SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Small biz in firing line as cyber breaches surge
Wed, 4th Nov 2020
FYI, this story is more than a year old

Cyber security breaches within smaller enterprises are predicted to rise by 40% in 2021, according to new research from SentryBay.

Dave Waterson, chief executive officer at SentryBay, says working from home policies, whilst necessary to curtail COVID-19, have exposed smaller enterprises to a level of sophisticated cyber-attack ordinarily reserved for large multi-nationals, and the impact will lead to a further sharp rise in data breaches.

He forecasts a rise of as much as 40% in attacks in the year to come, primarily targeting vulnerable endpoint devices.

"The pandemic has been widely exploited by malicious cyber actors and advanced persistent threat groups using COVID-19 themes, putting individuals, small and medium businesses and large organisations at risk of scams and phishing attacks," says Waterson.

"However, it is the geographically widespread location of employees that is exacerbating the risk, which is set to increase rather than decrease as the second wave of the virus forces people back to working in their homes," he explains.

“Working from Home has meant that sensitive company data has a broader physical footprint, and organisations have less control over how it is being accessed if their employees are outside the safety of the corporate perimeter,” says Waterson.

“Where previously smaller enterprises, which are often less well protected, were able to fly under the radar and avoid cyber-attacks, this is no longer the case, and they are increasingly being hit with insidious, damaging breaches that they are ill-equipped to deal with in the current climate.

The SentryBay team believe that in 2021, the greatest danger to organisations will come from key logging and screen-grabbing malware, primarily because they are the attack vector through which sensitive data is most often, and most easily, stolen. Both use endpoint devices to gain access and, despite the rise in use of anti-virus and two-factor authentication, this will not guard against an attack.

“2FA does not stop sensitive data passing through the application after login,” says Waterson.

“Keylogging malware is normally ranked as the leading cyber threat to businesses, but standard anti-virus solutions do not provide sufficient protection. Unless data is protected as it is entered from the keyboard or onto the screen, it opens the door to criminals and therefore we are anticipating a massive growth in attacks on organisations.

The risk of a breach is heightened not just because WFH is now so prevalent, but also due to a general rise in online activity. SentryBay predicts that malicious actors will target children or other members of the household to gain access to a parent's corporate network," he says.

 With COVID-19 restrictions and less people on the high street, the run up to Christmas will see a jump in eCommerce purchasing, which is already being targeted by cyber-criminals through phishing scams and fraudulent sites that spoof well known retailers.

SentryBay encourages organisations to think about the broader picture when it comes to protecting their employees, and their data.

"Identifying risk outside the corporation now means the families and friends of employees, and the devices they are using. To keep all connections safe, they need to look for solutions that are specifically designed to protect against all vulnerabilities, not just the most obvious ones."