Have you ever considered how the rush to set up remote workers has impacted network security? Are we now more secure or less secure? What did we gain, or possibly miss in terms of vulnerability? Consider the following….Microsoft reported 32 million subscribers using Teams on March 11th, a 40% increase. Most business only dream of that kind of increase in such a short time. By March 19th the number had increased by another 12 million to 40 million subscribers. 12 million more users in 8 days time! That 40 percent increase in demand came from many businesses being forced to adjust to remote work. Also school closures required the adoption of e-learning techniques. With millions of users suddenly having to work remote and IT being slammed with business demand to get people working, the reality is it definitely created some potential security issues.
Here are 5 statistics worth considering to shore up your network security:
-
The number of unsecured remote desktops have increased by 40%
(https://www.channelfutures.com/mssp-insider/10-seriously-destructive-covid-19-data-breaches)
With so many new remote workers, there’s been a huge surge in the number of remote desktop connections from home to work (or the cloud). According to Channel Futures citing a Webroot study, there’s been over a 40% surge in machines running RDP (remote desktop protocol) The issue with unsecured machines is that criminals can use brute force attacks to gain access to a desktop machine.
-
Email scams related to Covid-19 surged 667% in March alone
(Kaspersky report)
According to Barracuda Networks, the number of phishing scams related to COVID-19 has exploded. These scams work the same as normal phishing scams, trying to separate users from credentials. The only difference is that the emails are using the pandemic to try to push a new set of psychological hot buttons. Because of so much rushed digital transformation, people are now accepting emails that might not look as formal or professional as before pandemic. And they click on those messages or log into those real-looking sites.
-
Users are now 3 times more likely to click on pandemic related phishing scams
Google says the pandemic has led to an explosion of phishing attacks in which criminals try to trick users into revealing personal data. The company said it is blocking more than 100 million phishing emails a day. Recently almost a fifth were scam emails related to coronavirus.
-
2000% increase in Malicious files with “Zoom” in the name.
(Webroots report)
Type the word “zoom” into Google and you’ll get 1.9 billion results. To be fair, zoom is a real word, but that said, the Google Trends chart below shows how there was barely any interest in “zoom” until around March when “zoom” interest zoomed into the stratosphere.
5. More than 530,000 Zoom accounts sold on dark web
Over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free. These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches. The successful logins are then compiled into lists that are sold to other hackers.
The “workplace” is a very different environment than it was just a few months ago. In the rush to adapt to our current “new normal” many companies have neglected or ignored both their risk and change management processes. While this may be understandable given how quickly businesses had to adjust to continue operating in a new environment, the vulnerabilities need to be addressed. Technologies such as VPN that had fallen out of favor or remote desktops, that were a niche solution are now essential for maintaining a productive remote workforce. It’s time to develop a multi-pronged strategy for remote access based on the unique needs of your workers.
