Yahoo Finance WFH opens up companies to more cyber threats: Microsoft
Yahoo Finance’s Dan Howley breaks down why working from home puts more companies at risk for cyberattacks, according to Microsoft's latest threat assessment outlook.
Video transcript
- Well, cybersecurity, of course, has been in focus this week with the attack on the Colonial Pipeline. But a bigger risk-- or at least, a broader risk, perhaps-- is that all of us, or many of us, are working at home. Dan Howley looking at that situation with a lot of people may be logged in on VPNs, maybe not. Microsoft, in particular, is looking at the risk of all the folks working at home.
DAN HOWLEY: Yeah. That's right. Microsoft is basically reporting that 90% of the customers in its Microsoft Intelligence Security Association say that they're going to be accelerating their move to the cloud because of the pandemic. And part of that means a lot of their own employees are going to be working from home.
Now, I want to give you an idea. That's 46% of people who say that they can-- are moving because they want to be able to work remotely. And now they're able to do that, as the pandemic has shown. The issue, though, is that according to Microsoft's own threat assessment outlook, they're seeing a lot more attacks on individuals, as well as just general users.
So for instance, they recognize the 50 million password attacks every day, which basically comes down to 579 attacks per second. Those are basically trying to brute force their way into people's accounts using passwords that they may or may not know. They've intercepted 30 billion email threats in the last year.
They are tracking 40-plus nation state actors and 140 different threat groups representing 20 different countries. So a lot of this comes down to different criminal organizations that are doing their own thing. Obviously, we know that DarkSide is a criminal organization. That's on a different level, though, with the scale of the attack. These are kind of the scope where they're going to be going after multiple businesses, individual users, enterprises large and small.
And then one of the things that's interesting is they're seeing a lot fewer security professionals than they need. So they are having a shortfall of 3.5 million security professionals. So essentially what we're seeing here is with this kind of new hybrid in the office, out of the office, or straight-up work-from-home model that we're going to be seeing, they're going to need more security professionals because people who aren't on their work networks or are using their personal devices, mixing them on their work networks, being more lax with what they use, creates a larger security issue.
But there aren't enough people to meet those demands. So that's something that Microsoft says customers are going to have to look out for-- consumers in general, as well as organizations. So I think this is going to be something we're going to be talking about for some time, just as we start to see more people go back to the office and this model where-- sorry-- workers are able to say, look, I worked for a year and a half remotely. You can't tell me I can't do my job remotely. So I'm going to be doing that from now on.
Businesses are going to have to kind of adjust and make sure that they're able to do that. But the shortfall, 3.5 million security professionals-- look, if you don't like your job, maybe that's something that you should be looking for.
- Yeah. I mean, Howley, it's-- I mean, I get it. On the one hand, Microsoft is-- they sell corporate software protection. So I understand their argument here. But I mean, it was, for a long time, that for security reasons-- I wouldn't say primarily, but I would say as a large chunk of the justification for why folks needed to be in the office. That was often cited.
But I guess-- and I sort of know what the answer is here. But if you ask someone in the cyber security space, is this period in which something very, very bad did not happen as the workforce has been distributed like this, is this period the anomaly? And is there still an almost unfathomable risk with this much distributed connection into what are, ultimately, pretty proprietary corporate intranets which have certainly not been protected to the extent they need to be over the last year?
DAN HOWLEY: I think it comes down to people really needing to use their VPN. And I think you're right. This is the anomaly, right? We haven't seen any massive ransomware attacks outside of, obviously, the Pipeline. But that's kind of isolated to that particular business. But I think overall, we haven't seen a huge threat come out in the past year. And I think that's largely because, obviously, the pandemic had people stuck at home. So criminal organizations may or may not have been able to work as hard as they wanted to.
There was some downfall in the pricing that people were requesting for ransomware ransom. So I think that that was, like you said, the anomaly. We're going to see attacks pick up again. We're going to see major zero-day attacks come out. That's basically where an attacker knows how to infiltrate a piece of software and the maker of the software has no idea that it exists. At that point, then they have to kind of reverse engineer it.
But I do think if more people are using their VPN, it's the same thing as being in your work office. You're just going into their network remotely. So it's not as though that's going to make you any less safe. I think the issue is when people are on their regular email or on their corporate email on a device that isn't connected, that can open them up to risks. And then that can then spread to their devices and into the corporate network that way.
So I think that's really where the issue is going to be. And companies just need to be more vigilant, really.
- We'll see how this ends up evolving. Well, I mean, I think also employees need to be more vigilant. And that frequently even perhaps more than the corporate firewall is where the vulnerabilities lie. Dan Howley, thank you so much for breaking this down for us. Appreciate--
