ALARM SIGN triggered by specialists: work from home is CEREAS MANA for hackers – News from the sources



[ad_1]

75% of Romanian companies did not take adequate measures to manage information security. There is a risk that these companies suffer severe losses if corporate information or personal data is subject to security breaches.

Most of the Romanian companies did not take additional safety measures, in the context where, against the backdrop of the pandemic, they adopted work from home according to the barometer made by the consulting firm Frames, commissioned by Infosec Center.

Also read: INCREDIBLE OLD 1998 technology REMOVES coronavirus particles

Experts say that without information security management measures, there is a risk that these companies will suffer severe losses if corporate information or personal data is subject to security breaches.

“The changes related to working from home were made overnight and we did not have the time and resources to adequately adapt measures to ensure activities online. In addition, employees would have to be trained for the new reality. digital, but we do not have a budget “- this response received by one of the survey participants could define the overall opinion of the 672 participants in the barometer conducted on 25 October – 1 November, which aimed to understand the perception of the corporate environment in terms of information security management and employee training for the new reality of work from home.

According to the study, conducted nationwide, 67% of respondents said that the pandemic led to the adoption from home of the companies they manage or work, a decision that 87% consider a positive measure in the context of the danger of infection with the new coronavirus.

Working from home had advantages but also disadvantages for Romanian companies, especially for those in which, before the pandemic, the use of email, videoconferencing systems and other cloud platforms was unknown.

Most of the challenges were the absence of social interaction (with colleagues), mentioned by 58% of the respondents, the absence of an optimal working environment (insufficient space, poor internet connectivity, other logistical problems), supported by 41 %, and higher workload, mentioned by 32% of them.

The list of challenges also included increased cybersecurity risks (24%) and employee management issues (19%).

Regarding the benefits of working from home, the vast majority of respondents indicated the elimination of time lost while traveling to / from work (73%). The optimization of working hours / elimination of routine (52%) and the existence of an unrestricted work environment (43%) rank in the next two positions at the top of the benefits identified by the respondents. For some of them (38%) another big advantage was the decrease in personal expenses generated by the office activity (meals, transport, clothes, etc.).

According to the experts, beyond the way in which they have logistically managed to provide employees with the opportunity to continue working from home, the big problem identified by the barometer is that too few companies have become aware and have taken steps to protect the own digital business. .

“The Covid-19 pandemic has been a catalyst for job transformation. From a cybersecurity perspective, I see many challenges in operations ranging from protecting assets that are mostly behind a firewall to some in a predominantly IT environment. decentralized and heterogeneous. Adaptation at an extremely vigilant pace to the new reality cannot be done without the appearance of certain risks that must be properly assessed, assumed and treated ”, says Marius Hărătău, manager of the Infosec Center.

When asked how the company’s attitude towards cyber security (information security management and personal data protection) has changed over the past year, 52% of respondents said it remained unchanged. In other words, they have not taken additional measures to manage information security. 23% indicated that there is no strategy in this area.

Only 18% said company policy had become stricter and only 7% indicated a “very strict” response.

“If in the area of ​​large companies, multinationals, there are well-defined security policies, and working from home has imposed new security restrictions and investments in security systems, in the SME sector there is still too little concern about this. segment”. ‘Marius Hărătău also declared.

“Many of the employees use personal PCs / laptops in their jobs or, if they have received such devices from work, are not sufficiently protected, companies avoid allocating additional funds for the acquisition of cybersecurity systems. This is how employees access company platforms (web pages, online shops, databases, etc.) based on simple, easy-to-crack passwords, both on PC / laptop and on the phone, ” says Adrian Negrescu, Manager of looms.

In many cases, employees connect directly to the corporate network through a protocol called Windows Remote Management (WinRM).

“Access to the company via WinRM is often required, but user rights must be limited by well-defined policies. Unfortunately, 55% of all systems scanned by Bitdefender have WinRM vulnerabilities that could be exploited by attackers to compromise the network ”, state the data collected in the first six months of 2020 from company terminals protected with Bitdefender security solutions.

“Beyond large companies, which are the exception, in medium and small businesses, training courses for employees in the field of information security and personal data protection are unfortunately non-existent. Beyond the financial implications: many companies don’t have the funds to train their employees, there is also a management problem. The good news is that the pandemic is gradually changing this perception and, from the signals received from the market, there are more and more companies that are more concerned about this aspect, ” says Marius Hărătău.

According to experts, the dangers can come from popular services like Google Drive and WhatsApp.

A report from Kaspersky recently showed that it is important for organizations to understand relevant threats and how they can infiltrate the enterprise endpoint, such as through phishing in cloud services. Once a web service becomes popular, it can become a more attractive target among cyber attackers.

According to the company, the top five applications in which phishing attempts have been observed most often are Facebook (4.5 million phishing attempts), WhatsApp (3.7 million), Amazon (3.3 million), Apple ( 3.1m) and Netflix (2.7m). Google’s bundled offers, including YouTube, Gmail, and Google Drive, ranked sixth with 1.5 million phishing scams.

.

[ad_2]
Source link