By Rick McElroy, Cybersecurity Strategist, VMware Carbon Black
The global health crisis has accelerated the digital transformation initiatives of many organisations. Unfortunately, the urgency associated with rolling out these plans has meant an increase in the risk of cyberattacks. With a mass shift to establish remote workforces, organisations have inadvertently relaxed security or misconfigured devices. The distributed workforce has introduced changes for security professionals as well, who are now on the frontlines of enabling and securing newly distributed workforces.
These gaps in traditional cyber defences, combined with changing working patterns and employee behaviour, have created a larger surface area for cyberattacks which make it more difficult to spot such attacks. And amid the disruption, COVID-19 has exposed the UK to an unprecedented level of cyberattacks.
As part of the VMware Carbon Black Global Threat Report Series, we discovered that COVID-19 has opened the door for a surge in cyber incidents. Almost every UK business (99 percent) surveyed suffered at least one security breach in the last 12 months. Ninety-eight percent of the CIOs, CTOs and CISOs also confirmed that attack volumes increased in the last 12 months. More than nine out of 10 noted the increase in attacks were related to employees working from home during COVID-19 stay at home orders.
Fending sophisticated cyberattacks
It’s not just the frequency of attacks that is concerning – it’s the growing sophistication of attacks. For example, cybercriminals are exploiting the crisis to launch a wave of ‘fearware’ attacks. These often take the form of phishing attacks or email fraud that seek to exploit users’ concerns surrounding COVID-19. In fact, 93 percent of UK respondents reported being targeted by COVID-19-related malware.
It is also worth pointing out other major threats: For example, OS vulnerabilities are the leading cause of breaches in 2020 our research found. However, it also highlighted that island-hopping and third-party application attacks still cause a disproportionate percentage of breaches.
As both a cause and a consequence, the dark web is thriving during COVID-19, with the commoditisation of malware making more sophisticated attack techniques available to a growing number of cybercriminals. Common commodity malware like ransomware is starting to exhibit sophisticated behaviours, executing more destructive attacks, performing credential harvesting and making lateral movements once it breaches a system.
We are also seeing more secondary extortion plots, with attackers causing more damage once they gain access to an organisation or individual’s data. As seen with the increase in island-hopping and third-party application attacks, adversaries have moved from burglary, to home invasion, to digital squatting.
So, what can organisations do to protect their infrastructure, data and employees in this heightened threat landscape? Most are responding by directing their budgets towards security solutions with more than 99 percent of respondents planning to increase cyber defence spending in the coming year. The good news is that organisations are now starting to recognise the value of threat hunting to help identify malicious actors.
As organisations increase spending, they must also consider their security strategies. Today, many UK organisations are using a variety of different security technologies resulting in siloed, hard-to-manage environments that play into attackers’ hands. Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. As the cyber threat landscape reaches saturation, it is time for rationalisation, strategic thinking, and clarity over security deployment.
The report also found that an inability to institute multifactor authentication is one of the biggest threats that businesses face with security right now. Multifactor authentication is an integral part of a security posture to stop traditional credential harvesting methods and should be extended as far as possible.
The unexpected disruption of COVID-19 has seen the rise of global threats. In unprecedented times, organisations must focus on proactive threat hunting to detect attacks before they have a chance to cause catastrophic damage, not just here in the UK but on a global scale.