-CYBERSECURITY IN TIMES OF CORONA-
For more than a year now, more people worldwide have been working from home offices than ever before. The digitalization of the home has been turbo-charged, but the poor interconnections to companies have often been overlooked or accepted, as the focus was on speed of implementation and the need that everyone could continue to work and generate revenue. But that combination of speed and usability opens the door to new dangers from the web.
HOME OFFICE: GATEWAY FOR CYBERATTACKS
While four percent of employees worked from home before the crisis, the figure was around 30 percent in the first lockdown in April 2020. At the end of January 2021, high Corona infection rates again meant that just under a quarter of the workforce was working exclusively or predominantly from a home office.
This growing number of remote workers are unable to control all aspects of their private space, which has suddenly become a professional one. This puts the security of the entire enterprise at risk. While cyber maturity varies across countries and cultures, the human dimension is critical, as security for remote work depends on building a “human firewall” of employees.
Global cybersecurity spending hit 36 billion EUR in 2020, representing a CAGR of 8.2% compared to 2017, while cloud security is expected to grow by 33.3%. In Germany alone, cybercrime caused costs of approximately 87.7 million EUR in 2019. And even though the figures for 2020 have not yet been published, we already reached a new high. (Source: Statista / e2 Security Analysis)
MORE SECURITY THROUGH CLOUD SOLUTIONS
Cloud solutions are secure and viable products but keeping them secure is becoming increasingly difficult. The industry is challenged to invest in people, end-to-end security processes and governance to efficiently manage cloud operations while building a solid foundation to keep pace with the rapid evolution of the cloud.
Cloud security is the fastest growing segment in the IT security market, largely due to the increasing demand for cloud solutions resulting from the 2020 COVID-19 outbreak. Major cloud security risks include customer misconfiguration, mismanaged credentials, or insider theft. Data Privacy (GDPR) is a top priority for cloud security.
The Top 5 common cyberattacks experienced by companies are:
- Phishing (37%)
- Network intrusion (30%)
- Inadvertent disclosure (12%)
- Stolen / lost device data (10%)
- System misconfiguration (4%)
RETHINKING: ENSURING SECURITY FROM THE START
Many of our systems today are optimized for efficiency, but this leaves them vulnerable when circumstances change abruptly. Overnight, organizations and governments around the world discovered they had critical dependencies on seemingly innocuous infrastructure components such as VPN networks, online stores, cloud -based video conferencing systems, and logistics organizations and suppliers. Consideration needs to be taken as to what other dependencies exist in IT systems or supply chains that should be “critical.” Change in digital transformation must always include security planning. Before and not after the fact. That’s the only way to secure intellectual property and the success of companies.
Currently, there is a rise in real-time phishing proxies (RTPP) that can capture and use multi-factor authentication (MFA) codes. The RTPP acts as a man-in-the-middle and intercepts a victim’s transactions with a real website. Because the attack occurs in real time, the malicious website can automate the process of capturing and replaying temporary authentications such as MFA codes. It can even steal and reuse session cookies.
The e2 Security team will be happy to advise you on these threats and how to deal with them.