COVID-19 has changed the way we work in 2020 and for the foreseeable future. Working from home is now the new normal and many organisations took advantage of free trials and special offers to secure their workforce as a quick fix at the beginning of the global pandemic. Although, on reflection now, were those deals as good as they promised to be? Varying levels of software came under scrutiny as they became weak links to opening up gateways to companies' IT infrastructure for hackers to infiltrate.
The risk
With more remote users working from home needing to be accommodated through SaaS applications and VPNs for corporate networks, the demand for systems to be safe is becoming more paramount, and with every system, it starts with identifying yourself before proceeding on any secure platform. Employees have set themselves up at home but have become guilty of using the same passwords for both personal and work accounts for ease and convenience, and this is one of the first points of attack for cyber criminals.
“We have seen the birth of BYOO – bring your own office, which is adding unprecedented complex cyber security challenges security teams and professionals now need to address,” says Theo Bensch, NTSIKA ICT Holdings Chief Executive, local distributor for Authlogics. He adds: “The boundaries between work and personal IT have disappeared. Home and personal information and communication technologies have extended the corporate network to well beyond the corporate firewall.”
Cyber security bodies across the world, including NCSC and Interpol, have reached out to both end-users and CISOs advising of the importance of ensuring strong PINs or passwords and setting up multi-Factor authentication.
Interpol has advised that among the most common cyber attacks on remote workers are phishing (read the Authlogics blog about the dangers of corporate phishing), malware and ransomware, while TechRadar reported the recent discovery of Agent Tesla malware that now has new variants and modules with the ability to steal passwords and credentials from a range of popular apps, including Google Chrome, Chromium, Safari, Mozilla Firefox, Microsoft Edge, Opera, Microsoft Outlook, Mozilla Thunderbird, OpenVPN and more, as well as VPN software, FTP and e-mail clients.
The statistics speak for themselves
According to IBM, the average global cost per data breach stands at $3.86 million for organisations, and with the current circumstances, the healthcare industry being the main target. This has risen significantly since more organisations become vulnerable to staff being away from the office environment.
Steven Hope, Authlogics CEO, explains:“Authlogics recently conducted a survey that shockingly revealed that staff are continuing to share passwords and are heavily reliant on help desks unlocking accounts and resetting passwords."
- A staggering 60% call the help desk every two to six weeks to reset a password or unlock an account.
- Thirteen percent are sharing their passwords with colleagues.
- Only 43% have any form of password security in place.
- The majority are interested in biometric authentication as nearly half (47%) do not use MFA to protect their login process.
- Fifty-seven percent were aware that their organisation had experienced a breach.
The impact
Some critical questions you need to ask are:
- Do you know how vulnerable your organisation's IT infrastructure is from identity and password-based attacks?
- Are your staff putting your company at risk?
- Do you have breached corporate credentials listed on the dark Web?
You can start by finding out what breached corporate data is publicly available here: http://passwordbreach.com/.
Furthermore, Authlogics and our local partners in South Africa provide an Active Directory Password Audit which produces a detailed report highlighting the risks and issues with your actual AD user accounts. This report can be run remotely in minutes to identify people using breached passwords, using AD passwords on other public Web sites, find accounts sharing the same password, and has a breakdown per-user.
Find out more, contact the Authlogics team: https://authlogics.com or https://ntsikagroup.com
Share