Whether offered as a health & safety benefit to employees, or being forced upon you based on your location within Australia, there are very few businesses now who don’t provide some form of Work From Home capabilities in order to continue trading under the current circumstances.
Whilst this can be a blessing for those employees who no longer have to fight the daily commute, pay for public transport/parking, or worry about their choice of pants (if any at all…) – the exponential increase in the number of Ransomware attacks (a 72% increase according to Skybox Security’s 2020 Vulnerability & Threat Trends Report) has demonstrated that WFH has also brought with it some unwelcome side-effects.
Unlike the business network where all devices are in one place and can easily be managed, updated, and compliant with the latest security software, corporate devices taken home to work on cannot easily contact these corporate servers without some form of remote network access. This brings with it its own set of challenges/threats.
Worse still, employees who opt to use their home systems, rather than take home the more secure corporate devices, are providing an attack vector not previously available to those trying to profit nefariously from the current upheaval. After all, why would you try to take down a Server on the corporate network behind numerous firewalls and protection systems, when you can gain access to that Server via a User connecting to it from an out of date (anyone still running Windows 7…), or otherwise unprotected home system?
Whilst a number of businesses during this time have increased their number of Endpoint Protection Licenses and urged their Users to install this software and keep it up to date at home – with no visibility or control over those systems it is impossible to ensure that these best practices are followed. Even those who didn’t shell out for the extra Licenses and instead urged their Users to source one of the reputable Anti-Virus/Malware packages out there themselves from AVG, Norton, Sophos, or Webroot – some of which are even free – are still reliant on that protection being in place.
This is absolutely vital in the current age of Ransomware attacks. Cyber criminals can exploit these less secure remote systems and gain access through to the corporate network to wreak their havoc, as they can much more easily take down smaller targets than larger enterprise systems. This higher success rate means smaller ransoms are just as lucrative due to the minimal effort required. This is particularly true when you consider the number of groups offering their code as a form of ‘Ransomware-as-a-Service’ – meaning very little technical ability is required to actually deploy it.
In the past, having adequate backup systems & restoration plans to be able to recover from a Ransomware attack was enough for IT professionals to be able to sleep soundly at night. Knowing the worst that could be lost would be up to a day or so of productivity if they had to restore was a good option when compared to the hundreds of thousands or millions of dollars for some ransoms. Disturbingly though, in recent Netwalker Ransomware attacks, such as those which affected Equinix this month and Toll Group this time last year, not complying with the payment demand results in publication of the ransomed data on a public blog – escalating this security breach into a ‘Notifiable Data Breach’ under Australian Privacy Law. This alone could end up costing you more than any ransom by losing your reputation and patronage from all of your compromised Clients/Customers – who might no longer have faith in your ability to protect their important information.
If you are at all concerned about how Remote Access could be providing an easy gateway for Ransomware into your network, contact the Altitude Innovations team without delay to discuss your security options.