Research recently published by Finland-based security experts shows that the number of compromised organisations across Europe and the US has increased by almost 300% during the coronavirus lockdown period.
Figures released by Arctic Security reveal that the number of compromised business networks across nine European countries and the US have skyrocketed from less than 4,000 in January to over 12,000 in March, suggesting that this rapid increase is likely linked to the current business impacts of COVID-19 with many users working from home with limited network security compared to their normal working environment.
These compromised networks were observed to be sending out malicious traffic on command of the hackers, with scanners searching for vulnerable systems to enable deeper attacks being the most common tactic, followed shortly by botnet traffic and other traffic used for distributed denial of service (DDoS) attacks.
What has caused this increase in successful cyber attacks?
Corporate IT security teams face more difficulty in protecting company data when it is dispersed across remote computers with varying setups as well as company machines that are connecting remotely. Even when implementing a virtual private network (VPN), which creates a secure tunnel for digital traffic to pass to-and-from the company network, businesses will still experience less reliable protections than they are used to in their typical work environment with firewall security.
This notion is also supported by research recently published by VMware Carbon Black who revealed that ransomware attacks in particular have increased by 148% in March compared to the previous month. VMware’s cyber security strategist also noted “It’s just easier, frankly, to hack a remote user than it is someone sitting in their corporate environment.”
So, does this mean VPNs aren’t an effective method of securing remote users?
Firstly, it’s important to remember than VPNs aren’t created for the sole purpose of security and offer many other business benefits such as fast connectivity. For security specifically, the resilience of your VPN against cyber attacks truly depends on the service provider you are using and the type of attack you are trying to protect against. For example, free VPN services are often a big target for hackers themselves and may create additional security issues for their users, whereas reputable providers have much more heavily secured servers and offer more advanced encryption features for their customers.
Services offering advanced encryption can greatly assist businesses in combating external threat actors attempting to steal information in motion – whether than be an employee trying to send outbound emails containing confidential data or downloading business documents from their main server.
However, these security features do not prevent internal hacking threats, such as compromised accounts caused by weak passwords or human error. This is especially worth highlighting during these times as remote workers are being subject to a much higher number of phishing attacks that leverage the fears surrounding COVID-19, and company rules for safe communication and online practices tend to be enforced less when users are working from home.
How can you increase the security of your network?
- Make sure you’re using a reputable VPN
Barracuda’s CloudGen Firewall incorporates advanced site-to-site and client-to-site VPN capabilities, using both SSL and IPsec protocols to ensure remote users can easily and securely access network resources without complex client configuration and management. Every CloudGen Firewall unit supports an unlimited number of VPN clients at no extra cost.
The Barracuda VPN Client also provides the ability to enforce Windows Security Center settings on client machines running Windows. This allows administrators to centrally enforce the usage of Windows Security settings on PCs. The enforced policies can include enabling the Microsoft Network Firewall, Windows Updates, Windows Virus Protection, Windows Spyware Protection, and Internet Security Settings.
- Create a culture of cyber awareness
No matter how many security barriers you have in place, it’s inevitable that some threats will still slip through, and the way that your users respond to these threats can significantly effect the resulting impact that your company faces. With most users now working from home without an IT team on hand to turn to for advice it’s more important than ever to make sure that awareness is established to dictate how they are handling online communications and protecting their data from potential criminals.
Barracuda PhishLine trains users to understand and respond correctly to the latest phishing techniques, recognise subtle phishing clues, and prevent email fraud, data loss, and brand damage. It transforms employees into a powerful line of defence against damaging phishing attacks.
This versatile, scalable, cloud-hosted SaaS solution includes hundreds of email and landing-pages templates, updated based on threat trends. Levelized training and gamification make it more effective by engaging employees.
White Paper: Combating the Threat of User Error & Security Awareness