According to a recently published report by Malwarebytes, the global pandemic may be behind the recent surge in cyberattacks against businesses of all sizes.
While it wasn't immediately apparent, the pandemic forced businesses around the world to respond quickly to the emerging pandemic. As a result, tens of millions of workers began working from home.
In most cases, the infrastructure to make that possible was put in place very quickly, and as a result, the security surrounding that infrastructure wasn't as robust as it could have, or should have been. Hackers from around the world, always quick to take advantage of such situations, began striking at the new legions of homebound employees, finding easy pickings.
Based on the findings of the Malwarebytes research, nearly a quarter of organizations have found themselves having to pay unexpected costs to address malware infections or data breaches since shelter in place orders were imposed.
The three most common weak links were found to be:
- Improperly secured corporate VPNs
- Business eMail compromise
- Improperly configured security and access controls to cloud-based data
That makes a certain amount of intuitive sense, given that in many cases, those are the kinds of things that would have been hastily rushed into place. It all went so fast, as businesses scrambled to respond to the new realities of the workplace which the pandemic imposed.
Adam Kujawa, one of the researchers responsible for the report, had this to say:
"Threat actors are adapting quickly as the landscape shifts to find new ways to capitalize on the remote workforce. We saw a substantial increase in the use of cloud and collaboration tools, paired with concerns about the security of these tools. This tells us that we need to closely evaluate cybersecurity in relation to these tools, as well as the vulnerabilities of working in dispersed environments, in order to mitigate threats more effectively."
Wise words. If your business has seen a radical change in the way your employees work in recent months, and it probably has, now is the time to conduct a thorough security audit to limit your exposure.