The Covid-19 pandemic has shocked the world. Not only has it had a severe and devastating healthcare impact, but it has changed the world of work. One of the most noticeable changes has been the increase in remote working. The ensuing lockdowns have resulted in far-reaching and long-term changes to working practices. The advent of the hybrid workforce is one such change. A Lenovo study exploring this found that almost half of employees would prefer to work remotely permanently.
Remote working has created its own set of challenges, one of the most demanding being cybersecurity. In 2020, cybersecurity threats wreaked havoc on companies across the spectrum. The State of the Phish report for 2021 found that organizations were victims of more successful phishing attacks in 2020 than in 2019. The survey went on to ask security professionals about these phishing attacks, and 75% of those surveyed stated that their organization has experienced broad-based phishing attacks in 2020. The survey also found that ransomware infections affected 66% of third-party respondents.
The result of a changing IT environment coupled with increased security threats placed a strain on IT teams across the world. Both Managed Service Providers (MSPs) and IT managers need time to reflect on what and how to optimize their security posture from lessons learned during the pandemic. Read on for practical advice on securing your remote employees, maintaining business and data continuity and ensuring your brand is protected.
With employees forced to work from home, businesses experienced massive challenges with quickly deploying infrastructure that supports an at-home workforce. With this new environment, hackers quickly took advantage and launched ransomware, phishing, social engineering, and other attacks that could not be mitigated without the right monitoring tools and administration. IT staff were also forced to work from home with very few in the office to monitor systems. All these changes created challenges for organizations charged with ensuring data privacy and protecting corporate digital assets.
Ransomware reports increased rapidly as more users fell victim to malware created to force a payment in exchange for private keys used to decrypt files. This malware is especially dangerous for individuals and corporations as it will scan a network for any file extensions that could be critical to productivity. When users connect to the corporate network from their home computers, it could allow ransomware to take a copy of itself and store the malware on the local network. This worm-like activity is common with newer ransomware variants, and it’s proven to be an effective way of spreading malware and generating revenue for the attacker.
Some of the biggest monetary losses can be attributed to ransomware. By June 2020, ransomware had already accounted for $144 million in monetary loss and 11 large-scale attacks across the globe. The main factor in ransomware efficacy is that it uses cryptographically secure encryption impenetrable by brute force and other standard decryption attacks. This means that corporations must use backups or pay the ransom. In many of these attacks, backup plans were not sufficient in recovering data and the fee was paid.
Phishing is one of the most common methods for attackers to steal data, credentials, and other critical information. It’s also popular in combination with malware attacks where bad actors will send links to users in the hopes that they will go to their site and download malware. It can be used in combination of social engineering too especially with business targets. Social engineering and phishing have been responsible for some of the biggest scams targeting billion-dollar organizations (e.g., Google and Facebook).
As an example of what a good phishing attack can do, the “invoice fraud” phishing attack is common. It’s launched against the organization’s finance department. The attacker sends the accounting department fake invoices for payment. If the accounting department does not have procedures in place to detect fake invoices, then the employee might pay the invoice unknowingly. Google and Facebook fell victim to this phishing scam. The total estimated loss was $123 million.
Just like phishing, social engineering is an effective way to gain access to accounts or steal from a targeted corporation. It’s often used in combination with phishing, but it can be done completely over the phone. For example, a good social engineering actor could convince a targeted customer service representative to give them information on a specific user. It could be banking information, login credentials, or any other information that could be used in further attacks.
Many organizations train employees on the dangers of social engineering, but the attack still works even into 2021. Social engineering has also evolved into popular text message attacks often called pretexting. Many users are aware of phishing through email, so attackers turned to text messages to trick users into divulging information. These attacks often have a link to a malicious site where the attacker promises coupon codes or money in exchange for login credentials or financial data.
IT managers have been at the coal face of the pandemic, handling the sudden change from office to home-based working. This has meant ensuring that remote workers are equipped to do their job and that the transition to remote working is as smooth and secure as possible. The IT manager and team have had to work hard to ensure that productivity has not been unduly impacted by this change. Changes included local to cloud hosting, securing cloud apps, and the use of VPNs by many organizations.
To compound this, additional work to contain security threats during the pandemic has meant that IT managers and their teams had to explore new apps and work out new strategies to deliver continued security, even outside of the office environment.
An onslaught of phishing and ransomware has created a toxic mix that has been termed the ‘cyber-demic’ by some. Experian, in their 2021 Data breach Industry Forecast concludes that remote work will provide cybercriminals with new opportunities going into 2021. This is borne out by a Cisco study on cybersecurity threats since the pandemic that found 71% of security professionals experienced an increase in security threats or attacks.
During this current period of continued lockdowns and into the post-pandemic era to come, the IT manager must continue to place security at the forefront of technology choices. In 2021, IT managers are likely to need to continue remote worker support and therefore should consider the following strategic actions from lessons learned during the pandemic:
Create a connected IT team by using integrated apps and having regular online meetups. Building a coherent team that works well together, even at a distance, is vital to ensuring continued productivity and managing the security issues of remote work.
These policies should reflect the new work environment with:
Increased endpoints across a disparate network.
Increased use of cloud-computing and cloud apps.
More complex access management needs, especially with an increasing use of personal devices for work use (BYOD)
Insecure home networks
Cybersecurity awareness training has long been a sticking point for IT teams. Remote working has further emphasized the need for good security training. According to a survey by Acronis, nearly half of all IT managers struggled to instruct and secure remote workers. Extend training on security matters to all workers, including those working remotely.
Employees need more frequent training sessions in order to understand the importance and urgency of practicing good security habits. Many cybersecurity companies advocate organizations that have created security awareness training for employees working from home.
The SANS Institute, for example, have launched a Security Awareness Work-From-Home Kit that “provides a step-by-step plan to quickly execute an awareness initiative to secure your remote workforce, including how to identify what to teach your workforce, the top three risks to focus on, what departments to coordinate with and how to effectively engage and communicate to your workforce.” The availability of these training programs designed for remote work means security teams can easily create awareness programs to help manage the current situation.
Evaluate and deploy cloud-based tools that make remote security easier:
Deploy an anti-spam platform to scan email for malicious links and reduce the likelihood that a phishing email will land in an employee’s inbox.
Use email filtering and security software to detect malware in inbound and outbound emails.
Implement a cloud-based comprehensive web filtering solution to prevent cyber-threats, including Business Email Compromise (BEC) and various forms of malware. Best of breed web filtering platforms also prevent access to malicious or inappropriate websites.
The pandemic has created challenges but also opened opportunities. Security is now an integral part of the IT team’s remit. Encourage interested team members to take certification in the variety of security training courses available from the likes of ISC2 and ISACA.
During the pandemic, the role of the Managed Service Provider has come to the fore. IT teams often do not have internal resources or expertise and so have turned to help from an MSP. The Covid-19 pandemic has increased customers’ reliance on managed services providers. In 2021 and beyond we will see MSPs continuing to play a more in-depth role in their clients’ IT decision-making.
An MSP that can offer outsourced monitoring and management of security devices and systems, is in a great position to fill this gap. MSPs who offer cloud-based security services can meet the needs of remote work for all types and sizes of organizations. This offer will stand the test of time as even post-pandemic it looks like remote working is here to stay. This is evidenced in a poll of 1000 companies, that describes the intention to cut commercial office space by 40-60% with a move to a ‘hub and spoke’ model of working to support a remote work environment.
Any MSP that has not yet looked at offering cloud-based security services should do so. Cloud security solutions are scalable and fit to deliver the security needed to meet the needs of the extended network of endpoints, data, and cloud services that remote working requires. An MSP can also offer cost benefits and best-of-breed security solutions to customers.
The lessons learned by an MSP from this pandemic help to focus strategic decisions in the coming year:
The switch to remote working has meant that a company must change the way it thinks about security. An MSP with in-house security experts can help an organization make the right choice when evaluating options for home office work. The pandemic has made security the top priority for all types and sizes of businesses. It is imperative for MSPs to incorporate managed security service offerings in their portfolio to continue to grow and differentiate themselves from their competition.
The heavy burden of cyber-threats means that IT teams need to prioritize decisions on what security products to use. An IDG study found that 36% of security incidents over the past year were attributed to phishing attacks used to steal corporate data. There is an opportunity for MSPs to provide the security services organizations need to protect themselves and as a result, grow their recurring revenue. MSPs can do this by implementing multiple layers of security including email, web and perimeter security to protect their customer's systems and data.
An MSP with security expertise can offer the knowledge to make the right security decisions.
The IDG study found that security budgets will increase post-pandemic, with 41% saying that their “overall security budget will increase in the next 12 months.” Managed Service Providers (MSPs) can step up to ensure that budgets are placed in the right areas to maximize security posture.
You might be interested in reading: Pillars of the Modern MSP Security Technology Stack
Educating users is the first step in protecting your organization, but some other steps should be taken to stop a bad actor. Human errors are common in these attacks. Employees run malware on their computers, divulge information accidentally, or allow themselves to be tricked into falling for scams.
The best defense especially after the pandemic with so many employees working from home is to incorporate email filters on business servers. Whether email is hosted in the cloud or on-premise, filters will block malware, phishing, and other suspicious messages from reaching the intended recipient’s inbox. This cuts down on many of the attacks that could cost an organization millions of dollars in disaster recovery, downtime, productivity loss, a loss in customer retention, and reputation damage. Together with education, email cybersecurity is a primary factor in defending against cyber-crime. It’s easy to set up, and it can be used for both onsite employees and ones who work from home.
TitanHQ protects over 7,500 businesses and works daily with over 1,500 MSP’s. We protect your customers from malware, ransomware, phishing, viruses, botnets and other cyber threats. Most importantly our products were built from the ground up with MSP’s for MSP’s. We save MSP’s support and engineering time by stopping problems at source while also providing ideal products to sell in your technology stack.
MSPs already have a lot of responsibility to ensure the security of client data, but COVID-19 has brought several more challenges. Securing client data can be done with email filters, strong dns filtering and web security as well as increased monitoring of infrastructure, continuous communication, and user training. With these strategies in place, MSPs will deliver better results for clients while recharging profitable growth in your MSP business. All TitanHQ solutions are designed to protect all customers and employees, whether they’re working from the office or from home.
To find out more about some of the key protections you can put in place to improve your organizations resilience against malware, advanced phishing and ransomware attacks, contact the TitanHQ team today.