Which Industries Suffer Most From Remote Working?

Uploaded on 2020-08-11 in NEWS-Cybersecurity News, FREE TO VIEW

The specialist security firm Specops Software has surveyed 2,043 business owners across 11 different sectors to discover which sector had the highest number of cybercrime threats or attempts since employers have had to work from home.
 
They discovered that 41% of employees have not been provided with adequate cyber security training whilst working from home. They also found that 54% of business owners have seen a rise in cyber-crime threats, with every sector reporting phishing as the most prevalent attack attempt since COVID-19. Despite this, 52% of businesses would consider a switch to permanent remote working for employees.
 
The US has fallen victim to a huge 156 separate ‘significant’ cyber-attacks in the period between May 2006 and June 2020. Significant attacks include assaults on a country’s government agencies, defence departments, or prominent high-tech companies, and which feature coordinated attacks which incur economic losses totalling more than a million dollars.
 
For the US, this equates to an unenviable average of 11 significant cyber-attacks targeting its government or high-value infrastructures every year.
 
Britain is the second most frequent target of “serious” cyber-attacks according according to the Specops Software report, with 47 such attacks from May 2006 to June 2020, one of which was the large scale cyberattack deployed across the Labour Party’s digital platforms during the 2019 general election.
 
Cybercrime threat rates by sector since lockdown vary significanty and some sectors hav experienced notable increases in cybercrime threat levels:      
 
  • Computer and IT                   -  78%
  • Medical and Health               -  73%
  • Accountancy, Banking           -  67%
  • Charity and Voluntary Work   -  62%
  • Customer Service                  -  55%
  • Marketing, Advertising, PR    -   53%
  • Legal Services                       -  47%
  • Recruitment and HR              -  44%
  • Creative Arts and Design       -  43%
  • Education and Training          -  36%
  • Travel and Hospitality             -  31%
Almost 4 in 5 (78%) business owners in the computer and IT sector have reported an increase in threats since lockdown, although, working from home still appears to be a viable option for many, as 85% of employers in this sector would consider permanent remote working.
 
It might be no surprise that  67% of those in the accountancy, banking and finance sector have seen a huge increase in threats, making them the third most likely sector to encounter cyber-attacks whilst working remotely.
 
The sector least likely to encounter cybercrime threats whilst working from home is the travel and hospitality sector, with only 31% noting an increase.
 
More than 7 in 10 (73%) businesses in the medical and health sector have reported an increase in cybercrime threats since lockdown began. The sector is still highly vulnerable and concerned about future attacks. Therefore, only 32% of businesses in this sector would consider remote working for employees. 
 
The biggest security concerns across the businesses surveyed during lockdown are: 
 
  • Ransomware – 96% 
  • Crypto jacking – 74%
  •  Phishing – 67%
  • IoT attacks – 48% 
  • Cyber attacks  against hardware – 39%  
Specops Software offers the following advise on how  about how businesses with significant reliance on remote workers can stay safe:
 
1. Make use of tools that can check your current passwords for ones that are on existing breached lists. Encourage users that are using breached passwords to change them.
 
2. Encourage the use of passphrases e.g. 3 random words, block the use of any breached passwords and if you are planning on increasing expiry times to avoid the “cached password” issue, look at using these longer expiry times as a way of rewarding the use of passphrases. Also consider reducing complexity as a balance for increasing the length to try an avoid users writing passwords down on post-it notes.
 
3. Another common attack vector post COVID-19 , are social engineering attacks on service desk staff. Users are no longer able to visit IT departments in person and maybe calling from public numbers rather than internal, so making sure that your service desk is actually speaking to “Susan from Accounts” and not a hacker is very important, the days of being able to “recognise the voice” isn’t a viable option any more.
 
4. Don’t forget to enable disk encryption on all devices that handle corporate data, this includes mobile devices, and use restrictions to block logins from disallowed countries or non-compliant devices.
 
5. Don’t forget the basics, make sure you have backups of all business-critical data. Make sure you test the backups and make sure you store those backups in a secure location and in an encrypted state. Review permissions to sensitive data both in the cloud and on prem, to make sure that the right people have the right access to the right data.
 
SpecOps Software:       Techround:         ITProportal:        Security Brief
 
You Might Also Read: 
 

Easing Out Of Lockdown: Why Should Cyber Security Remain High On The Agenda?:

 
« Six Reasons To Move Your SIEM To The Cloud
Australia's Cyber Security Plan Includes Domestic Surveillance »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

aizoOn Technology Consulting

aizoOn Technology Consulting

aizoOn is a technology consulting company offering a range of services including IoT & embedded security, mobile security, cybersecurity assessments, risk & compliance, network monitoring and more.

Parasoft

Parasoft

Parasoft is an independent software testing and software quality assurance tool and solution vendor.

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU CCIS is a national centre for research, education, testing, training and competence development within the area of cyber and information security.

Protenus

Protenus

Protenus provide a solution to proactively monitor and protect patient privacy in the electronic health record (EHR).

Sabasai

Sabasai

Sabasai specialises in all aspects of insider threat management from training and education to building security frameworks and insider threat programs to on-site risk & vulnerability assessments.

Cellopoint

Cellopoint

Cellopoint is a leading manufacturer of information security and email lifecycle management (ELM) products.

Concentric

Concentric

Concentric Data Risk Monitoring and Protection. Deep Learning to discover, monitor and remediate risks to sensitive data on-premises and in the cloud.

Voxility

Voxility

Voxility provides Infrastructure-as-a-Service in the biggest Internet hubs in the world.

Cyber Griffin

Cyber Griffin

Founded by the City of London Police in 2017, Cyber Griffin is an initiative that supports businesses and individuals in the Square Mile to protect themselves from cyber crime.

HiScout

HiScout

HiScout is your integrated management system for IT governance, risk & compliance.

3B Data Security

3B Data Security

3B Data Security offer a range of Penetration Testing, Digital Forensics, Incident Response and Data Breach Management Services.

Armo

Armo

Armo technology enhances any Kubernetes deployment with security, visibility, and control from the CI/CD pipeline through production.

Distology

Distology

Distology are an award-winning cloud security distributor bringing a wealth of experience and strong relationships with a huge breadth of partners covering the UK, Ireland and Benelux.

IONOS

IONOS

IONOS is a leading provider of cloud infrastructure, cloud services, and hosting with more than 8.5 million customers contracts.

Lansafe

Lansafe

Lansafe stands as a leading managed service provider in the UK, seamlessly integrating IT, Telecoms, Security, Electrical and Cyber Security solutions.

Ventum Consulting

Ventum Consulting

Ventum Consulting stands for digitalization, networking and agilization. We take this up on the strategic, professional and technical side and support our customers in the digital transformation.