Cyberattacks rise as employees work from home, report warns

McAfee warned employers of “new security delivery models in the distributed work-from-home environment”

The number of cyberattacks targeting cloud tools like Zoom, WebEx and Teams has significantly increased as employees work from home, researchers at McAfee have warned.

The caution follows a four-month study by the cybersecurity specialist.

McAfee has released a report which analyses data from more than 30 million commercial McAfee MVISION Cloud users worldwide between January and April 2020.

According to the Cloud Adoption & Risk Report – Work-from-Home Edition, McAfee said there is a correlation between the increased use of cloud services and collaboration tools – such as Cisco, WebEx, Zoom, Microsoft Teams and Slack – during the COVID-19 pandemic and the increase in cyberattacks intercepted by the company’s defences.

The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behaviour
– Rajiv Gupta, McAfee

The report says during the first quarter of this year, Cisco, WebEx, Zoom, Microsoft Teams and Slack saw an increase of up to 600% in usage, with the education sector accounting for much of this extra traffic.

Threat events from hackers increased by 630% over the same period. Most of these external attacks targeted collaboration services, like Microsoft 365, and were large-scale attempts to access cloud accounts with stolen credentials.

The report also revealed that the number of users accessing the cloud from unmanaged devices has doubled, which makes the job of security professionals harder.

McAfee says these trends “emphasise the need for new security delivery models in the distributed work-from-home environment of today”.

Rajiv Gupta, senior vice president for cloud security at McAfee, said: “The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behaviour.

“Mitigating this risk requires cloud-native security solutions that can detect and prevent external attacks and data loss from the cloud and from the use of unmanaged devices. Cloud-native security has to be deployed and managed remotely and can’t add any friction to employees whose work from home is essential to the health of their organisation.”

The organisation said the education sector should be aware that remote working reduces the ability of ‘hub and spoke’ networking to work effectively with scale. It added that network controls should be cloud-delivered and should connect remote users directly to the cloud services they need.

Read more: Cybersecurity concerns rise as lockdown drives 1.4m more children to livestream


Leave a Reply