Intelligent CISO Issue 30 | Page 42

Huge damages can occur in one minute .
EXPERT OPINION
• Breaches through phishing and social engineering
• Infection via compromised websites
• Malvertising and breaching the browser
• Exploit kits that deliver custom malware
• Infected files and application downloads
• Messaging applications as infection vectors
• Brute force through RDP
Other ransomware criminals recruit employees inside the firm as a means of breaching security controls which is a technique one would normally associate with nation-state actors engaged in espionage .
Are remote workers more vulnerable to ransomware attacks ?
Yes , they definitely are – with millions of people working from home , there is an enormous attack surface ripe for the taking by malicious actors . It is no trivial task to provide the same levels of security for all these employees , operating outside the ( relatively ) safe perimeter of their offices and local Intranet .
Furthermore , with time and numerous IT ‘ temptations ’ ( like letting your kids use your work laptop for browsing )

Huge damages can occur in one minute .

employees ’ awareness levels can be eroded , leading to an increase in their vulnerability to cybercrime .
What other key threats are remote workforces facing ?
An increased number of staff working remotely presents an opportunity for Business Email Compromise ( BEC ) fraud , as the whole scam relies on communications that are never confirmed in person .
Phishing campaigns are also a threat for all employees whether they are based in-house or remote , but for workers who are unused to working ‘ home alone ’ and are now dealing with an increase in email and other text-based communications , it can be easier for them to lose perspective on what is genuine and what is a scam .
In particular , with a rise in malspam playing on fears of Coronavirus from the ‘ usual suspects ’ like Emotet and TrickBot , remote workers need to be extra-vigilant .
How should organisations plan for a ransomware [ or other ] cyber incident ?
Organisations must rely on a modern , well-maintained and properly tuned and trusted security solution . Prevention is key with these attacks . Even if the encryption / data-loss can be mitigated through decryptors , backups or rollbacks , victims still face the problem of their data being posted publicly . We encourage security teams to analyse and understand the threats and to take swift and appropriate action to prevent incidents occurring in the first place .
Below are the suggestions for the type of training :
• Train staff to habitually inspect links before clicking by hovering over them with the pointer to see the actual URL destination
• Train staff to deny requests to enable macros when opening
42 Issue 30 | www . intelligentciso . com