Historical philosophical, theoretical, and legal foundations of special and i...
Project.pptx
1. WHY CYBER SECURITY RISK OF REMOTE WORKING IS NO FRIEND TO
BUSINESS ORGANIZATIONS
Dhruv Patel
2. 1.1 BACKGROUND
• Remote working is by no means a new concept. However, it is no context in which security has been given the
priority it requires. Examining the situation back in 2006 revealed some drawbacks in terms of user awareness and
safeguard in remote working.
• The question is whether a decade later things concerning the situation which has forced work to be done remotely.
An example is on 16 March, a week before lockdown, UK had only 15% of employees working remotely.
However, the figures rose to 38% by 13 April. This shows how remote working has been embraced by many
workforces.
• The rise of teleworking in the pandemic situation has become an open invitation for scammers using cyber security
threats such as phishing to attack victims such as government, tax authorities and even private business firms.
• A report from the World Economic Forum (WEF) highlights phishing and hacking as the new norm after the virus
attacks have been reduced. These scams are even more effective during the pandemic
3. BACKGROUND(CONTINUATION)
• . As cyber criminals are more aware of this, it is much easier for them to create fake messages or website to replicate the familiar
authorities, this has become a global concern due to the state of handling such situation is vulnerable.
• Many businesses make mistake of not addressing the security measures and solution to prevent employees making a mistake that would
lead to a possibility of a cyber-attack. Experts also agree careless employees, consultants, vendors, and other stakeholders can be a danger
to the organization’s cyber security as the hackers from the outside.
• 90% of successful hack attacks are due to human error especially from the employer’s mistake. Therefore, Employees must learn routine
security practices while remote working.
• In conclusion, these means that organizations that do not have the infrastructure or policies to protects them against cyber-attacks must be
more prepared than ever. To avoid these attacks when working remotely organization should, protect business data, secure remote
networks, empower employees and plan on dealing with an attack situation.
4. 1.2 PROBLEM STATEMENT
Although two-step password verification and VPNs have been implemented by many businesses working from home, many
minor threat protection steps are not taken seriously as they would have been taken in a workplace. Teleworkers are sending
suspicious emails, attachments or even invitation links to the IT department claiming to send reports. (Borkovich, 2020).
Malware attacks, especially ransomware, has increased during the remote working period.
This shows that Human error is the primary threat when it comes to boosting the chance of a cyber-attack. According to
(Malecki, 2020) cyber criminals are exploiting the situation of remote working and launching ransomware attacks on
unprotected or unprepared business organization. According to the source, From February to April 2020, malware-attacks,
especially ransomware attacks have increased by 283%. The bigger risk of this is that ransomware can encrypt even back-
ups.
To overcome this, companies are now testing their back-up systems regularly. Unfortunately, as shown in StorageCraft’s
research (Malecki, 2020), shows that 68% of organization believe that they have effective measures to recover against
ransomware attacks. However, only 46% or less of the organization test their systems once a year. While having backups is
important, having to be able to recover all the data is critical for the business.
5. 1.3 AIMS
• The aim of the research is to explore potential risks of malware particularly ransomware attacks faced while
working remotely. This will help with appropriate solution to solve the current issue or how to improve the
current measures taken by the organization to counter the problems.
6. 1.4 OBJECTIVES
To review literature on the cyber security risks of remote working
To Conduct small scale research, gathering data on malware attacks in remote working
To Present the finding on malware attack in remote working drawing meaningful conclusion found from
the findings
To Reflect the values gained from project and whether its useful to organizational performance
7. 1.5 SCOPE OF STUDY
• The issue with remote working and the cyber security risk it brings to organizations is a common discussion
especially after the pandemic situation where organizations have started working from home. Hackers are
now targeting organizations with malware attack even more now targeting the unprepared and unprotected
organizations. This research is focusing how remote working has caused increase in ransomware attacks.
The reason behind this study is to find the potential vulnerability and the measures takes and try to improve
the current situation. (Palmer, 2020)
8. 1.8 RESEARCH QUESTIONS
• Why are ransomware attacks a big concern within organizations working remotely?
• How has ransomware attacks affected organizations working from home?
• How does remote working make organization vulnerable against malware attacks?
• What are the existing measures taken to resolve the risk of ransomware attacks?
• Do the current measures need to be improved or replaced?
9. LITERATURE REVIEW
Case studies
• Apex laboratory
• Serco
• A gas station in North Carolina
Impact of ransomware attacks on remote working organizations
• As we can see from the case studies, all the ransomware attacks occurred in the period of remote working especially
between 2020 and 2021 where there was a rise in remote working due to the pandemic.
• As we can see from the first case study, Apex laboratory faced a ransomware attack which was targeted towards
their patient’s records. In this case Doppel Paymer ransomware was used to encrypt the company's servers.
• We can also see that ransomware has exploited in recent months (midyear 2020) nearly forcing
companies in the US to pay out around $350m where the treat of ransomware has increased up to
311%.
10. LITERATURE REVIEW(CONTINUATION…)
Measures taken to prevent ransomware attacks
• As we can see from the case studies and related attacks it was clear that after shifting to homes, the
strength of existing measures reduced due to employees using public or personal networks rather than
the strong networks in the organizations.
• Enterprises consider other remote working methods, such as a virtual private network (VPN). Good
VPN solutions are meant to be used over the internet and offer two-factor authentication, which adds
an extra degree of protection.
• Keeping systems up to date and activate two-factor authentication for logins, regardless of what
technology firms employ to enable remote working
11. FINDINGS
• The questionnaires were filled by 20
organizations where the results were as expected.
There were many aspects of analysis from the
data retrieved. The data showed many
organizations had no measures in place when
dealing with ransomware attacks during remote
working. Out of the 20, 4 companies were not
sure if they had measure taken in place this
showed how the employees were unaware of the
issue. From the 20, only 7 had measures in place.
The chart below shows the number of
organizations that had a measure against
ransomware in place.
12. CONCLUSION/RECOMMENDATION
• The first recommendation to all organization will be stay up to date and create awareness amongst the
employees. As simple as it sounds many organizations attacked often get the knowledge of ransomware
attack after an incident has occurred. Studies also show the firms that neglected the WannaCry ransomware
in 2017 were the most vulnerable.
• Another recommendation to organizations would be using VPN services rather than public networks. VPN
would hide the organizations IP address which would make it less vulnerable from attackers as they would
not be able to tack an organization easily. Many organizations have implemented this approach however
many employees tend to ignore this and sent organization related data through public networks especially
when working remotely