Malwarebytes Research: Companies Too Confident About WFH Security

New Malwarebytes research shows companies are more confident than they should be about their ability to stay secure while working from home (WFH).

The Malwarebytes research includes survey results from 200 IT and cybersecurity decision makers. The respondents are from small businesses to large enterprises.

Despite an increased number of threats, companies appear to have a high level of confidence about the transition to WFH. Roughly three in four people gave their organizations a score of seven or above on preparing for a WFH transition.

Confidence vs. Reality

Adam Kujawa is director of Malwarebytes Labs. He said this confidence “doesn’t match the reality.”

Malwarebytes’ Adam Kujawa

“A recurring theme in many of these surveys is what I refer to as security hubris, which refers to the confidence a user has in their security tools that does not match the actual protective capability of the security tool,” he said. “For example, assuming that since you’ve established a very solid network border protection strategy, you don’t need to worry about making internal systems secure because that bad guy can’t get to them, right?”

When asked specifics of what policies and strategies have been used to ensure an organization’s preparedness, many of the answers had low percentages, Kujawa said.

Some 55% performed security and privacy analysis of any software suggested for their network before deploying it. However, 21% refrained from deploying software because it didn’t meet their security standard.

Despite this, 61% were able to supply staff with devices to work remotely. And 56% provided crucial training to ensure best cybersecurity practices were followed in a home environment.

“So we believe it’s safe to say that the idea of security and confidence in it is top of mind for many, but the details and execution paint a different picture,” Kujawa said.

Breaches and Associated Costs

Other findings include:

• One in five (20%) said they faced a security breach as a result of a remote worker. This, in turn, led to higher costs.
• One in four (24%) had unexpected expenses to address a cybersecurity breach or malware attack following shelter-in-place orders.
• Three in five (61%) of respondents’ organizations did not urge employees to use antivirus solutions on their personal devices.

In addition, 28% admitted they use personal devices for work activities more than their work-issued devices. This could create new opportunities for cyberattacks.

“At the end of the day, if you give your employees the right equipment, show them how to use that equipment correctly, make sure they have support for that system and you allow some trust in your employee-employer relationship, it shouldn’t be that difficult to get folks to use their work devices for work,” Kujawa said.

Cybercriminals Stepping Up

On the threat landscape, Malwarebytes research showed cybercriminals have adapted to take advantage of improperly secured corporate VPNs, cloud-based services and business email. All could be used for infiltration of corporate assets.

There’s also been a surge in phishing emails that use COVID-19 as a lure to cover up malicious activity. These emails contain commercial malware, such as AveMaria and NetWiredRC. Those allow for remote desktop access, webcam control, password theft and more.

AveMaria jumped over 1,200% from January to April, an enormous increase from 2019. According to Malwarebytes, AveMaria mostly targeted large enterprises.

Similarly, NetWiredRC saw a 99% increase in detections from January to June. It primarily targets SMBs.

“The biggest issue is the changing threat landscape, which wasn’t too much of an issue at the beginning of the pandemic,” Kujawa said. “We observed a lot of older malware, mainly deployed for information gathering purposes, with the goal of gaining access to corporate resources through remote employee systems. Now that we are six months in, we’re seeing a resurgence of bigger and more dangerous threats that focus on corporate networks, coming up with new methods of infection and new strategies to exploit our remoteness.”