Keeping your mainframe secure is probably one of your top priorities. You’re looking at cryptography and introducing multi-factor authentication (MFA). You may even be running SIEM software to keep up-to-date with what’s happening on your mainframe (and elsewhere). And you might even be considering file integrity monitoring (FIM) software on your mainframe to help recover quickly from any breaches. But while you are busy doing that, the rest of the organization may be getting into holiday mode and be much less careful about security.
Lastline, a cybersecurity organization, published its Risks and Riptides Survey in early July looking at summer’s impact on enterprise security. The survey findings were based on a Pollfish survey of 1,000 US respondents, aged 18 and over, that identified themselves as full-time cybersecurity or information security professionals. The survey was conducted between 14 May and 6 June this year.
The survey asked about employee behaviour during the summer and how that impacts risk. The results highlight three key areas of impact on enterprise security: threat activity by cybercriminals, the increased exposure and vulnerability of employees, and how security teams respond to keep their organizations protected. The kind of problems they are expecting to face include malware, ransomware, phishing, and Business E-mail Compromise (BEC) attacks.
To be fair, nearly half the respondents didn’t see any seasonality to cyberattacks. However, the majority (58 percent) of the rest do see more threats in the summer than in other seasons.
Respondents reported an increase in certain types of cyber-attacks throughout the summer, compared to other times of the year. Nearly a half of survey respondents (47 percent) report seeing an increase in phishing attacks during the summer, which is understandable because cybercriminals may be trying to catch employees off guard, tricking them with spoofed e-mails while they’re not paying full attention. Additionally, 44 percent see an increase in malware, 26 percent see an increase in spear phishing/BEC, and 24 percent see an increase in ransomware. So, IT security teams need to keep the entire workforce alert to these kinds of attacks throughout the summer holiday period.
Mobile working is getting to be more-and-more a regular thing for staff, and the survey found that nearly 20 percent of respondents indicated that more than 50 percent of employees work from outside the office at least five days throughout the summer, including while on holiday. Remote working means that staff are outside of the secure confines of the organization’s offices. They are more likely to use public WiFi, which can be hacked and distribute malware.
Staff are also more susceptible to e-mail attacks because they rely more on personal and mobile e-mail, which may not have the same protections in place as their corporate e-mail. In addition, being outside the office often means that staff are simply more relaxed and may let their guard down.
A third of respondents (34 percent) believe that the increase in threat activity is tied to, or the result of, employees working remotely. Plus, nearly a third (32 percent) say that their network is “much less defined in the summer” because more people are working remotely.
Another threat comes from staff getting infected while in a public place and then bringing their device back to the office and automatically connecting to the company’s WiFi network. Just over a third (33.6 percent) of respondents who thought there will be an increase in threat activity in the summer thought it would be tied to or the result of employees working remotely.
The survey asked what scares security pros the most about employees working remotely (the survey allowed multiple answers). The result was that they’re scared about just about everything!
As a consequence of increased attacks and increased exposure of employees, what are security teams doing to respond? 88 percent indicated that their company reminds and informs employees about the cybersecurity risks of working remotely. Over a third (36 percent) believe that their response time to a cyberattack would actually be faster compared to other times of the year. However, 12 percent thought it would be slower. And 47.9 percent thought it would be the same.
The survey concludes that hackers are expected to increase their attacks against personal e-mails and employees who may have let down their guard a bit while working outside the network. Therefore, organizations need to remind them to stay vigilant and don’t mindlessly click on every link or attachment that shows up in their in-boxes. Also encourage staff to use a VPN whenever they use public WiFi, which will prevent a man-in-the-middle type attack.
So, even while staff are relaxing, they still need to be vigilant about cyber attacks. And the IT staff left in the office need to be hypervigilant.
Regular Planet Mainframe Blog Contributor
Trevor Eddolls is CEO at iTech-Ed Ltd, and an IBM Champion for the eight years running. He currently chairs the Virtual IMS, Virtual CICS and Virtual Db2 user groups, and is featured in many blogs. He is also editorial director for the Arcati Mainframe Yearbook.