Along with spyware, keylogging malware was last year ranked as the highest threat by the annual Global Threat Intelligence Report.

Both forms of malware use endpoint devices, home PCs and laptops for example, to gain access to corporate networks and, despite the rise in use of anti-virus and two-factor authentication, this will not guard against an attack. In fact, with a keylogger installed on a remote endpoint laptop which has a lower security posture than it would within the secure corporate perimeter, an attacker could have full access as the user logs-in and to everything the user enters at the keyboard or displays in a local application.

The solution to fending off this kind of attack is to protect data entry on any unmanaged devices, particularly those that work with remote access apps like Citrix, VMWare, WVD, web browsers and Microsoft Office applications. Browsers that access the corporate network should also be locked down.

Defending against the threat

Tools that are designed to do this should not have to involve the time, cost or complexity of software or hardware that requires special configuration. Instead, a simple download and install from pre-configured software will provide a far more effective and speedy resolution to the threat.

Smaller enterprises can look now for proven anti-keylogging software that can protect every keystroke into any application and prevent screen-grabbing malware from stealing credentials and sensitive corporate data. It is also important that there is access to a portal that allows simple configuration by administrators – this is after all something that needs to be managed remotely.

No organisation should think that they have it covered if they are relying only on two-factor authentication or standard anti-virus solutions. Unless data is protected as it is entered from the keyboard or onto the screen, it reveals a chink in the corporate armour to criminals who will not hesitate to strike.

As many employees will continue to work from home for the foreseeable future, companies must address this urgent issue and reconsider their security environment not just in the office, but outside it too. The aim should be to ensure that any unmanaged device that accesses the corporate network has the same security posture as managed devices within the corporate perimeter.