Across Southeast Asia, the COVID-19 pandemic has seen businesses and governments attempt to mitigate the financial impact of this unprecedented public health crisis. Southeast Asian economies are taking a huge hit in the global economic crisis, with 64% of respondents from a recent regional survey conducted by Ernest & Young expecting a slower recovery extending into 2021.
While countries continue to experience different levels of success with containing the spread of the coronavirus, they have adopted different approaches when it comes to reopening their economies. For example, Singapore is currently in Phase 2 of its exit strategy from the circuit breaker measures, with most businesses and social activities allowed to resume from June 19. In Malaysia, most economic activity has been resumed with interstate travel permitted from June 10. These are clear indicators that Southeast Asian countries are making a concerted effort to enable their businesses to recover more quickly from the pandemic.
However, challenges such as cash flow problems persist. Almost 5,000 firms have borrowed S$4.5 billion from government assisted schemes in recent weeks in Singapore, while the Bank of Thailand has provided 500 million baht of soft loans to financial institutions so that they can offer loans to certain small medium businesses (SMBs). If SMBs are to ensure that their path to economic recovery remains smooth, they would need to address all aspects of their business operations and strategy – and that includes shoring up their cybersecurity defenses to reduce the financial impact of data breaches and hacks.
“Malicious mining attacks continue to remain as a widely underreported area of cyberthreats to SMBs. In this age where we are well acquainted with the infamous examples of data breaches, it is natural for us to pool our resources together and deal with ransomware and large-scale phishing attacks. However, this is not the case when it comes to cryptomining,” comments Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
“As the symptoms and consequences of malicious mining are less obvious and less immediate than ransomware and phishing attacks, it’s easy for SMBs to disregard it as a mere technical issue. However, its aftermath is costly in the long run. The rapid increase of cryptojacking incidents in the region should be a wakeup call for enterprises in all shapes and forms. Cybercriminals are doing this attack because it is profitable, it is high time that we acknowledge this and improve our defenses against it,” he adds.
SIGNS THAT YOU MAY HAVE BEEN COMPROMISED BY CRYPTO-MINING
In essence, some signs that may point towards devices being used for crypto-mining:
- Substantial increase in electrical consumption and usage of CPU
- System response will slow; the device’s memory, processor, and graphics adapter are bogged down completing cryptomining tasks.
- Wasted bandwidth will decrease the speed and efficiency of legitimate computing workloads
- Batteries will run down much faster than before, and devices may run quite hot.
- If the device uses a data plan, users will see data usage skyrocket.
TIPS TO SAFEGUARD YOURSELF AGAINST CRYPTO-MINING
To proactively safeguard your business against SMBs, here’s what you should focus on:
- Enhancing the cybersecurity awareness of your employees is the first step, but a highly critical one for any business that takes cybersecurity seriously. Having them understand basic things like what file/link to open will go a long way in preventing crypto-miners from planting malware on electronic devices. Also, it is worth creating employee and operational control policies that cover aspects of network management and facilities, including password renewal regulations, incident handling, access control rules, protecting sensitive data and more.
- Monitor web traffic – frequent queries to domains of popular cryptomining pools are a clear sign that someone is mining at your expense. Ideally, add these domains to your domain block lists for all computers in your network — lists of such domains can be found online. New domains are constantly appearing, so be sure to update the list systematically.
- Keep track of your server load. If the daily load changes suddenly, that may be a symptom of a malicious miner. Carrying out regular security audits of your corporate network may also be helpful.
- Ensure that all your software are up to date as soon as they are available so that you are well prepared for the latest cyberthreats.
- Implement the right cybersecurity solution for every aspect of your business operations, both hardware and software related. Use a dedicated endpoint security solution equipped with web and application control, anomaly control and exploit prevention components that monitor and block suspicious activity on the corporate network.
If you are already the victim of a crypto mining attack, or are looking to recover, here’s what you can do:
- Use a strong security solution on all computers and mobile devices, such as Kaspersky Internet Security for Android or Kaspersky Total Security to identify the threat, and enable Default Deny mode where possible.
- Kill and block website-delivered scripts. Your IT team should note the URL that is the source of the script and update the organization’s web filters to block it immediately.
- If a website extension is responsible for infecting the browser, update all the extensions and remove those that are not needed or are infected.
Empowering employees through techy can supercharge returns – Lenovo
IT leaders are reporting a 5x return (USD $1 spent on these programs yields USD $5 of increased staff productivity, organizational agility and customer satisfaction), with many expecting to increase their investment by nearly 25 percent in two years.
A new Lenovo and Intel commissioned study, “Empower Your Employees with the Right Technology,” conducted by Forrester Consulting, has found that the impact of technology in improving the employee experience (EX), or an employee’s full journey in an organization, is much more than anticipated — highlighting opportunities for organizations’ IT decision makers (ITDMs) in today’s remote and hybrid work environment.
The key insight points out that while companies on average see a 5x return on investment in the EX driven by increased productivity, organizational agility and customer satisfaction, ITDMs and employees disagree on technology priorities. While ITDMs are prioritizing strategic IT integration, software and service needs, employees are more focused on their fundamental daily technology experience.
This suggests that business leaders have room to collaborate more closely with employees on their IT purchase decisions to elevate team engagement, increase customer satisfaction and improve the bottom line.
Bridging the divide between employees and IT decision makers
With organizations now shifting their focus toward remote and hybrid work, ITDMs are upgrading devices, software and services as part of EX initiatives to improve team engagement and satisfaction. Based on the research findings, this has led to more tech spending. IT leaders are reporting a 5x return (USD $1 spent on these programs yields USD $5 of increased staff productivity, organizational agility and customer satisfaction), with many expecting to increase their investment by nearly 25 percent in two years.
Yet employees still report that they’re frustrated with their PC hardware and software experience:
- Fifty (50) percent of respondents say their PC devices are out of date or insufficient (e.g. not fast enough, reliable enough or powerful enough)
- Forty-six (46) percent note their software frequently malfunctions and disrupts their work
- Only 33 percent are extremely satisfied with the current laptop provided by the company
- Only 30 percent said their laptops or desktop work well for cross-collaboration.
Importantly, ITDMs and employees both define employee satisfaction with technology as a crucial goal. Satisfaction with technology also has the greatest observable positive impact: nearly 60 percent of ITDM respondents noted a more than 10-percent increase in EX scores by improving employee satisfaction with technology. It’s evident that IT departments and the technologies they offer are instrumental to driving EX, beyond conventional factors such as human resources, worker benefits and more.
Yet again, there is a clear disconnect between employees and these ITDMs, whose primary concerns are the longevity of their technology investments rather than its impact on team engagement. According to the study, whereas 84 percent of ITDMs believe employees can easily switch to a different PC device if their current one needs to be replaced, only half of employees agree that’s an available solution. Ultimately, both ITDMs and employees agree that refresh cycles can be improved and better aligned. In addition, ITDMs believe the integration of hardware and software will impact EX the most, whereas employees simply want devices that work consistently.
Prioritizing employees to better leverage technology investments
The study outlines a few key recommendations on how business leaders can better improve employee engagement and business outcomes through technology investments.
- Realign investments. While many ITDMs are investing resources into exploring newer, emerging technologies such as 5G, augmented and virtual reality (AR/VR), and artificial intelligence (AI) or machine learning tools, based on worker respondents’ feedback there is an opportunity to focus first on immediate employee priorities—building a strong foundation of collaboration tools and PC devices—while IT departments explore more advanced technology tools in parallel.
- Reorganize priorities. Decision-makers should also focus on improving EX vs only focusing on specific productivity metrics. In fact, according to the study nearly 80 percent of ITDMs plan to focus on improving employee engagement over the next few months.
- Focus on PCs. PCs have become critically important to employees, with 77 percent of full-time employees saying that PC devices are a critical factor in their daily work and collaboration with one another. A renewed focus on PCs can make the greatest impact on the bottom line and customer satisfaction, with most respondents agreeing that PC devices are critical to increasing customer satisfaction (69 percent), revenue growth (62 percent) and employee retention (55 percent).
- Involving employees in PC investment decisions. Overwhelmingly (72 percent) of employees responded that listening to workers or getting clarity on what they need ranks in the top three of what companies should do to improve EX. This feedback is important, as employees understand their work devices’ value in driving business outcomes, based on technology factors such as performance, connectivity, reliability, portability, size/weight, battery life and more. Listening to employee feedback can go a long way towards making the case for better technology options.
“Our new study findings further affirm our belief in the strategic importance of technology as critical investments, and not as simple transaction costs. The right deployment of technologies delivering returns can far exceed the initial expense of new business models and opportunities,” said Christian Teismann, President, Commercial PC and Smart Devices Business, Lenovo. “Given employees are a company’s greatest asset, the study further maps out opportunities to uplift the return on technology investment by focusing on PC devices and collaboration tools, while better involving employees in purchase decisions. In today’s new remote and hybrid work set-up, these steps are pivotal for companies in yielding opportunities that go far beyond the initial spend on their technology.”
Tips for staying secure while working from home
Because many devices attached to home networks don’t get patched or updated as frequently as corporate devices, the most common exploits detected so far in 2020 have targeted older systems. Nearly two-thirds of attacks targeted vulnerabilities disclosed in 2018, and a quarter targeted vulnerabilities from 2004.
Due to the global pandemic, nearly two-thirds of companies have moved half or more of their employees to telework. Sixty-two percent of employed Americans, for example, say they have worked from home during the crisis, with the number of remote employees doubling between March 13 and April 2 of 2020, and this is not just a temporary change. Nearly a third of all organizations with remote workers expect that half or more will continue working from home after the pandemic.
The security implications of such a dramatic transition in such a short period of time cannot be overstated. Under normal circumstances, moving an entire workforce from secure IT environments to home networks with very little cybersecurity would take long-term planning and preparation. But that was not an option in 2020. As a result, 32% of respondents to Fortinet’s 2020 Securing Remote Work Survey found that setting up and managing secure connectivity to be the most challenging aspect of switching to telework.
Part of the problem was that the devices at the company’s core network were not designed to manage the volume of VPN connections required. As a result, many connections were not secure. Or even if they were encrypted, existing firewalls were incapable of inspecting VPN tunnels to ensure they weren’t being used to deliver malware – at least not without significantly slowing down connections.
But the other part of the challenge is that many home networks were not setup to support the bandwidth requirements of VPN, let alone bandwidth-hungry business applications such as video conferencing. In addition, end user devices (many workers began working from home using a personal device) were often unpatched and unsecured as were other devices connected to the home network. These challenges made home networks an ideal target for cybercriminals.
Cybercriminals Are Targeting Remote Workers
And as one might expect, threat researchers saw a significant shift in the behavior of cybercriminals. According to the latest Threat Landscape Report from FortiGuard Labs, global sensors detected that the top attack targets identified in the first half of 2020 switched from targeting corporate devices and applications to things like consumer-grade routers and devices such as DVRs normally attached to home networks.
There was also a significant increase in attacks targeting end users that used concerns about the coronavirus to lure them into clicking on malicious web links or open attachments infected with ransomware or other malware.
Part of the problem was that the devices at the company’s core network were not designed to manage the volume of VPN connections required. As a result, many connections were not secure.
The FortiGuard Labs team saw an average of about 600 new phishing campaigns per day during the spring. And because home users were no longer protected by corporate security devices, web-based malware became the most common attack vehicle, outranking email as the primary delivery vector used by cybercriminals for the first time in years.
And because many devices attached to home networks don’t get patched or updated as frequently as corporate devices, the most common exploits detected so far in 2020 have targeted older systems. Nearly two-thirds of attacks targeted vulnerabilities disclosed in 2018, and a quarter targeted vulnerabilities from 2004.
Seven Recommendations for Remote Workers
During the last several months, IT teams have been scrambling to close the security gaps in their remote worker strategy. But while 92% of organizations report budget investments to address teleworker security, end users are still the front line of any security strategy – and never more so than now. Here are a few suggestions of what they can do to reduce risks.
- Learn to Spot Attacks: Many organizations are sponsoring training programs to help their workers identify suspicious emails, websites, text messages, etc. In addition, there are free programs available online to provide end users with essential security training and information. And make sure everyone at home using the network, from roommates to children, get cybersecurity training as well.
- Harden Passwords: Another easy step is to simply make passwords harder to guess, and also use different passwords for different accounts. To manage these passwords, use a secure password management system that can remember passwords. Then all anyone needs to remember is the login information for that one application.
- Use Multi-Factor Authentication (MFA): Also known as two-factor authentication, MFA combines something a user knows, such as a password, with something they have, such as a fingerprint or a security token. MFA should especially be used when accessing financial information or logging onto the company network.
- Patch Home Devices: Have users look at all of their devices at home and make sure they are running the latest versions of their operating systems. Even gaming and entertainment systems have options that let users check to see if they are running the latest version.
- Secure Home Networks: This is probably a good time to consider adding or upgrading a security application to protect the home network and devices from attacks. In addition, many home routers now include gateway security which should also be enabled. Some cable operators and internet service providers also provide free security. Remote workers should make sure that logging onto the home WiFi requires a password. They should consider an email gateway that can detect and filter out malicious email attachment and links.
- Improve Device Security: New advanced endpoint security solutions, known as endpoint detection and recovery (EDR), not only provides better threat detection, but also prevents infections that manage to get onto your device from executing their malware. EDR solutions should not only be applied to remote worker devices, but also on other endpoint devices in the home.
- Upgrade Internet Connections: Remote workers should consider upgrading their internet service so they can run business-critical applications even when others are streaming movies or playing online games. Companies should consider providing funds to help offset the cost of a bandwidth upgrade.
Enhance Your Remote Work Security Now
Cybercriminals will continue to target remote workers, with no signs of letting up. Adding these seven steps to any corporate security strategy is the right way to begin protecting today’s distributed networks that include remote workers.
Work-from-home cybersecurity tips
Cybercriminals are taking advantage of the fact that people are working from home and using that to their advantage. They are using ransomware, phishing scams, malware, and more to gain access to companies’ systems for profit.
Since the pandemic began and the majority of people’s lives was forced online, cybercrime has soared. The Cyber Division of the FBI recently released to incredible statistics on what they are seeing during the pandemic. At one point, the division was getting up to 4,000 complaints of cyberattacks a day. That number is a 400% increase from the number of complaints before the pandemic started.
It is not just a US issue either. The European-based international police organization, Interpol reports that “with organizations and businesses rapidly deploying remote systems and networks to support staff working from home, criminals are also taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption.”
The global pandemic has forced people to work from home and criminals are taking advantage of this with a growing number of attacks.
These statistics and statements both point to the same thing. Cybercriminals are taking advantage of the fact that people are working from home and using that to their advantage. They are using ransomware, phishing scams, malware, and more to gain access to companies’ systems for profit.
Who are Cyberattackers Targeting?
The short answer is, ransomware attackers will attack anyone with a computer and an internet connection without thinking twice about it. Big companies, small businesses, nonprofits, municipalities, and even individuals are all seen as potential targets. This is a crime designed to make the criminals money so the more people and organizations they attack, the more chances they have that their ransom will be paid.
That said, there are institutions that these criminals are attacking at a much higher rate and with much more intensity than others. Right now, because of how hectic these organizations are due to the coronavirus and how many people they have – many of whom are working from home – these places are more susceptible to attacks than others. This includes large, multinational companies, the healthcare industry, schools, and local governments.
No one can be sure from the outside that all the recent, major cyberattacks are due to working at home. Only when a skilled cybersecurity company like MonsterCloud reviews the attack can the true source of the attack be found. However, the sheer increase in successful attacks paired with the COVID-related stay-at-home orders makes it a good bet that the two things are related.
Here are some tips to deal with (possible) cyberattacks:
Tip #1: Make Sure Systems are Up to Date
Still hitting “Remind Me Tomorrow” on that system update prompt the computer has been reminding about since the pandemic started? If so, it’s way past time to install any updates that are needed.
Tip #2: Make Sure Anti-Virus Software is Up to Date
The tip is to keep anti-virus software up to date, but that is assuming the software is being used. If not, stop reading this right now and go install one. Anti-virus software is the easiest way to protect from hackers. Like in most situations, the criminals will always be ahead of the people trying to stop them but anti-virus software will catch the majority of attacks before they harm the system.
Tip #3: Watch Out for COVID-19 Phishing Scams
When MonsterCloud reviews the ransomware attacks that have happened during the pandemic, the company has found that many have started with pandemic-related phishing emails. These emails are designed to take advantage of people’s curiosity and thirst for knowledge about pandemic-related topics.
Tip #4: Watch the Wireless Internet
Whether logging onto the internet-based cloud or a company’s in-house servers to access the company’s systems, chances are people are using WiFi to do so. Securing WiFi is of critical importance when working from home. If the home WiFi is not password protected, that is something that needs to be done. If it is, make sure that the password is a strong password and not the default one the router came with. Using something like an address or “password1234” is also not a good idea.
Cybercrime, especially ransomware is a huge problem right now. The global pandemic has forced people to work from home and criminals are taking advantage of this with a growing number of attacks. By following these few simple tips though, everyone can be better prepared to work from home and have less of a chance of being the cause of a cyberattack on their company.
Unfortunately, even if people follow all these tips and more, cybercriminals are so good at what they do these days, someone may still find themselves the victim of a ransomware attack no matter what they do. If this happens, don’t panic. Don’t pay the ransom. Don’t leave it to an in-house IT department. Call the cybersecurity experts.
Empowering employees through techy can supercharge returns – Lenovo
Sustainability is core to Epson, with products made to be kinder to environment
Tips for staying secure while working from home
Local startup 1Export brings global opportunities to MSMEs
Turn your hobby into a biz – Gem Zapanta
Making DIY packaging unique via ‘Put It In Paper’
Attention to detail as an edge for The Holy Crab PH
Go out of your comfort zone – Lia Monica Chua
Financial tips to help prepare for the unexpected
Turn your hobby into a biz – Gem Zapanta
Like us on Facebook
BizWiz1 month ago
Rise from tragedy, helm a business – Connie Hina
BizWiz3 months ago
‘Be confident and believe in your own product’ – Joseph Leonard Ansis
BizWiz3 months ago
Start today; take the risk – Ira Shayne Cruz
BizWiz3 months ago
Starting is the hardest part; it only gets better – Azenith Soriano Antonio-Umipig
BizWiz3 months ago
‘Take a leap of faith’ – John Vincent Garcia
BizWiz1 month ago
Do not be afraid to fail and try again – Andrea Austria
BizWiz3 months ago
‘Perseverance is the key’ – Marian Kristine Ringor-Tan
BizListing3 months ago
Prioritizing beauty at OHHH, MY NAILS! CO.