The Week in Breach – Extended Remote Work is Changing the Calculus on Risk

Make sure to add us or contact us for the latest news


Extended Remote Work is Changing the Calculus on Risk


The rapid transition to remote work was a fundamental shock for many companies. Getting used to a new out-of-the-office culture, new technology and new stressors was hard enough, but the fact that this state of affairs is fated to continue for a long time with no real end in sight has caused companies to need to thoroughly rethink their approach to cybersecurity.

An estimated 90 percent of companies experienced a sharp increase in cyberattacks during the global pandemic. In the UK, 65 percent of organizations noted they have either been breached or exposed to an attack during the lockdown. Plus, 73 percent of security and IT executives are concerned about new vulnerabilities and risks that have been created or extended by supporting a remote workforce.

Some of those risks were exacerbated by both a lack of preparation to be ready to go fully remote and a lack of essential upkeep because of pandemic chaos after going remote – 98 percent of IT professionals in an international survey said they experienced security challenges within the first two months of the pandemic. Only 42 percent of survey respondents felt that their organization was “well prepared” for moving to remote work, compared to 45 percent that considered their companies “somewhat prepared” and 13 percent who stated that their businesses were were not prepared at all.


Extended Remote Work Means Extended Risk

Companies suddenly discovered a lot more challenges that threw them off their game as they made the transition to remote operations, as well as unexpected stumbling blocks. In the same survey, 93 percent of respondents said they had to delay key security projects in order to work on the transition to remote work forced by the pandemic. Over 30 percent of security executives said that software updates and BYOD policy considerations were deprioritized during the switch, and 42 percent said that routine reporting had been neglected since the start of the pandemic.

The cascade effect of those choices coincided with a huge global increase in cybercrime, as businesses were often forced to take on more cybersecurity risk in order to keep operating if they were unprepared for the transition. Like allowing workers to use personal devices until business devices could be obtained for workers who had never been remote – 43 percent experienced difficulties patching remote workers’ personal devices, exposing their organization to risk and more than 90 percent reported that their companies were forced to make rapid decisions about cybersecurity policy just to keep the lights on.


The Time for Excuses is Over

While the start of the global pandemic was extremely chaotic and disruptive throughout the world, that was almost a year ago. Companies have had time to solve these complex security issues, but many haven’t. Researchers note that only about half of the surveyed companies had adopted simple security tools like multifactor authentication to combat the increased risk of remote work.

The numbers are in for 2020, and it was a record-breaking year for new vulnerabilities, with a 30 percent year over year increase. That’s not even counting attacks like phishing that have skyrocketed by more than 660 percent. That leaves huge gaps for security teams to handle – only 11 percent confirmed they could confidently maintain a holistic view of their organizations’ attack surfaces.

Remote working isn’t going anywhere either, and that continues to be problematic for companies that have failed to adjust. Some companies have chosen to remain fully remote as both a cost-cutting measure and an employee convenience aid. Many companies also intend to return to their offices as soon as they’re safely able, but that doesn’t mean anytime soon. More than 70 percent of respondents projected that at least one-third of their employees will remain remote 18 months from now.

What do you do to provide long-term and short-term security benefits for your business? Make sure that they’re guarding every door into their organization against cybercriminals. Below are tools in  our arsenal to help guard your business.

Passly is the lock that they need to put on the front door to their systems and data. Multifactor authentication alone can stop up to 99 percent of password-based cybercrime, and that’s just one of the secure identity and access management features that will improve your security posture in the short and long term. If your only going to make one change to your cybersecurity stack because of budget concerns, adopting Passly is the change to make.

BullPhish ID is the key to keeping the little windows into your data closed that are opened by phishing attacks. It only takes one misclick for an employee to unleash a devastating cyberattack, and phishing boomed worldwide because of the opportunity created by remote work and tumultuous times. Security awareness training including phishing resistance with a solution like the freshly updated and upgraded BullPhish ID can stop up to 70 percent of cyberattacks before they start, making training a smart investment at any time. LEARN MORE ABOUT THE NEW BULLPHISH ID>>

Dark Web ID is the ideal choice for businesses to use to keep an eye on the back door. Increased cybercrime means an increased amount of data has hit the Dark Web, including millions of new records full of data to power cyberattacks. Dark Web ID helps mitigate the risk caused by that data flood by monitoring and reporting on credential compromise pitfalls that can sneak up unexpectedly.

Contact the experts at IntegraMSP and let’s talk about how we can work together to help you find exactly the right solutions to secure your business.


Dark Web ID’s Top Threats This Week



United States – Washington State Auditor

https://sao.wa.gov/

Exploit: Third Party Data Breach

Washington State Auditor: Regional Government Regulator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.379 = Severe

The unemployment claims data of more than 1 million people in Washington State has been reported as stolen in a hack of software used by the state auditor’s office. The State announced the breach after receiving notice that it was involved through a third party service provider, Accellion, a software provider the auditor’s office uses to transfer large computer files. the breach affects the personal information of people who filed for unemployment claims with the Washington Employment Security Department (ESD) between Jan. 1, 2020, and Dec. 10, 2020, and included a total of 1.6 million claims. Those claims represent at least 1.47 million individuals, according to data from the ESD website.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.379 = Severe

The data breach involved claimants’ names, Social Security numbers and/or driver’s license or state identification number, bank information, and place of employment. The state auditor has set up a web page for people who think their personal information could have been exposed in the data breach. See https://sao.wa.gov/breach2021/.

Customers Impacted: 1.40 million or more people

How it Could Affect Your Business: Data like this is sought-after by cybercriminals to power phishing operations. Unfortunately for these folks, it often hangs around for years on the Dark Web, acting as fuel for future cybercrime.

IntegraMSP to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. LEARN MORE>>


United States – DriveSure

https://www.scmagazine.com/home/security-news/data-on-3-2-million-drivesure-users-exposed-on-hacking-forum/

Exploit: Hacking

DriveSure: Customer Retention Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.211 = Severe

Hackers dropped data on 3.2 million DriveSure users on the Raidforums hacking boards late in January. One leaked folder totaled 22 gigabytes and included the company’s MySQL databases, exposing 91 sensitive databases. The databases range from detailed dealership and inventory information, revenue data, reports, claims and client data. A second compromised folder contained 11,474 files in 105 folders and totals 5.93 GB, likely a repository of backup data.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.325 = Severe

The information exposed included names, addresses, phone numbers, email addresses, IP addresses, car makes and models, VIN numbers, car service records and dealership records, damage claims and 93,063 bcrypt hashed passwords.

Customers Impacted: 3.2 million

How it Could Affect Your Business Data isn’t always stolen via ransomware – sometimes it’s just old-fashioned hacking. That’s one reason why it’s essential to use a secure identity and access management solution to keep hackers locked out.

IntegraMSP to the Rescue: Multifactor authentication can stop up to 99% of cyberattacks, and that’s just one piece of the security toolkit that you get when you start using Passly. LEARN MORE>>


United States – WestRock

https://www.securityweek.com/packaging-giant-westrock-says-ransomware-attack-impacted-ot-systems

Exploit:  Ransomware

WestRock: Packaging Manufacturer

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.779 = Extreme

Packaging giant WestRock has experienced a ransomware attack that has impacted both its manufacturing and IT environments, severely impacting production. The company has noted in an announcement to shareholders that it expects that continued delays during the recovery and cleanup process are expected.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware can be especially devastating to manufacturing companies by not just impacting office business but halting production, leading to a cascade effect.

IntegraMSP to the Rescue: Ransomware is almost always the result of a successful phishing attack. BullPhish ID prepares staffers to spot and stop phishing attacks, putting everyone on the IT team. SEE IT IN ACTION>>


United States – SN Servicing Company

https://www.scmagazine.com/home/security-news/mortgage-loan-servicing-company-discloses-ransomware-attack-to-multiple-states/

Exploit: Ransomware

SN Servicing Company: Mortgage Loan Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.022 = Severe

SN Servicing, the California-based servicing arm of Security National Master Holding Company, disclosed a data breach impacting clients in Vermont and California. The incident was also reported by the Egregor ransomware gang. SN Servicing says that it has engaged a third party team of investigators to determine the scope of the incident.

cybersecurity news represented by agauge showing severe risk

Individual Impact: 2.171 = Severe

The stolen data appears to be related to billing statements and fee notices to customers from 2018, including names, addresses, loan numbers, balance information, and billing information such as charges assessed, owed, or paid. Clients should be aware of potential spear phishing and identity theft risks.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is around every corner these days, and just one misclick on a phishing email can spell disaster.

IntegraMSP to the Rescue: Ransomware comes in the wake of a phishing attack. Are you taking the right precautions against it? Make sure you’re using the right strategy! LEARN MORE>>


United States – Spotify

https://threatpost.com/spotify-credential-stuffing-cyberattack/163672/

Exploit: Credential Stuffing

Spotify: Streaming Music Service

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.668 = Severe

Spotify has returned for another appearance with a credential stuffing disaster eerily similar. This time, data for approximately 100k users appeared in an Elasticsearch instance spotted by researchers. This is distinctly different data than the load that researchers discovered in November 2020.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

No specifics were listed about the stolen data, but Spotify users should reset their account passwords and be on the lookout for spear phishing attempts.

Customers Impacted: 100K+

How it Could Affect Your Business: Protection against credential stuffing isn’t something that a company like Spotify should struggle with, and suffering two credential stuffing incidents in one quarter shows a sloppy attitude toward security.

IntegraMSP to the Rescue: Choose Passly to secure the gateways to your systems and data quickly and affordably with a multipronged solution that covers your bases. SEE IT IN ACTION>>


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.