The “work-from-home” trend may have helped contain the spread of coronavirus among employees, but this has exposed corporate networks to menacing phishing attacks and other cybersecurity threats, according to a Filipino information technology executive.
Louie Castaneda, country manager of Fortinet Philippines, says he has observed an increase in cybersecurity threats during the enhanced community quarantine period which forced most companies to allow their employees to work from home.
He says these threats include phishing or fraudulent attempts to steal personal data, malware, ransomware and denial of service. They are directed at compromised personal computers or laptops used by employees at home without the security solutions provided by companies.
“These attacks actually rose during the Covid-19 pandemic, and they were committed by bad actors who are out to take advantage of the situation when people are most vulnerable. They are looking for information, especially those related to Covid-19. That is why the Department of Health needed to come out with its own announcement that you go to this specific website only for information related to Covid 19, otherwise you might end up in a phishing site,” Castaneda says in a video briefing.
Castaneda says such threats increased amid the big shift to work-from-home arrangements. “A lot of the companies were not prepared for this work-from-home. When pandemic came, majority of their employees needed to work from home. Most of the companies were not prepared for that shift,” he says.
“More than half of their people are working from home. That means they have to secure the personal laptops they are using or the company-issued laptops while they are connecting to or accessing corporate resources,” he says.
“In the office, computers are secured when employees are working inside the network infrastructure. But when employees went out, the question is how to connect a lot of these people from their respective homes to the office. That’s where the security issue arose. They have to fight for speed and they have to make sure these people are able to connect. Security might have been forgotten,” says Castaneda.
“Some of these workers have to use their personal laptops and sometimes the laptops of their children or the ones they use for school. A lot of times, these laptops were used to view films or videos that were directly streaming from the internet. In a way, these laptops were compromised. If you are connecting these laptops to corporate resources, you are exposing your corporate resources to viruses or malwares,” he says.
Castaneda says this might have exposed several companies to cybersecurity threats, with some of them repeatedly reminding their clients against fraudulent e-mails from hackers. “I would say quite a few had experienced that,” he says.
The most common targets of these threats are banks and other financial services, telecom companies, retail companies, hospitals, manufacturing firms, other enterprises and government agencies.
Castaneda says cybersecurity threats could cost valuable amount. He says a benchmark research conducted by Ponemon Institute concluded that the global six-year average cost of a data breach amounts to $3.78 million. The financial consequences of a data breach can vary based on several factors, including root causes, network size, and the type of data held by an organization.
A 2018 Frost & Sullivan study commissioned by Microsoft estimates that cybersecurity incidents can hit $1.745 trillion in Asia-Pacific, representing more than 7 percent of the region’s total gross domestic product of $24.3 trillion.
Castaneda, who has headed various technology companies before joining Fortinet in 2018, says, “everyone is exposed to cybersecurity threats because there are people who are looking at this as a lucrative business”.
“For example, the most expensive information outside finance is medical information. If they get to hack a hospital and get information of patients, they can actually sell those information to those who are interested to malign or extort money from the victims,” he says.
Castaneda says to avoid becoming a victim of such threats, employees need to practice basic cyber hygiene like protecting and changing passwords regularly, running the updates on applications and programs, spotting social engineering and avoiding online transactions using public Wi-Fi.
“You have to train your people how to spot social engineering, specifically phishing. They appeal to your emotion by encouraging you to click it or opening an attachment,” he says. “If you go to malls, it is okay to just surf the web. But if you are going to do online transactions using public Wi-Fi, you are exposed.”
Castaneda says Fortinet, the largest cybersecurity company in the world in terms of market capitalization and security appliance shipments, has a large range of security solutions from the cloud to the endpoint. “In terms of market coverage, I think we are one of the few that could actually say we have the solutions for different markets. We are one of the top enterprise security solutions providers. We are also big in the mid and commercial market space. One of our biggest areas is the small and medium business space,” he says.
Castaneda says to help remote workers, Fortinet’s teleworker solutions are specifically geared towards the work-from-home scheme. These include virtual private network, multi-factor authentication, end-point security, data loss prevention and device management.
“Companies need to have device management control solutions, so they can keep track of these devices being used to connect to enterprise solutions,” he says.
He says the Fortinet Security Fabric platform provides an integration and automation across an organization’s security infrastructure. Fortinet also uses artificial intelligence to proactively respond to any threat, he says.
“Because some of the threats out there are using very complex algorithm to evade traditional security solutions like firewall, majority of our solutions have also incorporated AI because you should be able to adapt to the changing threats in the market. That’s why in any threat out there, we can create solutions in a matter of minutes,” he says.
Castaneda says Fortinet continues to look at the Philippines as a growth area. The country has a $72-million cybersecurity market, which is relatively smaller than other Southeast Asian markets, he says.
“The Philippines is one of the fastest growing markets in terms of adoption of cybersecurity solutions. In the region, our cybersecurity market is still not as big as the other Southeast Asian countries but there is a big shift in the adoption of security solutions among companies. They also see the need to adopt solutions other than firewall. Now, they realize it is becoming more complex, and they have to secure all different areas of the business,” he says.