It’s no secret that since the start of COVID-19, remote working is at an all-time high. Departments no longer need to operate under one roof as employees can work from any location. Whether it’s fully remote or hybrid, companies are taking steps to create accessible work environments for their employees. But as a result, fears over cybersecurity attacks have increased with a particular focus on endpoints and their security. Many believe that remote working is the culprit and has led to a direct increase in attacks on these endpoints. This is a misconception.
Exploring this claim
Endpoints refer to any physical device accessing a corporate network such as personal laptops, mobile devices or tablets. It is reported that 38% of ‘working adults’ in the UK work from home in some capacity. In 2022, Help Net Security reported that 36% of organisations are concerned about ‘attacks through remote connections’. The claim is that as a result of remote working, corporate networks are experiencing higher numbers of attacks via remote endpoints. In particular, The Guardian points to remote work as causing a direct increase in ransomware attacks. They suggest that the increased number of devices connecting to corporate networks have allowed criminals better access to them.
Debunking this claim
The reality is that there is no evidence that remote working has led to a direct increase in risks to endpoints. As stated by our CEO Etienne Greeff, endpoint security has actually increased since the transition into remote working. Organisations are now prioritising endpoint security more than ever by implementing endpoint protection that takes into account modern-day remote working environments.
The real threat organisations are facing from remote working is an increase in BEC (business email compromise), more commonly known as spear phishing. The Cyber Security Breaches Survey found that in the last year, 83% of threats to cybersecurity were phishing attempts, whereas only 21% were affected by attacks like ransomware. When targeting businesses, spear phishing is used to target individuals using language and information specific to that person in order to gain their trust. These emails often redirect individuals to compromised links or request sensitive information.
Examples of spear phishing include:
- Invoice payments – A very convincing email from a supplier enters your mailbox saying that their bank account details have changed and asking you to update your system. Or, perhaps offering you a 5% discount if you pay your invoice within a very short timeframe. We documented a recent incident using this method through exploiting a users old Facebook password, in one of our latest blogs – which you can read here.
- Software updates – you receive a genuine looking email from Office 365 saying that your software requires updating.
- Emails masquerading as colleagues or other members from your organisation – You get an email that appears to be from your CEO, saying they can’t call right now as they are on a plane etc, but can you pay a supplier urgently, using these updated bank details.
What can you do as an organisation?
Before the pandemic, communication was largely face to face and you could easily verify an email by just asking the person sitting at the desk next to you. Without this accessibility and an overall increase in virtual communication, employees are more likely to fall victim to these attacks. A key step for businesses in the fight against phishing attacks is increased password security measures, including appropriate password policies and two-factor authentication. Organisations must also educate employees to stay vigilant and report these attempted attacks.
There is a responsibility to businesses to ensure their employees know how to identify and ultimately, avoid malicious emails. However, businesses cannot expect their users to be experts in attacker behaviour and shouldn’t rely on them as their final line of defence. Educating users isn't enough, there needs to be defence solutions in place for when they do, inevitably, click. Implementing email threat solutions that follow a layered approach, addressing the detection, protection, response and recovery of malicious emails is best practice.
We recently ran a co-hosted webinar with our trusted partners Barracuda where we explored this topic of a layered approach, which you can watch on demand HERE.
To read more about information on phishing attacks: What is a phishing attack & how to avoid it.