Monday, 22 February 2021 23:30

Reflecting on the year of the remote worker

By John Donovan, managing director of A/NZ at Sophos
John Donovan, managing director of A/NZ at Sophos John Donovan, managing director of A/NZ at Sophos

2020 was both challenging and disruptive for everyone. In Australia, just when we’d become optimistic about the economic and societal recovery after the devastating summer bushfires, the COVID-19 pandemic struck. For most organisations and their employees, two words summarise the year that unfolded as a result—remote working.

Like the indiscriminate coronavirus, the cyber risks that came with the unexpected shift in day-to-day activities did not discriminate. Sudden changes in routines and unfamiliar – and less formal – working environments, combined with the fear and uncertainty around the evolving virus situation, provided ideal conditions for cybercriminals to take advantage of the situation.

As businesses, employers, and employees, we learnt a lot from what 2020 threw at us to help shape our cybersecurity processes and procedures in 2021.

People are still trying to get it right

The rapid adoption of new technology meant many people had to re-learn the basics of how to stay protected. According to the latest OAIC Notifiable Data Breaches Report, human error accounted for 38 per cent of total data breach notifications from July to December, rising an alarming 18 per cent from the six months prior. This suggests Australian employees fail to recognise and mitigate emerging cyberthreats appearing under remote working conditions—and organisations are failing to act on these shortcomings.

While the introduction of security protocols such as multi-factor authentication and/or virtual private networks can help users stay protected, cybersecurity best-practices must be exercised to extract the greatest value out of these tools. Shockingly, almost half (45%) of human error breaches involved sending personal information to the wrong recipient via email. Other instances such as failing to use the ‘blind carbon copy’ (BCC) could have easily been avoided too.

There is a clear message here that cybersecurity awareness and training must be regularly conducted – whether employees are in the office or working remotely – to improve an organisation’s overall cyber-hygiene.

More attention paid to ransomware

The cyber threat spotlight shone brightly on ransomware in 2020. According to the Sophos 2021 Threat Report, https://www.sophos.com/en-us/labs/security-threat-report.aspx the average ransom payout in Q3 2020 was US$233,817.30 – the result of significant increases each quarter since Q4 2019. The Windows Remote Desktop Protocol (RDP) continued to be the most attractive attack vector, especially given its popularity as a remote access platform during the pandemic.

Not too dissimilar to regular businesses, ransomware attackers vary in their processes and methods have different target markets. Throughout 2020, ransomware families, like Ryuk and Dharma, have differentiated themselves, specialising in particular prey and attack methods.

Everyday threats such as commodity malware have also forced IT teams to remain on high alert. Meant to prod and test entry points, these threats can be easily mistaken as low-level priorities when, in fact, their purpose is to gather essential data to inform the next steps of a larger plan. This is exactly how Ryuk used Buer Loader to deliver its ransomware.

These threats, combined with the cybersecurity challenges of working from home due to widely varying levels of protection, make a deadly cocktail. In many cases, IT teams’ reactions to threats start with detection but end with inaction. IT teams need to treat every alert seriously and respond with a strategy to eliminate the threat entirely.

Adjusting to a COVID reality

2020 also exposed several security vulnerabilities of mainstream apps that exacerbated a culture of distrust and scepticism towards the technology industry.

ZoomBombing, for example, in the early days of the pandemic highlighted the intricacies of user privacy and security settings. The same can be said for the alleged smear campaign of the Houseparty app, which surged in popularity as a way of staying connected with friends and family. These instances indicated it was no longer acceptable to just go with one’s default settings without closely reviewing and understanding the actual implications.

This marked a new reality and a good lesson for everyone to be more vigilant. Our communication channels were bombarded with scams, spam and phishing attempts related to COVID in some capacity. This hasn’t slowed down.

As we progress through 2021, let’s remember what we have learnt in 2020 – sometimes the hard way – and prioritise cybersecurity as a top priority whether returning to the office or continuing to work remotely.

By John Donovan, managing director of A/NZ at Sophos.

Late last year, iTWire conducted a video interview with Aaron Bugal, the Global Cyber Security Solutions Enabler at Sophos, on the company's 2021 Threat report, which you can see here.

 

 


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments