Reuters just reported that hacking activity against corporations in the United States and other countries more than doubled by some measures last month as digital thieves took advantage of security weakened by pandemic work-from-home policies, researchers said.
Corporate security teams have a harder time protecting data when it is dispersed on home computers with widely varying setups and on company machines connecting remotely, experts said.
Even those remote workers using virtual private networks (VPNs), which establish secure tunnels for digital traffic, are adding to the problem, officials and researchers said.
Software and security company VMWare Carbon Black said this week that ransomware attacks it monitored jumped 148% in March from the previous month, as governments worldwide curbed movement to slow the novel coronavirus, which has killed more than 130,000.
“There is a digitally historic event occurring in the background of this pandemic, and that is there is a cybercrime pandemic that is occurring,” said VMWare cybersecurity strategist Tom Kellerman.
“It’s just easier, frankly, to hack a remote user than it is someone sitting inside their corporate environment. VPNs are not bullet-proof, they’re not the be-all, end-all.”
Using data from U.S.-based Team Cymru, which has sensors with access to millions of networks, researchers at Finland’s Arctic Security found that the number of networks experiencing malicious activity was more than double in March in the United States and many European countries compared with January, soon after the virus was first reported in China.
The biggest jump in volume came as computers responded to scans when they should not have. Such scans often look for vulnerable software that would enable deeper attacks.
Step those users through new-school security awareness training! here is a free resource kit.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your quote for KnowBe4's security awareness training and simulated phishing platform and find out how affordable this is!
