Cybercriminals strike remote workers on unsecured home devices

The 2020 pandemic struck hard and fast, bringing with it much uncertainty and chaos.

That chaos opened up new avenues for cybercriminals to strike, some taking advantage of vulnerabilities created by millions of remote employees who work on unsecured home devices.

Cybersecurity threats will remain high this year with remote work still a key attack target along with other threats, including breaches involving personal medical information that could mean hours of lost productivity for workers, according to Experian.

"We’re calling 2021 a cyberdemic," says Michael Bruemmer, VP of Global Data Breach Resolution and Consumer Protection at Costa, Mesa, Calif.-based Experian, a global information services company that recently released its 2021 Data Breach Industry Forecast.

That’s because of the pandemic, he says.

Some new threat vectors will become increasingly predominant, including contact tracing apps and vulnerabilities created by digital medical services and telehealth, says Experian.

In 2020, Experian serviced more than 5,000 clients with data breach incidents; about a third of which were related to health care, says Bruemmer.

That threat continues in 2021 with much of the risk resulting from health care providers rushing to adopt digital and telehealth services and patients becoming more comfortable with leveraging technology for health services, says the forecast.

There’s been "a 350% increase in telehealth services during the pandemic," and a 90% increase in the number of breaches from telehealth providers, says Bruemmer.

That impacts employers because if a worker’s medical/payments information is compromised it could take 40 to 50 hours to rectify, which affects overall productivity, he says.

Although many companies have upgraded security on remote devices since COVID-19 started, others haven’t. Attackers are getting smarter and many families are unprepared for the onslaught, according to Experian.

In the first half of 2020, ransomware attacks increased 72%, notes Experian in the forecast citing Skybox data.

Ransomware "is a malware that infects computers and mobile devices and restricts their access to files often threatening permanent data destruction unless a ransom is paid," according to Steve Morgan, founder of Northport-based Cybersecurity Ventures and Editor-in-Chief at Cybercrime Magazine.

Cybersecurity Ventures predicts a ransomware attack on businesses every 11 seconds in 2021.

And that’s a problem for many small businesses that often are on tight budgets and lack ransomware protection, says Morgan.

"You have an unprotected workforce and that’s a very scary thing," he says, noting often these ransomware attacks come from phishing emails that an employee unwittingly clicks on.

He recommends companies implement a security awareness training program to help employees recognize such threats as phishing emails.

"You want a human firewall in every house," says Morgan.

Adam Schwam, president of Farmingdale-based Sandwire Corp., a managed IT services company, agrees that phishing emails remain a significant threat.

Attackers have only gotten savvier and send targeted emails that look like they’re from someone you know and/or vendors with links or files that once clicked install ransomware, he says.

Still, though hackers have gotten more sophisticated so have cybersecurity solutions, says Schwam.

"There are newer products that actually sit in front of your email as artificial intelligence weeding out these bogus emails," says Schwam, noting one he uses for clients is Graphus, an anti-phishing software. "Just like they’re advancing on their end we’ve been advancing on ours."

But consider threats also are being harbored against personal devices like cellphones, says Michael Maser, CTO at Plainview-based UOTech.co, which specializes in IT managed services.

He said an attack last year proved successful against Apple devices, exploiting design flaws that required the user do nothing at all.

"Apple patched it very quickly," says Maser, noting that it’s important to tell employees to update their devices with the latest security patches/updates.

Another risk Experian identified was increased adoption of high-speed 5G networks with cybercriminals looking for ways to access these networks, which will connect billions of devices, vehicles and sensors.

"5G itself isn’t a threat, but what it’s doing is allowing so many more devices to be connected," says Maser.

He suggests companies limit points of attack by paring down the number of software/cloud-based services they use. For example, if you’re using Office 365 it has Microsoft Teams so you don’t need to also use Zoom, he says.