Three Things You Can Do Today
Covid accelerated digital adoption and accelerated the rise of the remote worker. About 42% of the workforce is now working from home – up from 9% prior to Covid – that is almost a 500% increase. About 60% of remote workers report being as productive if not more productive. Businesses are showing reduced costs – more than just physical space – and greater worker safety.
This has not gone unnoticed by Hackers. Phishing attacks are up 600%. Why? Because they work. The average Phishing attack costs a medium sized business $1.6M.¹ It is not unusual for a small business to go out of business after a Phishing attack.
The same is true for Ransomware. Ransomware attacks have more than doubled from 8% to 18%. The average Ransomware attack costs a small business $713k on average. The average Ransomware infiltrates about 20 machines after entering a single machine.²
Hackers know workers are more vulnerable outside of the protective bubble – many of the protective measures are not in place at home. The Hackers also know the last line of defense is the human. Many organizations have relied on physical and technical controls without a deep focus on developing a strong cyber culture. The work from home environment exposes that weakness.
Do not think this is limited to just small businesses or large corporations with a virtual team. High networth and Family Offices are reporting an increase in attacks. Why?
“Because that’s where the money is.”
Willie Sutton, Bank Robber.
Let us look at some additional metrics that highlight the exposure.³
• 38% of penetrations involve a cooperating insider. Will this increase with workers who feel less connected to the mother ship?
• 31% of incidents post Covid are from accidental sharing (e.g., shared computers). Pre-COVID it was less than 1%.
• Ransomware more than doubled from 8% to 18% of incidents.
• We have seen a 41% increase in Sensitive data on end points (i.e., at home).
• 90% of end devices running two or more versions behind (not patched or updated).
• 60% of data breaches would have been prevented with proper patching.
• 92% of threat actors have increased cyber attacks on individuals.
• 87% rapid shift to work from home increased risk of data privacy and protection issues.
• 58% of threat actors have taken advantage of the pandemic to cause business disruption.
To date, much of what has been published, focuses on near term issues like bandwidth, licenses, and VPNs.
Here are three things you can do today that will significantly reduce your risk and may save your business;
1. Initiate a Training & Awareness program for remote workers. The latest statistics show about 95% of penetrations require a human to do something they should not have.
2. Initiate a Phishing Program where you deliberately send randomly selected workers fake Phishing emails to see if they bite. Ensure there is a carrot & stick. Reward those who pass and retrain those who do not.
3. Ensure Anti-Virus software is installed (and in use) on all remote machines.
Here is a fourth for good measure. Teach your users to NOT use the same Username and Password on multiple accounts. Not home. Not work. The reality is when a matched pair is compromised it will be tried everywhere.
Longer term it would be good to have a Cybersecurity health check including a vulnerability assessment.
In September 2020, Talon Cyber Tec LLC. will be sharing these insights and helping critical infrastructure providers get on cyber war footing during the American Society for Industrial Security (ASIS) and InfraGard National Membership Alliance annual conferences in Atlanta. These organizations combined have over 100,000 members, and represent every critical infrastructure domain, and many sectors responsible for the defense of US cyber assets.
Feel free to reach out for a free consultation. We promise you at least two practical recommendations to make you, your family and your business safer.
³ ISACA, Boardish, Absolute Software.
Special Cybersecurity Consultant
Talon Cyber Tec, LLC