Insights from Verizon’s COVID-19 Breach Landscape Report: Working From Home (WFH) leads to greater vulnerability

webinarVerizon recently released an update to its 2020 Verizon Data Breach Investigations Report examining the impact of the COVID-19 pandemic on cybersecurity and how our changing work patterns to deal with the crisis are open for potential exploitation by hackers. The report found increased security vulnerabilities and the emergence of new cyberattack tactics associated with the new reliance on remote workers as many industries move to having their employees working almost exclusively online. Whilst many companies already had a ‘remote working’ strategy and security plans in place, others have been left scrambling in their attempt to transition to home workers whilst remaining secure.

Verizon’s report highlights four specific cyber challenges that have emerged this year as a result of the pandemic: the continued increase in human error, the focus on stolen credential-related hacking, the spike in the use of ransomware, and phishing emails’ manipulative play on emotions. Below, we dive deeper into each of these themes in their report.


1.) Increased human errors due to distractions when WFH. While a workplace isn’t free from distractions, escaping them while working from home can be particularly difficult for parents with young kids, pet-owners and young adults with well-meaning, but sometimes intrusive, parents — not to mention the increased workload on a fewer number of employees. Additionally, IT teams have been rushing to enable remote working systems and frequently implementing unfamiliar new software. All of these factors have led to a rise in human errors, many of which have amounted to security breaches. According to Verizon, one-quarter of all breaches have been attributed to human error.

2.) Over 80 percent of breaches were caused by stolen or brute-forced credentials. Verizon’s 2020 Data Breach Investigations Report found that breaches caused by stolen or brute-forced credentials were already spiking, contributing to over 80 percent of breaches in the hacking category. With the rapid switch to remote working, IT departments were suddenly responsible for securing networks and company assets for a more spread out workforce, all while they handled an increase in daily requests from a now remote workforce.

3.) Increased use of ransomware by cybercriminals.Given recent high-profile ransomware attacks on companies like Garmin and Canon, it may be unsurprising that Verizon’s report found an uptick in ransomware incidents during COVID-19. While Verizon has not included ransomware attacks in the original investigations report dataset, since they do not typically result in compromised data, Verizon identified several ransomware incidents in their current dataset that did result in data being stolen and even posted publicly for other bad actors to see. This suggests that ransomware attacks may not just be increasing, but also advancing.

4.) Manipulation of people’s emotions in phishing emails. Phishing is perhaps the most old-fashioned tactic to target vulnerable groups, and one of the most damaging, since it can have serious and long-term consequences. With the onslaught of COVID-19, cybercriminals have been able to target a larger audience using information about the virus, testing and vaccines to drive people to click on their malicious links.

With COVID-19 cases rising again on both a national and global scale, remote work may be around for longer than organisations had originally anticipated; and with companies like Twitter and Google announcing permanent WFH workforces, more consumers and businesses will be vulnerable to cyberattacks. As Verizon point out in their report, ‘no matter what events are taking place in society, it just becomes grist to the mill for criminals who launch phishing attacks.’

The post Insights from Verizon’s COVID-19 Breach Landscape Report: Working From Home (WFH) leads to greater vulnerability appeared first on PCI Pal.

*** This is a Security Bloggers Network syndicated blog from Knowledge Centre – PCI Pal authored by PCI Pal. Read the original post at: