coronavirus Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

coronavirus

73% of IT execs concerned over remote working security risks

960 640 Stuart O'Brien

73% of security and IT executives are concerned about new vulnerabilities and risks introduced by the distributed workforce, highlighting an ‘alarming’ disconnect between confidence in security posture and increased cyberattacks during the global pandemic.

The data from Skybox Research Lab comes after enterprises rapidly shifted to make work from home possible and maintain business productivity. Forced to accelerate digital transformation initiative, this created the perfect storm, the research says.

Skybox Research Lab discovered that 2020 will be a record-breaking year for new vulnerabilities with a 34% increase year-over-year – a leading indicator for the growth of future attacks.

As a result, security teams now have more to protect than ever before. Surveying 295 global executives, the Skybox 2020 “Cybersecurity in the new normal” report found that organizations are overconfident in their security posture, and new strategies are needed to secure a long-term distributed workforce.

Key findings:

  • Deprioritized security tasks increase risk: Over 30% of security executives said software updates and BYOD policies were deprioritized. Further, 42% noted reporting was deprioritized since the onset of the pandemic.
  • Enterprises can’t keep up with the pace: 32% had difficulties validating if network and security configurations undermined security posture. 55% admitted that it was at least moderately difficult for them to validate network and security configurations did not increase risk.
  • Security teams are overconfident in security posture: Only 11% confirmed they could confidently maintain a holistic view of their organizations’ attack surfaces. Shockingly, 93% of security executives were still confident that changes were correctly validated.
  • The distributed workforce is here to stay: 70% of respondents projected that at least one-third of their employees will remain remote 18 months from now.

“Traditional detect-and-respond approaches are no longer enough. A radical new approach is needed – one that is rooted in the development of preventative and prescriptive vulnerability and threat management practices,” said Gidi Cohen, co-founder and CEO, Skybox Security. “To advance change, it is integral that everything, including data and talent, is working towards enriching the security program as a whole.”

To download the full report, visit: https://www.skyboxsecurity.com/security-transformation/

‘Massive’ rise in DDoS and password attacks during pandemic

615 410 Stuart O'Brien

New analysis from F5 Labs has discovered a massive rise in DDoS and password login attacks during the pandemic.

In January, the number of all reported SIRT incidents was half the average reported in previous years. However, as lockdowns were put in place from March onwards, there was a sharp rise in incidents.

The attacks can be categorised into two buckets from January to August this year: Distributed Denial of Service (DDoS) attacks (45%) and password login attacks (43%) which comprised of brute force and credential stuffing attempts.

Other findings include:

  • DDoS attacks surge 3x in March: DDoS made up only a tenth of reported incidents in January, but grew to three times that of all incidents in March.
  • No ‘spring slump’ for DDoS: Typically, DDoS attacks see a ‘spring slump’, but these rose in April 2020. In fact, DDoS attacks targeting web apps increased six-fold from 4% in 2019 to 26% in 2020.
  • Attacks are diversifying: The number of DDoS attacks reported to the SIRT and identified as DNS amplification attacks nearly doubled (31%) this year along with DNS Query Flood which is also on the rise.
  • DDoS most popular in APAC with 83% of attacks: Meanwhile, EMEA saw the next highest with 54%.
  • 67% of all SIRT-reported attacks on retailers in 2020 were passwords attacks: A rise of 27% on last year. This was to be expected as the pandemic has caused a huge shift from in-store sales to online

Full details can be found here: https://www.f5.com/labs/articles/threat-intelligence/how-cyber-attacks-changed-during-the-pandemic.

Securing a hybrid and agile workforce

960 640 Guest Post

2020 has forced businesses to revise many of their operations. One significant transition being the shift to a remote working model, for which many were unprepared in terms of equipment, infrastructure and security. As the Government now urges people to return to work, we’re already seeing a shift towards a hybrid workforce, with many employees splitting their time between the office and working from home.

As organisations are now reassessing their long-term office strategies, front and centre to that shift needs to be their IT security underpinned by a dependable and flexible cloud infrastructure. Andrea Babbs, UK General Manager, VIPRE, discusses what this new way of working means long-term for an organisation’s IT security infrastructure and how businesses can successfully move from remote working to a secure and agile workforce.

Power of the Cloud

In light of the uncertainty that has plagued most organisations, many are looking to options that can future-proof their business and enable as much continuity as possible in the event of another unforeseen event. The migration of physical servers to the Cloud is therefore a priority, not only to facilitate agile working, but to provide businesses with greater flexibility, scalability and more efficient resources. 

COVID-19 accelerated the shift towards Cloud-based services, with more data than ever before now being stored in the Cloud. For those organisations working on Cloud-based applications and drives, the challenges of the daily commute, relocations for jobs and not being able to ‘access the drive’ are in the past for many. Cloud services are moving with the user – every employee can benefit from the same level of security no matter where they are working or which device they are using. However, it’s important to ensure businesses are taking advantage of all the features included in their Cloud subscriptions, and that they’re configured securely for hybrid working. 

Layered security defence 

Cloud-powered email, web and network security will always underline IT security defences, but these are only the first line of defence. Additional layers of security are also required to help the user understand the threat landscape, both external and internal. Particularly when working remotely with limited access to IT support teams, employees must be ready to question, verify the authenticity and interrogate the risk level of potential phishing emails or malicious links. 

With increased pressure placed on users to perform their roles faster and achieve greater results than ever before, employees will do what it takes to power through and access the information they need in the easiest and quickest way possible. This is where the cloud has an essential role to play in making this happen, not just for convenience and agility but also to allow users to stay secure – enabling secure access to applications for all devices from any location and the detection and deletion of viruses – before they reach the network. 

Email remains the most-used communication tool, even more so when remote working, but it also remains the weakest link in IT security, with 91% of cybercrimes beginning with an email. By implementing innovative tools that prompt employees to double-check emails before they send them, it can help reduce the risk of sharing the wrong information with the wrong individual. 

Additional layers of defence such as email checking tools, are removing the barriers which slow the transition to agile working and are helping to secure our new hybrid workforce, regardless of the location they’re working in, or what their job entails. 

Educating the user

The risk an individual poses to an organisation can often be the main source of vulnerability in a company’s IT infrastructure. When remote working became essential overnight, businesses faced the challenges of malware spreading from personal devices, employees being distracted and exposing incorrect information and an increase in COVID-related cyber-attacks. 

For organisations wanting to evolve into a hybrid work environment, their IT security policies need to reflect the new reality. By re-educating employees about existing products and how to leverage any additional functionality to support their decision making, users can be updated on these cyber risks and understand their responsibilities.

Security awareness training programmes teach users to be alert and more security conscious as part of the overall IT security strategy. In order to fully mitigate IT security risks and for the business to benefit from an educated workforce, both in the short and long term, employees need to change their outdated mindset. 

Changing approach

The evolution of IT and security over the past 20 years means that working from home is now easily achievable with cloud-based setups, whereas in the not too distant past, it would have been impossible. But the key to a successful and safe agile workforce is to shift the approach of a full reliance on IT, to a mindset where everyone is alert, responsible, empowered and educated with regular training, backed up by tools that reinforce a ‘security first’ approach. 

IT departments cannot be expected to stay one step ahead of cybercriminals and adapt to new threats on their own. They need their colleagues to work mindfully and responsibly on the front lines of cyber defence, comfortable in the knowledge that everything they do is underpinned by a robust and secure IT security infrastructure, but that the final decision to click the link, send the sensitive information or download the file, lies with them. 

Conclusion

As employees prove they can work from home productively, the role of the physical office is no longer necessary. For many companies, it is a sink or swim approach when implementing a hybrid and agile workforce. Introducing and retaining flexibility in operations now will help organisations cope better with any future unprecedented events or crises.

By focusing on getting the basics right and powered by the capabilities of the Cloud, highlighting the importance of layered security and challenging existing mindsets, businesses will be able to shift away from remote workers being the ‘exception,’ to a secure and agile workforce as a whole.

Giving resellers the key to unlocking end user continuity, productivity and flexibility

960 640 Guest Post

By Dave Manning, Operations Director, Giacom

Until recently, the transition to working from home was unfolding at a gradual pace for many businesses. Although there is much research to back up the benefits of flexible and remote working, many business leaders remained sceptical, believing that office working remained the setup that would be most productive and beneficial from a cultural perspective. 

But the current crisis delivered an ultimatum for many businesses – cease operations or deploy technology to enable employees to work from home for the foreseeable future. There are, of course, several industries where working from home is not an option, but for the majority, there are ways to simply facilitate it – demonstrated by the fact that more than 39% of adults in employment are now working from home, compared to around 12% last year. 

Many employees are thriving working from home. And the hours they have gained back while working from home are not going to be something they will want to give up easily –  two-thirds (63%) of workers said they are open to full time remote working and never going back to the physical office once the crisis is over. It’s becoming clear that the future will not be a permanent office-based workforce, but will shift to a hybrid model combining both remote and office working, allowing for a larger degree of flexibility. This approach of working fuelled by the pandemic is clearly favoured, as 77% of UK employees believe a mix of office-based and remote working is the best way forward post Covid-19. 

For those companies set up to work from home, it’s clear that if business continuity and productivity are maintained – or even improved – during a crisis, they will long term as well. But companies that aren’t properly set up to support remote working are missing out on significant business value gains. To facilitate hybrid working long term, employees must be equipped not only to survive, but to thrive. So how can resellers support end user organisations in transitioning to this new way of operating in the future?

A cloudy future

The lockdown enforcement saw the need for businesses to adapt to this new way of working almost overnight, resulting in a huge surge of enquiries to resellers to get employees working remotely as quickly as possible. Even with cloud-based solutions gaining popularity over the years, a lot of business infrastructure remain on-premises. Businesses need to be moving to a cloud-based infrastructure where the technology they deploy allows for the flexibility to work remotely and on-premises if required. For IT companies supporting SMBs who want to future-proof their businesses and replace outdated on site servers, the cloud offers a fixed cost server solution to IT companies supporting SMBs, while delivering secure storage and easy provisioning as well as scalability – ensuring a futureproof solution for end users. 

Productivity tools

Collaboration tools have come of age and the race is on to both develop and implement smoother integrated IT communications, video, voice strategies so that business can perform at an even higher level whilst working from home. Similar to the transition from letter writing to email, businesses are realising they can actually get more achieved in the same time with cloud-based tools and people not having to travel miles around the country on public transport, in cars or internationally by plane.

And as virtual collaboration tools develop even further to deliver advanced capabilities, employee productivity will only increase. Resellers will be the crucial advisors to companies in order to facilitate their needs, backed up with support from CSPs to help navigate through the most relevant and valuable cloud solutions for their end users. 

Secure setup

Resellers have undoubtedly already experienced the surge of businesses looking to get staff up and running with remote collaboration tools, such as Microsoft Teams etc.. But in the rush to get everyone online and maintain business continuity, security considerations likely slipped much further down the list. Given the continued increase in frequency and sophistication of cyber attacks, especially those capitalising on the current crisis through phishing scams, ‘Zoom-bombing’ incidents and the like, it’s never been more important to prioritise cyber security. 

This is especially true for those organisations that are new to the concept of remote working. While they may have had a solution in place for keeping the corporate network secure within the physical office, a virtual business requires different tools and techniques. This is where resellers can play a crucial role as key consultants to end-users on how they can keep their data secure and deploy reliable, cloud-based backup solutions to safeguard their sensitive information even further. 

A hybrid and flexible infrastructure

While we are all looking forward to this crisis being over, given the nature of the pandemic it’s unlikely that there will be a hard stop to lockdown. Even with the government now lifting some of the restrictions, we can expect a combination of working from home and office working with social distancing and other measures still in place for some time to come. And research has found that 74% of business leaders intend to shift some employees to remote working permanently. No one knows exactly what that journey will look like, so businesses require the toolkit and technology to enable a hybrid working infrastructure now and into the future. 

Moreover, lockdown measures may be starting to ease gradually, but if the UK is faced with a second wave of the virus, or we experience another crisis in the future, additional lockdown measures may have to be put back in place, as was the case in Singapore that struggled to contain a second wave. Flexibility is therefore crucial to safeguard business continuity and enable organisations to maintain optimum productivity levels even in the midst of another unprecedented event. 

The key will be for resellers to support end users in deploying tools that support this new way of working. From unified communications and collaboration software, to cloud-based backup and security tools that keep the corporate network safe no matter where the user is based, resellers hold the key to unlocking end user organisations’ continuity, productivity and flexibility. 

Transitioning to Secure Remote Working During and Beyond COVID-19

960 640 Stuart O'Brien

By Steve Law, CTO, Giacom and Sébastien Gest, VadeSecure

Organisations of all sizes that typically work in office environments have been thrown into the deep end due to the Covid-19 outbreak. Social distancing measures and restricting unnecessary travel has meant that a majority of companies had to unexpectedly revert to remote working. Many of these businesses quickly realised that they weren’t ready for this digital transformation, with recent research suggesting that UK firms are among the world’s least prepared for home-working.

With 25% of businesses having no crisis plan in place and 55% of employees having little to no experience of working from home, organisations have had to revise their working practices to be able to conduct their work digitally and remain effective. Technology plays a key role in enabling remote work, but many organisations did not have this planned in advance, and subsequently, are at a disadvantage due to their current inadequate technology solutions and infrastructure in place. This can lead to significantly increased security risks and concerns, as Steve Law, CTO, Giacom and Sébastien Gest, VadeSecure, explain.

Workplace Challenges

Workforces may not have access to the necessary devices from their homes such as work laptops, the correct video conference solutions or collaboration tools in place to perform their role. As a result, employees who are working from home will have to do so from their own devices. This ‘Bring Your Own Device’ (BYOD) phenomenon creates a security concern as not all personal electronic devices will have the correct level of security installed on them – the software may not be up to date, they may have an older version of Windows installed or no antivirus software available.

This creates an issue for both the consumer and the professional, as the same credentials are often used across multiple accounts at the same time. Hackers’ creativity is limitless and is becoming more sophisticated over time. Vade Secure has seen a shift in cyber criminals’ strategies, changing from attacking individuals with ransomware to instead using these individuals as a backdoor to gain access to corporate networks, and there is no better opportunity to do this than via individuals using their personal devices from home. However, by implementing the correct software and security solutions across all employees’ devices, these risks can be mitigated. 

Evolving threats 

The number of cyberattacks has continued to increase over time, with up to 88% of UK companies being targets of breaches in the last 12 months. However, hackers are taking advantage of the current coronavirus situation by sending phishing emails purporting to be PPE suppliers or medication. Recent statistics have found that since January 2020, there have been over 4,000 coronavirus-related domains registered globally, with 3% found to be malicious and 5% suspicious. These results heighten the importance of ensuring your workforce are securely remote working.

Over the last three months, as the coronavirus outbreak has unfolded, Vade Secure has seen a surge in spear-phishing and malware activities. Examples of this which have been found include capitalising on psychological aspects of the victims, including Covid-19 charity campaigns, fake mask and sanitiser suppliers, as well as stock and medications for purchases which don’t exist.

With 91% of cyber attacks using emails as their first vector, it’s more important than ever to ensure that your employees have a secure email network in place. No organisation is immune to the threat and companies which don’t have the right security software in place need to act now before it’s too late. By adding these security elements, companies can benefit from detecting and blocking features and using Artificial Intelligence to secure their networks and become notified when a non-legitimate email appears.

Securing the weakest link  

Often, the weakest link of an organisation is the employee, as 88% of UK data breaches are caused by human error. Employees are not security experts and can fall foul to phishing scams if they don’t have the right level of education or awareness. When working from home, your workforce is under more pressure to work both faster and harder, which can lead to mistakes being made. Staff members don’t have the time to check every email before they open them, but this one click can make all the difference.

Instead, by educating employees and making them more vigilant, they will be able to spot scams and cyber attacks before the damage is done. Combined with the right security software that uses techniques such as alert ‘pop-ups’ to prompt users to check emails before clicking on links, for example, the workforce will become more aware of the signs to look out for. By enabling users to make an informed decision about the nature and legitimacy of their email before acting on it, organisations can now mitigate against this high-risk area.

Conclusion

In order for organisations to limit the number of insider data and security breaches,  particularly when working remotely, it’s crucial for employees to understand the role they play in keeping the company’s information secure. By preparing in advance and having a secure contingency plan in place which provides employees with the necessary devices and security, companies will be in a stronger position to defend their systems against hackers. In addition to this, supporting employees with training will allow workforces to understand the evolving risks they face, and how to keep their information and systems secure. 

WEBINAR REWIND: How to Tackle Working From Home Security Threats

960 640 Stuart O'Brien

Last week ZIVVER hosted a webinar during which participants learned the secrets to securing an organization’s communications while safeguarding against costly data leaks with a remote workforce – if you missed this essential session you can re-watch it again now.

The lively 30 minute discussion includes expert insight and opinion from:

  • Quentyn Taylor is Head of Security for one of the largest enterprises in London. He is regarded as a key security commentator and is regularly quoted and published in industry publications and mainstream media.
  • Becky Pinkard is a renowned practitioner and commentator on the information security sector who has been working in information technology and security since 1996.
  • Rick Goud is the co-founder and CEO of Zivver, one of the top secure communication platform companies in Europe.

Tops covered off include:

  • Behind the stats: the top causes of data breaches in the UK
  • Data leak blunders and how to prevent them 
  • Evolving security threats with a remote workforce 
  • Modern solutions to secure outbound communications 

Watch again by clicking here

Securing outbound email is vital to help safeguard sensitive information and prevent data leaks. The good news is that this can be done easily and affordably with ZIVVER’s secure communication platform.

Getting started is easy

Setting up a ZIVVER account for up to 50 users can be conveniently done from any device in just a few clicks, 24 hours a day, 7 days a week. Simply choose the desired plan, select the number of users, and pay with a credit card to immediately begin sending communications securely.

Use the code WFH30UK to get 30% off for the first 3 months of your subscription – Click here to get started.

WEBINAR: How to Tackle Working From Home Security Threats

960 640 Stuart O'Brien

Learn the secrets to securing your organization’s communications while safeguarding against costly data leaks with a remote workforce. 

This April 30 webinar from ZIVVER features three industry experts who will bring you up to speed on the new threat landscape. 

Stay alert to WFH security threats 

Be in the know and hear about the following:

  • Behind the stats: the top causes of data breaches in the UK
  • Data leak blunders and how to prevent them 
  • Evolving security threats with a remote workforce 
  • Modern solutions to secure outbound communications 

Learn from these IT security experts

We’re delighted to have two incredible guest panelists alongside ZIVVER’s co-founder and CEO, Rick Goud. They’re ready to share valuable insights on how to effectively secure outbound communications.

  • Quentyn Taylor is Head of Security for one of the largest enterprises in London. He is regarded as a key security commentator and is regularly quoted and published in industry publications and mainstream media.
  • Becky Pinkard is a renowned practitioner and commentator on the information security sector who has been working in information technology and security since 1996.
  • Rick Goud is the co-founder and CEO of one of the top secure communication platform companies in Europe.

Following the panel discussion there will be an interactive Q&A session where you can ask questions.

Click here to register for the webinar

Coronavirus: Business Continuity During a Global Crisis

960 640 Stuart O'Brien

By Nicole Alvino, Cofounder and Chief Strategy Officer, SocialChorus

We’re living through an unprecedented time, globally and for how long, none of us are that sure. While the new coronavirus may seem like a singular threat, dealing with crises is a fact of doing business—one companies can expect to encounter with increasing frequency. According to PWC, 69% of businesses had experienced a crisis in the last five years even before COVID-19, and the most disruptive causes of crises in the U.S. were natural or environmental. 

Under these conditions, it’s likely that your company already has crisis management and business continuity plans in place. But what should you do to ensure your infrastructure is robust enough and capable of helping you to reach all your workers?

There are five critical challenges that CIOs will face as they try to utilise their stack to reach employees. If you’re a CIO, then you know that you’re the best equipped person in your executive team to plan for business continuity but to be successful you’re going to need every person, across the entire business to understand your plans. Ultimately, your company is looking to you to:

·       Establish a source of truth for your company and communicate with one voice, so employees can separate rumours from facts and trust what they’re being told

·       Reach every worker on every digital channel with the targeted, personalised information they need to respond in an emergency

·       Use intelligent automation to certify message delivery, prompt response, and make sure your crisis communications are not just read but understood

·       Track the success of crisis initiatives and measure the effectiveness of your communications using in-depth analytics

·       Be prepared for emergency situations during COVID-19 and beyond – your stack and your workforce need to prepared for every twist and turn during this pandemic.

As you and the senior leadership team implement your crisis communications strategy you (and they) will ask whether you can reach every employee on every digital channel, even those that are deskless. And can you reach them with personalised, up-to-the minute information that they need? You’ll need to ensure that whatever communications technology you use, whether it be SharePoint, Slack, Zoom, Teams, mobile apps or others, that you can consistently reach and broadcast your company’s messages to all.

One thing we’re hearing is that people are overwhelmed with communications. On average a worker receives 120 emails per day, that’s not counting the ones via other channels such as Slack, IM or Teams. Now consider that your people, like you, are also getting bombarded by emails from school, IM from friends and family and messages via Facebook and WhatsApp. There is an information overload going on so whatever you do, you need to make sure your messages reach people urgently and that they can review them promptly. Our latest paper on CIO Crisis Communications takes you through several steps on how to reach all employees, across all channels, consistently.

Consistency from your business will help to establish trust in your message, especially if you’re able to deliver it immediately to all. And that’s of paramount importance. You don’t want workers in the London office getting communications three hours later than those in Paris or Madrid, or the other side of the world for that matter. All employees are equal, and all deserve to be communicated with, no matter where they are. They may consume your communications in different ways so use your different channels to reach all.

You’ll also need to judge how many times you communicate. Don’t hassle people as we’ve said, they’re inundated with messages already. If you need to know that they’ve received a critical message or piece of advice, then track acknowledgements or read receipts. Then you can take further communications actions with those that are unresponsive and not send repeat messages company wide.COVID-19 is changing the way we live and the way we work. In a world where change seems to be the only constant be the consistent voice across your organisation. Your emergency plans may need to be tweaked over the coming weeks, your infrastructure might need to be extended to ensure your reach is truly companywide but remember it is the companies that manage this situation well that will thrive through the chaos.

Image by Thor Deichmann from Pixabay