Malwarebytes report reveals massive gaps in cybersecurity as employees work from home

Malwarebytes, a provider of advanced endpoint protection and remediation solutions, has announced the findings from its latest report, Enduring from Home: COVID-19’s Impact on Business Security. The report combines Malwarebytes telemetry with survey results from 200 IT and cybersecurity decision makers from small businesses to large enterprises to unearth new security concerns in remote work environments.

The data showed that since organizations moved to a work from home (WFH) model, the potential for cyberattacks and breaches has increased. Since the start of the pandemic, 20 percent of respondents said they faced a security breach as a result of a remote worker. This in turn led to higher costs, with 24 percent of respondents saying they paid unexpected expenses to address a cybersecurity breach or malware attack following shelter-in-place orders.

In addition, 28 percent of respondents admitted they’re using personal devices for work-related activities more than their work-issued devices, which could create new opportunities for cyberattacks. This figure becomes more problematic next to another survey result, which indicated that 61 percent of respondents’ organizations did not urge employees to use antivirus solutions on their personal devices.

“Our fundamental shift to working remotely has dramatically underscored the need for comprehensive security, as well as IT guidance and training to avoid breaches. Many organizations failed to understand the gaps in their cybersecurity plans when transitioning to a remote workforce, experiencing a breach as a result,” said Marcin Kleczynski, CEO and co-founder of Malwarebytes. “The use of more, often unauthorized, devices has exposed the critical need for not just a complete, layered security stack, but new policies to address work from home environments. Businesses have never been more at risk and hackers are taking notice.”

Malwarebytes observed that cybercriminals have adapted to take advantage of improperly secured corporate VPNs, cloud-based services and business email—all which could be used for infiltration of corporate assets. There has also been a surge in phishing emails that use COVID-19 as a lure to cover up malicious activity. These emails contain commercial malware, such as AveMaria and NetWiredRC, which allow for remote desktop access, webcam control, password theft and more.

Malwarebytes data showed that AveMaria saw a bump of 1,219 percent from January to April 2020, an enormous increase from 2019. According to Malwarebytes telemetry, AveMaria mostly targeted large enterprise businesses. Similarly, NetWiredRC observed a 99 percent increase in detections from January to June, primarily targeting small- and medium-sized organizations.

Malwarebytes surveyed more than 200 managers, directors and C-suite executives in IT and cybersecurity roles at companies across the US. These roles include IT Manager, IT Director and IT Executive/C-Suite, along with IT/Cybersecurity Manager, IT/Cybersecurity Director and IT/Cybersecurity Executive/C-Suite. Respondents came from companies of all sizes, with some working at small- and medium-sized businesses and others at large enterprise organizations. Malwarebytes grouped participants into the following company sizes: 100–349 employees; 350–699 employees; 700–1,249 employees; 1,250–4,999 employees and 5,000 employees and over.

View the full report here https://resources.malwarebytes.com/files/2020/08/Malwarebytes_EnduringFromHome_Report_FINAL.pdf