COVID-19 Is Breeding More Cyberattacks: Here’s How to Contain Them

June 9, 2020

There’s a lot we don’t understand and couldn’t have guessed about COVID-19. But one thing that many in the cybersecurity space anticipated, and which unfortunately is coming true, is the rise in cyberattacks. As a just-completed Team8 survey revealed that 85 percent of medium- to large-sized businesses are reporting a surge in these attacks.

The reason for this is plain as day: cybercriminals have a vast new pool of remote, online workers to target. According to that survey, 70 percent of medium- to large-sized businesses say 75 to 100 percent of their employees are currently working from home. And you can bet that many of those people have never done so to this extent, or at all. (Seeing all the Zoom snafus of people doing things they shouldn’t while video conferencing sure seems to confirm this!)

Phishing for Victims

Cyber attacks are getting more sophisticated every day. So it’s not surprising that most end-users don’t know how to recognize and avoid them. Training could help to some degree, but 43 percent of employees don’t get regular data security training. And 73 percent companies don’t provide social engineering awareness training.  

That may explain why 80 percent of businesses have seen an increase in phishing attacks, a prime social engineering technique. Team8 says half that number, 40 percent, also reported an increase in malware emails. The majority (90 percent) were known attacks. 

Helping Remote Workers

So what are these companies doing to help their remote workers work more securely? Well, they’re not getting more lenient when it comes to protection. The Team8 survey found that 40 percent changed their Zoom policy to make it harder for unauthorized people to ‘bomb’ their Zoom conferences. And, perhaps not surprisingly, 21 percent moved from Zoom to Teams. 

Many are enforcing wider use of multi-factor authentication. And even though 21 percent have smaller security budgets, 35 percent are adding remote Endpoint Protection and Response (EDR) solutions to their stack, primarily CrowdStrike, followed by Cybereason, and using Windows Defender Advanced Threat Protection (ATP). Nearly all the companies plan to keep all the new tools they’ve added once the COVID-19 threat is over and workers return to the office.

But what happens when cybercriminals penetrate end-user devices? Yea, that’s a problem. Because you know that even with added security measures and tools, there’s no way to stop determined, savvy cybercriminals from infiltrating those devices and stealing or damaging your company’s sensitive information. 

What Else Can You Do?

Hysolate believes you first have to accept that cybercriminals will break through, and then use advanced isolation technology to contain them and their damage. And we’re excited to say that many enterprises are using the Hysolate Operating System (OS) isolation platform to boost their remote security posture. 

Hysolate splits a single physical endpoint into multiple virtual OS environments. These OSes run side-by-side but are completely separated by our vGap™ technology. To protect your corporate crown jewels, dedicate one OS on each user’s device to sensitive data that must be kept free of threats like malware and phishing. Make it fully locked down with no Internet access. Create a second OS and use it for general day-to-day work. Make it open to the internet and used for email and non-privileged information. If people try to use the wrong VM for a particular task, Hysolate will automatically redirect them to the correct one on their device.

Any cyber criminals who breach the general OS are completely contained within it. They cannot reach the remote worker’s privileged OS or even see that it exists. For added protection, security professionals can configure that general OS to be non-persistent so that it’s wiped clean at specified intervals.  

To learn more about Team8’s survey results and its implications for short-and long-term security remediation, check out this archived webinar, “Stress Testing the New Normal of IT-OT Relationships.”

To see how easy it is to Hysolate your remote workers’ devices, sign up for this free demo.