The global health crisis has accelerated the digital transformation initiatives of many organisations. Unfortunately, the urgency associated with rolling out these plans has meant an increase in cyberattacks’ risk. With a mass shift to establish remote workforces, organisations have inadvertently relaxed security or misconfigured devices. The distributed workforce has introduced changes for security professionals. They are now on the frontlines of enabling and securing newly distributed workforces.
These gaps in traditional cyber defences, combined with changing working patterns and employee behaviour, have created a larger surface area for cyberattacks. It makes it more difficult to spot attacks. And amid the disruption, COVID-19 has exposed the UK to an unprecedented level of cyberattacks.
As part of the VMware Carbon Black Global Threat Report Series, we discovered that COVID-19 has opened the door for a surge in cyber incidents. Almost every UK business (99 percent) surveyed suffered at least one security breach in the last 12 months. Ninety-eight percent of the CIOs, CTOs and CISOs also confirmed that attack volumes increased in the last 12 months. More than nine out of 10 noted an increase in attacks related to employees working from home during COVID-19.
Fending sophisticated cyberattacks
It’s not just the frequency of cyberattacks that is concerning – it’s the growing sophistication of attacks. For example, cybercriminals are exploiting the crisis to launch a wave of ‘fearware’ attacks. These often take the form of phishing attacks or email fraud that seek to exploit users’ concerns surrounding COVID-19. Over 93 percent of UK respondents report being targeted by COVID-19-related malware.
It is also worth pointing out other major threats. For example, OS vulnerabilities are the leading cause of breaches in 2020 our research found. However, it also highlighted that island-hopping and third-party application attacks still cause a disproportionate percentage of breaches.
As both a cause and a consequence, the dark web is thriving during COVID-19. The commoditisation of malware makes more sophisticated attack techniques available to a growing number of cybercriminals. Common commodity malware like ransomware is starting to exhibit sophisticated behaviours. It executes more destructive attacks, performs credential harvesting, and makes lateral movements once it breaches a system.
We also see more secondary extortion plots. Attackers are causing more damage once they gain access to an organisation or individual’s data. As seen with the increase in island-hopping and third-party application attacks, adversaries have moved from burglary to home invasion, to digital squatting.
So, what can organisations do to protect their infrastructure, data and employees in this heightened threat landscape? Most are responding by directing their budgets towards security solutions. More than 99 percent of respondents plan to increase cyber defence spending in the coming year. The good news is that organisations are now starting to recognise the value of threat hunting to identify malicious actors.
As organisations increase spending, they must also consider their security strategies. Today, many UK organisations are using a variety of different security technologies. It results in siloed, hard-to-manage environments that play into attackers’ hands. Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. As the cyber threat landscape reaches saturation, it is time for rationalisation, strategic thinking, and clarity over security deployment.
The report also found that an inability to institute multifactor authentication is one of the biggest threats businesses face with security. Multifactor authentication is an integral part of a security posture to stop traditional credential harvesting methods and should be extended as far as possible.
The unexpected disruption of COVID-19 has seen the rise of global threats. In unprecedented times, organisations must focus on proactive threat hunting to detect attacks before they have a chance to cause catastrophic damage, not just here in the UK but on a global scale.
VMware Carbon Black is a leader in cloud-native endpoint protection dedicated to keeping the world safe from cyberattacks. The VMware Carbon Black Cloud consolidates endpoint protection and IT operations into an endpoint protection platform (EPP) that prevents advanced threats, provides actionable insight and enables businesses of all sizes to simplify operations. By analysing billions of security events per day across the globe, VMware Carbon Black has key insights into attackers’ behaviours, enabling customers to detect, respond to and stop emerging attacks.
More than 6,000 global customers, including approximately one-third of the Fortune 100, trust VMware Carbon Black to protect their organizations from cyberattacks. The company’s partner ecosystem features more than 500 MSSPs, VARs, distributors and technology integrations, as well as many of the world’s leading IR firms, who use VMware Carbon Black’s technology in more than 500 breach investigations per year.