Telework surge leaves employees and their firms more vulnerable to cyberattack than ever, expert warns

The novel coronavirus prompted companies to push telecommuting to record levels to keep employees safe earlier this year.

But the use of home internet connections for work involves higher risk than using company networks, which are generally protected by firewalls, intrusion prevention systems and web filtering.

The importance of cybersecurity cannot be overstated. A report by U.S. mobile carrier Verizon in May based on an analysis of 157,525 online incidents in 81 countries in the year ended October 2019 says 45 percent of breaches involved hacking, 86 percent were financially motivated and 27 percent of malware incidents could be attributed to ransomware.

Trend Micro Inc.’s security evangelist Katsuyuki Okamoto said that because of the pandemic, there has been an increase in phishing attempts that try to lure employees at home to fake websites to steal valuable information.

From January to March, Trend Micro detected 907,000 spam messages related to the virus, 48,000 hits on malicious uniform resource locators (URLs) and 737 malware programs installed on devices.

“When you are at an office, a company gateway generally protects you from malware or email-based cyberattacks, but when you’re away from office, email filtering may not work and spoofed emails can reach vulnerable recipients directly on their PCs,” Okamoto said.

Cyberattacks related to videoconferencing apps are also on the rise, including attempts to spread malicious software disguised as Zoom or to steal Zoom IDs and passwords via phishing sites.

“Zoom account credentials may be linked to employee IDs and passwords for accessing corporate systems, so once you enter a Zoom ID and password on a fake website, your ID and password for accessing corporate systems may be stolen as well,” Okamoto added.

Yahoo Japan Corp.’s Manager of CISO Office Kaoru Toda, who works with the web portal’s chief information security officer, said employees engaged in remote work need to take several precautions.

“Install the latest update of your home router’s firmware to keep your network safe,” he said. “Strengthen your company PC’s defense capability against cyberattacks. Companies also should implement version control systems on operating systems and application and security software on company PCs if they have not done so already. Limiting all access to the office network via virtual private networks is an option.”

To make secure telecommunication possible, some companies have their employees use a VPN, which encrypts data to make it unreadable when intercepted between remote computers using the internet. “Using a VPN when you go outside and use free Wi-Fi connections also beefs up security,” Okamoto said.

What’s at stake is serious because cybercriminals are targeting industries in a highly sophisticated and malicious manner on a daily basis.

FBI data shows there were 166,349 corporate email scams reported globally between June 2016 and July 2019 that were responsible for total losses of $26.2 billion, compared with 22,143 cases from October 2013 to May 2016 that added up to $3.1 billion.

Corporate email scams are also on the rise in Japan. Japan Airlines, for example, was bilked for nearly ¥400 million in late 2017. Honda was hit by cyberattacks in June that temporarily halted its automobile plants worldwide.

Ransomware attacks, in which hackers try to extort money from companies by encrypting their computer files and threatening to damage or destroy them unless paid, are also a growing threat.

“Many of the ransomware damage occurs when hackers directly infiltrate company networks through server vulnerabilities,” Okamoto said. “Previously it was mostly the unsolicited email to company employees that tricked them into clicking on links or opening attachments that infect their computers, but there has been a rise in breaches that take advantage of a network vulnerability or hackers … logging into company networks using employee IDs and passwords obtained elsewhere.”

When firms are hit by ransomware, Japanese police warn companies never to pay because there’s no guarantee they will get the data back. Some security companies can restore files without the encryption key and restore the victims’ systems to their normal state.

According to Trend Micro’s June 2016 survey, 62.6 percent of firms hit by ransomware decided to pay, with 58 percent coughing up at least ¥3 million. Although several U.S. hospitals reportedly managed to restore their IT systems after paying ransoms in the past few years, there were also cases in which ransom payments resulted in partial or zero restoration of computer systems.

“Some cybercriminals fail to create functions for restoring the systems, so paying the ransom is not a guarantee that the systems will be restored, and because the companies that paid the ransom could be targeted again, we do not recommend paying a ransom,” Okamoto said.

Hackers take advantage of vulnerabilities or “zero-day” exploits (previously unknown system flaws) to infiltrate systems, so it’s essential to introduce layered defenses and multifactor authentication and train employees to detect system intrusion, Toda said.

“It’s extremely difficult to detect cyberattacks and you may even not realize it if you have been exposed,” Toda said. “In recent years it’s becoming more and more common to implement countermeasures based on the assumption that it’s impossible to completely prevent or detect cyberattacks.”

In addition, to minimize the impact of system breaches, network segmentation is also worth considering, Toda said. He also recommends taking countermeasures based on the U.S. National Institute of Standards and Technology cybersecurity framework to install five functions to manage computer risks.

To minimize breaches, installing antivirus software can block access to fake websites or detect and remove viruses attached to emails. But Okamoto said it takes more than software.

“You also have to have a mindset to check whether the URL you’re about to click on is not fake,” Okamoto said.

Microsoft’s Windows 10 operating system comes with the Defender antivirus program. But as companies push telework, the areas that companies need to protect against have increased as employees routinely access their networks from outside the office, Okamoto said.

“We believe that the level of IT security sought by companies is different depending on the company, and that each company should install the necessary software that meets their requirements,” he said. “For example, if companies want to beef up the security for company emails, which are not covered by default Windows functions, they can install security software on the market to have multiple layers of protection, like blocking access to malicious websites or detecting malware attached to email. A rapid change in how people work has laid bare a lack of IT security at many firms, and it’s about time that the companies revisit the issue of security risks while the coronavirus pandemic continues.”