According to new research from AT&T, businesses are understandably skittish in regards to remote workers being exposed to more cyberattacks.
AT&T's survey found that 70% of the large business felt remote working made them more vulnerable to cyberattacks. AT&T's study of 800 cybersecurity professionals across the U.K., France and Germany found that more than half (55%) now believe remote working is making their companies more vulnerable to cyberattacks.
With "work from anywhere" policies in place for millions of employees due to Covid-19, the security perimeter has moved out of office spaces, which has provided cybercriminals with new vectors of attack.
AT&T Alien Labs Open Threat Exchange (OTX) is one of the largest intelligence-sharing communities in the world, with more than 140,000 security and IT professionals from 140 countries daily contributing and sharing information. In March, as the coronavirus pandemic became more widespread and organizations around the world started implementing wide-scale remote working policies, OTX experienced a 2,000% month-over-month increase in Covid-related incidents of comprise (IOCs).
Along the same lines, Nokia Deepfield saw a significant increase in Distributed Denial of Service (DDOS) attack volumes during March. That trend continued throughout April and May. In June, the aggregate volume of DDoS traffic was 40% to 50% above the pre-pandemic levels from February.
"Cybercriminals are opportunistic, taking advantage of the fear and uncertainty surrounding issues like the current global health and economic situation as well as sudden shifts and exposures in IT environments to launch attack campaigns," said John Vladimir Slamecka, AT&T region president, EMEA, in a statement. "It can be a challenge for IT organizations to stay on top of emergent threat activity in the wild."
According to AT&T's survey, employees were the biggest risk identified by the cyber experts. At 31%, AT&T's research found there was a lack of awareness, apathy or reluctance to embrace new technologies as the biggest challenges for implementing better cybersecurity practices within businesses.
One in three (35%) of the employees utilize the same devices for both work and personal uses while 24% are sharing or storing sensitive information in unsanctioned cloud applications. With work from home employees, 18% of the employees were sharing their devices with another family member.
Somewhat surprisingly, 25% of the businesses haven't offered additional cybersecurity training for their employees while 24% haven't created secure gateways to applications hosted in cloud or data centers.
In addition, 22% hadn't increased endpoint protection for laptops and mobile while 17% hadn't installed internet browsing protection for web-base threats.
The Covid-19 pandemic has also created fertile ground for phishing and other fraud-related activities. Among the cybersecurity experts' responses in the survey, 44% cited ransomware and/or malware as their top security concern. Phishing (39%) and external threats such as nation-state attacks or hacking (39%) rounded out their top three concerns.
The coronavirus pandemic has accelerated businesses' digital transformations. Cybersecurity experts are gearing up for new innovations as a response to business conditions around Covid-19. Almost half (47%) expect more digital transformation of business processes and cloud implementation in the year to come.
Two in five (40%) believe that their business will adopt new automation and robotic tools. For the largest businesses, those with more than 5,000 employees, nearly half (48%) will be changing their technology partners in the next year.
"While many organizations had already supported some remote workers on a regular basis, the sudden increase has put stress on IT systems, processes, and teams," said Slamecka. "Others have had to scramble to quickly roll out solutions focused on keeping their entire workforce connected and productive.
"In either case, sudden and unplanned changes in the way workers connect to the corporate network and access corporate data and applications in the data center and cloud can introduce new cyber risks and vulnerabilities."