More than 75% of knowledge workers are nowadays either full or part-time operating from home, while 70% of them also use private devices with unknown security status for work. What correlation is there with the massive growth of successful ransomeware attacks – and what can you do to stop it?
Digitalization, combined with the Covid-19 pandemic, has changed how and where we work. With the vast increase of people working from home, IT had to loosen remote access restrictions (devices, users, data and systems they access) more than ever before.
About 30% of the users share their device frequently with members in the same household or access online games, streaming and ‘other’ potentially malicious web sites. A shocking 26% even admit to storing copies of valuable corporate data on the device in case something ‘goes wrong’ with their job. Considering the variety and count of users working remotely, we can safely assume that almost all of your valuable corporate data is somewhere out there.
In a nutshell, there are millions of additional, weakly secured devices on home networks, loaded with valuable corporate data and often connected to the company using VPN. The lack of discipline of users makes these devices highly vulnerable – HACKERS DINNER IS SERVED.
Stealing valuable information to resell has become serious business. Attacking millions of devices using ransomware rather than finding that one vulnerability by hacking is far more efficient. Someone will always make that 'wrong click.' Once an attack has succeeded, hackers may get access to data stored locally, your identity and even the VPN connection to your company.
It is not surprising that hackers are taking advantage of our new way of work. Malware injected in Game sites and Streaming sites is up by 283%, and 67% of German companies had at least one completed ransomeware attack in 2021, causing an average damage of 2m EUR each. Cybercrime is expected to be more profitable than the drug industry worldwide by 2025.
Reactive security measures such as Antivirus products on each device and email scanning are a traditional and efficient method of protection, but to keep up with the fast changing patterns of malware, we also need to reduce Attack Surface as well as Attack Efficiency to really regain control.
Attack Efficiency
Hackers want to get data. Avoiding the ability to store local data and avoiding VPN use means that any hack will not give them what they want and make the business less attractive. As a side effect, reduction of VPN usage is also a direct cost reduction.
Attack Surface
As explained above direct hacking of a machine via vulnerabilities is inefficient. The most effective way is delivering a malicious active payload, embedded in a Website that is accessed by the hackers ‘audience.’ The best existing solution approach for preventing this is using Browser Isolation. Browser Isolation sandboxes each browser session and with that isolates potentially malicious code from your device and data.