IT Departments May Be Helping Bad Actors with New Apps for Untrained Staff, New Research Shows

Rapid changes to how businesses operate offer excellent opportunities for malicious actors to access corporate networks. Infosec professionals report that phishing and whaling attacks taking advantage of unwary employees have risen during the pandemic. At the same time, IT departments are deploying new technologies to support remote work without consulting those on the receiving end, potentially fueling bad actors’ malicious campaigns against businesses.

AWS Builder Community Hub

86% of infosec professionals admit that incidents leveraging the most common attack vectors – phishing, whaling and business email compromise (BEC) – were rising during the pandemic. Bitdefender surveyed 6,724 Security and IT workers in May 2020 across the UK, US, Australia/New Zealand, Germany, France, Italy, Spain, Denmark and Sweden, and found that COVID-19 is drastically changing the way their businesses operate – especially in the long-term.

Respondents say that phishing or whaling attacks (26%),ransomware (22%), social media threats/chatbots (21%), cyberwarfare (20%), trojans (20%) and supply chain attacks (19%), have increased during the pandemic. As more employees work from home than ever — and possibly many more joining them in the future — infosec professionals are concerned about security. And rightly so, as many IT chiefs say employees are more lax toward security at home, while some say employees are not sticking to protocol, especially in identifying and flagging suspicious activity.

Despite their responsibility for securing the organization against cyber intrusion, IT departments seem to be playing a big role in widening the attack surface. According to a recent study by Lenovo, companies are placing business goals above employee needs when they adopt new technology.

The research found that just 6% of IT managers consider users their top priority when making technology investments. According to researchers, this approach is stifling productivity. Many employees become overwhelmed due to the complexity and pace of change, with 47% of IT managers reporting that users struggle to embrace new software. 48% of respondents reported that new technology deployments inhibited their teams’ ability to operate. And when employees get overwhelmed, they often resort to unorthodox ways of getting their job done, like sidestepping security protocols.

In 2019, Egress released a similar study showing that employees faced with explosive growth in unstructured data (emails, documents, files, etc.), combined with the growing number of ways in which workers can communicate internally and externally, put corporate security at risk.

COVID-19 is becoming an opportunity for infosec professionals to learn how to tackle changes in workforce patterns. Mounting sophisticated cyber threats, coupled with an ever-expanding skills gap, are set to increase demand for Managed Detection and Response (MDR) solutions from the business sector, according to a new forecast by Frost & Sullivan. According to the business consulting giant, the market for MDR solutions is poised to grow at a compound annual growth rate (CAGR) of 16.4% between 2019 and 2024.

*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Filip Truta. Read the original post at: