Emerging threats you need to know about now.
Data breaches are on the rise in 2020, and many of the recent spikes in reported incidents have been due to Coronavirus related trends and challenges. From COVID-19 related fear and phishing campaigns to remote working security risks, the first quarter of 2020 has tested the efficiency of security teams worldwide.
As quarantines forced organizations to hastily update IT infrastructure and create effective remote working security policies, thousands of employees used personal devices to access confidential resources without proper security safeguards, exposing their businesses to possible data loss and breaches.
According to Data Guardian’s report, Digital Guardian Data Trends, there was a 123% increase in the number of employees copying information to USB drives in the early months of 2020, and approximately 70% of that data—potentially hundreds of terabytes—may have contained confidential or sensitive data.
A survey conducted by Apricorn in April found that 57% of the IT decision-makers who responded to their study considered remote workers a security risk, with 35% citing employee apathy as the major cause of concern. Many expressed difficulty in getting employees to commit to security strategies.
This is a very real concern, as some of the most common remote working risk behaviors include weak passwords, logging in to unsecured wireless networks, and misplaced devices. Also, many employees who work from home share a computer with other household members, making corporate data especially susceptible to a breach.
As these figures show, remote working security risks are rising and data breach incidents are inventible under such circumstances, which makes the efficient handling and reporting of such events critical. As the increase in remote working creates an increasingly complex structure for the sharing of sensitive data, security teams must have the tools to rapidly respond to data breaches.
Phishing and Malware
According to The Verge, Google recorded 18 million daily malware and phishing emails related to COVID-19 scams over a single week in April. These attacks were designed to exploit the panic caused by the spread of the virus.
Current COVID-19 phishing email attacks are using fear and financial incentives to persuade users to respond, essentially adapting phishing tactics that have proven successful in the past to exploit the grave public concern generated by the Coronavirus crisis.
Many of these emails claim to be from the World Health Organization or government stimulus payment administration bodies, or even the intended recipient’s employer—a tactic specifically targeting remote workers. The goal of the attacks is to convince the recipient to donate money or click on links that would install malware.
While Google claimed that its AI-powered filter blocked 99% of this malicious content, the 1% that it could not identify generated malicious content that went straight to the inboxes of individuals, employees, and remote workers.
Phishing and malware attacks aren’t the only way that remote working security can be jeopardized. Sentinel Labs reported that an increasing number of Coronavirus contact tracking apps available in official app stores are malicious.
These apps may look like legitimate contact tracking apps, but once installed, they target SMS messages and inject themselves into other applications, such as banking apps and password vaults. Additionally, they may access video and camera recording functions and critical system files.
Without frequent threat updates from security teams, remote workers may fall victim to scams they don’t know exist. And, even when notifications are sent, there is an increased risk that messages may not be read in time.
The sheer amount of data breach incidents that occur regularly is now stretching the resources of privacy teams, leaving many struggling to assess and report data breaches in accordance with the required deadlines. Unfortunately, the rise of COVID-19 has only made the situation worse, making communication more difficult and shortening the time required to effectively respond.
After years of working closely with international corporations on data privacy issues and GDPR compliance, we recognized the need for a tool that companies could use to rapidly respond to data loss and data breach incidents.
Our solution, DBMT, gives Data Protection Officers and privacy teams the ability to manage, track, and respond to personal data incidents with speed and efficiency, thereby reducing the risk of large regulatory fines.
We understand the emerging issues affecting remote working security, and it is our mission to help companies meet the strict GDPR reporting standards as effectively as possible.
Would you like to know more about how DBMT can help your business manage data incidents as they occur? We invite you to contact us with any questions or concerns you may have about remote working security and how we can help your organisation mitigate the risks associated with GDPR reporting.