By Werno Gevers, cybersecurity expert at Mimecast
After the COVID-19 pandemic emerged in early 2020 and countries around the world went into lockdown, organisations embarked on rapid digital transformation at an unprecedented scale.
A global McKinsey survey found that companies accelerated the digitisation of their customer and supply chain interactions and their internal operations by three to four years.
Roughly 18 months after the first lockdowns, most organisations follow a hybrid work model that sees some employees working from the office some of the time, in between periods of remote work.
Unfortunately, a new picture is emerging. The global cybercrime industry – already experiencing a period of unrestrained growth and expansion thanks to new attack tools and the growing digitisation of our everyday lives – is pouncing on the opportunity to exploit vulnerabilities in hybrid work models.
Hybrid work models offer a plethora of potential attack surfaces, with remote working employees especially vulnerable due to the generally lower levels of protection against cyberattacks on home networks and personal devices.
Regional security leaders share concerns
In a recent roundtable discussion hosted by Mimecast, security leaders across the Middle East detailed their challenges with securing their hybrid workforce.
One security leader recounted how threat actors targeted his organisation’s finance and accounting department with a flurry of impersonation attacks as they worked from home.
For some participants, the increase in cyber threats has been a catalyst for greater investment into new technologies such as artificial intelligence and LTE. Security leaders at the roundtable discussion also cited the need for new policies and processes to ensure employees can work remotely without compromising organisational defences.
As hybrid work models are likely to remain for the foreseeable future, it is vital that organisations stay abreast of the new security risks and challenges created by hybrid work models.
According to Mimecast research and insights gained from members of the discussion, there are a few main risks – internal and external – threatening the defences of organisations across the Middle East:
Risk 1: User Behaviour
User behaviour plays a major role in strengthening organisational defences and building greater resilience against data breaches. However, employees working in isolation while dealing with the mental impact of a global health crisis were more psychologically vulnerable, increasing the rate of risky user behaviour.
One example is the use of work devices for personal matters: research conducted by Mimecast in 2020 found that 87% of respondents from the UAE stated they use their company-issued devices for personal use.
More worryingly, while all UAE respondents said they were aware that links found in emails, on social media or within websites can infect their devices, six out of ten (61%) still admitted to opening emails they thought suspicious.
With some studies estimating that nine of out ten successful data breaches involve human error, organisations should invest in ongoing awareness training to equip end-users with knowledge and skills that can help avoid risky behaviour.
Risk 2: Online Brand Exploitation
Globally, a sharp rise in brand impersonation attacks is a cause of concern. Mimecast threat intelligence detected a 44% rise in brand impersonation emails directed at Mimecast customers in 2020, reaching an average of 27 million such emails every month.
Top brands were welcome targets of fraudsters and cybercriminals. According to Mimecast’s State of Brand Protection report, companies on the Brandz Top 100 Most Valuable Global Brands 2020 index experienced a massive 381% increase in brand impersonation attacks in May and June 2020 compared to January and February, before the pandemic struck.
In the UAE, 36% of respondents to the Mimecast State of Email Security 2021 report saw an increase in brand impersonation via counterfeit websites, and two in five had a rise in malicious email spoofing.
Organisations across the region will need to look beyond their own perimeters to protect customers and partners from attack. Tools such as DMARC are essential in protecting their own domains from compromise, but that‘s only one step in protecting a brand from exploitation.
Machine learning powered web scanning and analysis of key indicators – such as new domain registrations and the issuing of security certificates – could help organisations stop cybercriminals before they can take their impersonation attacks live.
Risk 3: Lack of defensive depth
An over-reliance on boxed security solutions that accompany popular business productivity tools such as Microsoft 365 could be leaving organisations vulnerable to sophisticated attack. If native security tools fail to halt an attack, another tool should be able to compensate, thereby keeping organisations – and end-users – safe.
A defence-in-depth strategy can improve an organisation’s overall security posture. Such a strategy needs to provide protection and visibility within the organisation, at the email perimeter, and beyond, where the aforementioned brand exploitation and impersonation attacks can wreak havoc on organisations and their supply chains.
Where organisations struggle to find suitable skills to support all the security tools that make up a layered approach, the use of APIs could be a saving grace. APIs enable organisations to easily integrate best-of-breed solutions into existing technology stacks, thereby adding depth to defences and improving the organisation’s resilience against data breaches.
This may require additional support from vendors during the implementation phase, so organisations should choose wisely when considering which solutions are best for their needs. Vendors that take a customer success -driven approach are best-suited to supporting organisations as they adapt to the threat landscape.