CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 730
- Points
- 113
Why are employees personal devices the worst security enemies of any organization?
A study by Microsoft found that between 80 and 90% of all ransomware attacks over the past year occurred from devices that are not under the control of organizations. This data was published in Microsoft's latest Digital Defense Report 2023.
Organizations that practice a "Bring Your Own Device" (BYOD) policy are putting their networks at risk of attacks. Personal devices brought from home by employees usually do not have the necessary security measures and are often an entry point for compromise.
Some experts believe that BYOD will never be able to provide the same level of security as a fully controlled device provided by the organization itself. Therefore, the most reliable solution, in the opinion of many, will be a banal refusal of this method of work.
At the same time, the UK Cybersecurity Center (NCSC) offers recommendations for proper implementation of the BYOD policy, taking into account all its advantages, such as ease of use and cost savings for the company. Yes, and Microsoft itself adheres to the correct integration of BYOD in organizations instead of completely banning it.
However, the success rate of attacks using employees personal devices may reignite discussions about the feasibility of using BYOD in modern organizations.
The threat from BYOD is compounded, among other things, by the overall sharp increase in ransomware attacks this year. According to the same Microsoft, the number of attacks using human-controlled ransomware has increased by more than 200 percent since September 2022.
At the same time, only 2% of attack attempts resulted in the actual deployment of ransomware from victims, which is a good indicator. As noted, highly effective protection against modern ransomware attacks can be provided only thanks to truly reliable security measures.
Recommendations for organizations that don't want to be included in this unfortunate 2 percent have not changed compared to the recommendations of previous years:
According to Microsoft, the majority of ransomware attacks in June 2023 were carried out by various affiliated RaaS groups. Researchers count more than a hundred of them. The four most active RaaS groups currently are Magniber, LockBit, Hive, and BlackCat. They initiated almost two-thirds of all global ransomware attacks.
It is precisely because of the growing number of affiliates that Microsoft believes that the number of ransomware attacks will only increase and in 2024 will probably break new "records".
A key trend observed in the activities of ransomware criminals over the past year has been a "sharp increase" in remote encryption methods used by ransomware operators.
"Remote encryption is when a computer program encrypts a file on another computer, and then sends the encrypted file to the source computer, replacing the original. This can happen if one computer on the network is compromised and has access to another computer," Microsoft explained.
"This can happen without the hacker having to install any additional software on the source computer. For example, when files are encrypted in a shared folder, or if files are encrypted during a remote desktop session when a hacker has access to the file system."
It is very difficult to detect such attacks in a timely manner, so most cases where attackers were still able to break into the corporate system and apply remote encryption end up successfully for ransomware.
In conclusion, given the constant development of cyber threats, experts insist on implementing the latest and strictest security measures, as well as regular checks of the security of corporate networks. This is the only way to fight back against cybercriminals and save your precious data.
A study by Microsoft found that between 80 and 90% of all ransomware attacks over the past year occurred from devices that are not under the control of organizations. This data was published in Microsoft's latest Digital Defense Report 2023.
Organizations that practice a "Bring Your Own Device" (BYOD) policy are putting their networks at risk of attacks. Personal devices brought from home by employees usually do not have the necessary security measures and are often an entry point for compromise.
Some experts believe that BYOD will never be able to provide the same level of security as a fully controlled device provided by the organization itself. Therefore, the most reliable solution, in the opinion of many, will be a banal refusal of this method of work.
At the same time, the UK Cybersecurity Center (NCSC) offers recommendations for proper implementation of the BYOD policy, taking into account all its advantages, such as ease of use and cost savings for the company. Yes, and Microsoft itself adheres to the correct integration of BYOD in organizations instead of completely banning it.
However, the success rate of attacks using employees personal devices may reignite discussions about the feasibility of using BYOD in modern organizations.
The threat from BYOD is compounded, among other things, by the overall sharp increase in ransomware attacks this year. According to the same Microsoft, the number of attacks using human-controlled ransomware has increased by more than 200 percent since September 2022.
At the same time, only 2% of attack attempts resulted in the actual deployment of ransomware from victims, which is a good indicator. As noted, highly effective protection against modern ransomware attacks can be provided only thanks to truly reliable security measures.
Recommendations for organizations that don't want to be included in this unfortunate 2 percent have not changed compared to the recommendations of previous years:
- implement zero-trust and least-privilege security measures;
- create regular backups;
- deploy solutions that detect intruders based on known signals and autonomously eliminate threats.
According to Microsoft, the majority of ransomware attacks in June 2023 were carried out by various affiliated RaaS groups. Researchers count more than a hundred of them. The four most active RaaS groups currently are Magniber, LockBit, Hive, and BlackCat. They initiated almost two-thirds of all global ransomware attacks.
It is precisely because of the growing number of affiliates that Microsoft believes that the number of ransomware attacks will only increase and in 2024 will probably break new "records".
A key trend observed in the activities of ransomware criminals over the past year has been a "sharp increase" in remote encryption methods used by ransomware operators.
"Remote encryption is when a computer program encrypts a file on another computer, and then sends the encrypted file to the source computer, replacing the original. This can happen if one computer on the network is compromised and has access to another computer," Microsoft explained.
"This can happen without the hacker having to install any additional software on the source computer. For example, when files are encrypted in a shared folder, or if files are encrypted during a remote desktop session when a hacker has access to the file system."
It is very difficult to detect such attacks in a timely manner, so most cases where attackers were still able to break into the corporate system and apply remote encryption end up successfully for ransomware.
In conclusion, given the constant development of cyber threats, experts insist on implementing the latest and strictest security measures, as well as regular checks of the security of corporate networks. This is the only way to fight back against cybercriminals and save your precious data.
