The recent COVID-19 pandemic has brought a fresh wave of cyberattacks targeting remote workers, but a lack of training has resulted in the majority not taking threats seriously
OSLO – 66% of remote workers haven’t been given any form of cybersecurity training in the past 12 months, with a further 77% saying they aren’t worried about their cybersecurity while working from home. This is according to a study of 2,000 remote workers in the UK by Oslo-based app security company Promon.
Promon’s research into the attitudes towards cybersecurity comes after Ursula von der Leyen, president of the European Commission, warned on March 24th that cybercrime in the EU has increased due to the coronavirus outbreak. As the pandemic has forced many more people to work from home, attackers are capitalising on the increased amount of time spent online by carrying out targeted COVID-19-related phishing campaigns which can result in the victim downloading ransomware (malware that encrypts files until a ransom is paid), or attackers gaining access to a victim’s computer.
Examples of such campaigns include a bogus email from HMRC containing a ‘new tax refund programme’ set up by the Government, which, when clicked, directs to a fake webpage which harvests financial and tax information. Another example is a fake email claiming to be from the World Health Organisation, containing an attachment on new coronavirus safety measures. When opened a keylogger is downloaded, which then tracks and records every key that’s pressed on the user’s keyboard, enabling the attackers to secure passwords and other sensitive login information.
The survey also found that 61% of respondents are using personal devices when working remotely, adding an extra layer of concern as many of these are likely to be less secure than corporate-issued ones. Cybercriminals are taking advantage of decreased levels of security on personal devices connected to corporate networks, with successful attacks ringing alarm bells for employers whose sensitive corporate data is now at risk, along with individuals’ personal data, including banking information and login details.
Promon CTO and co-founder Tom Lysemose Hansen comments: “It’s concerning to find that such a large number of workers don’t have the necessary training to spot a potential cyber threat, such as a phishing email or spoofed website, as these are the main ways in which cybercriminals are executing their attacks. Organisations must ensure that staff who are working remotely are doing so in secure environments, whether that’s on personal or corporate devices, and it’s critical that they provide the necessary training and tools to ensure corporate data is protected.”
Promon is a Norwegian firm specialising in In-App Protection. The company works across a range of industries with a variety of global tier 1 clients, counting customers in industries such as finance, health, and the public sector. Promon’s technology is research-based and originates from the internationally recognised research environments at SINTEF and the University of Oslo. Promon’s patented In-App