Just when security was finally being recognized as a priority within business operations, remote work hit what amounted to a giant reset button. As work from home (WFH) became necessary, productivity was prioritized over everything else. Getting employees online, making sure everyone had the necessary equipment and access, even setting up cloud options where there was only on-premises access in the past, came first. Security went back to being an afterthought for a lot of companies.
The result was a rise in malware incidents and other poor security behaviors. A new Cloud Security Report 2021 from Wandera found 52% of organizations dealt with a malware incident in 2020, up from 37% in 2019. Phishing attacks were more frequent on weekends than on weekdays. And when compared to pre-pandemic times, connections to inappropriate content during office hours have increased 100%.
WFH Reduced Security Oversight
This change is due in part to WFH and reduced security oversight, and in part to changes in employee behaviors, according to Michael Covington, vice president at Wandera.
“There were definitely some cases where we observed attackers taking advantage of the insatiable demand for information related to the pandemic; the many fake COVID-19 tracing apps that appeared in Q2 are just one example of how one global incident drove users around the world to download malicious software en masse,” Covington explained in an email interview.
When it comes to behavior changes, the move to use of a single device for the bulk of online activities blurred the lines between personal and work more than ever. With security policies relaxed at work, this resulted in a newfound personal freedom to install the apps employees want. Often, those include malware.
The impact of widespread SaaS adoption also has security implications, according to Covington. “With more applications that are available to users, without IT vetting and security review, the greater the likelihood malicious software will appear on work devices, whether mobile or not,” said Covington.
Malicious Appeals to Remote Workers
Wandera customers most frequently encountered spyware in 2020, according to the report. There were also a large number of apps claiming to offer collaboration functionality but were instead designed to steal private information, like messaging content, or to trick the user into granting access to the camera and microphone so a remote attacker could eavesdrop.
“We also saw a continued push by attackers to embed malicious advertising into mobile apps as they made an effort to both monetize their criminal activity and collect sensitive credentials from users,” said Covington. “The apps most frequently impacted by malvertising campaigns were often perfectly legitimate and functioning apps, making the experience challenging for users to navigate, and complicating the process of accurately assessing and labeling threats.”
The Need to Address User Behavior and Reduce Risk
Covington said there are two essential steps IT and security teams should take to better address user behavior and decrease risk for malware infections.
First is security awareness training. Employees are often told that they’ve done something wrong if they fall victim to a social engineering attack, but that ignores how good the attackers have gotten. Since the No. 1 threat to remote workers is phishing, more must be done to raise awareness on the shifting sophistication of social attacks. Covington warned that threat actors are increasingly targeting login credentials in these types of attacks. Continuously engaging with workers on the sign-in mechanisms they should use, the incident reporting they should follow and the applications that are approved for work will help everyone do their part to protect the business and its assets.
Second is a greater emphasis on end user experience by enabling rather than blocking. Remote access security solutions should be fast and seamless. The more complicated they are, the more users will try to bypass them. Making security functions easier, on the other hand, will encourage use and increase business productivity – which is the end goal for business leaders.
“From a threat perspective, our 2020 report shines a light on the corporate applications that are put at risk when devices -including those which many IT teams simply could not scale to manage – continued to access sensitive business resources after being compromised,” said Covington. “The more automation that can happen between the endpoint, where risk is most frequently encountered, and business applications, where the company has the most to lose if compromised, the more likely a breach can be stopped before significant loss is incurred.”