Rise in cyber attacks as cloud services use goes up during Covid-19-induced work-from-home: McAfee

Use of cloud collaboration tools increased by up to 600%, with the education sector seeing the most growth as more students are required to adopt distance learning practices.

The work-from-home (WFH) regime has triggered a 630% increase in external attacks on cloud accounts, with the transportation, government and manufacturing verticals being most affected. The overall enterprise use of cloud services has been spiked by 50%, with manufacturing and financial services companies contributing the most, says a McAfee research that shows a significant increase in cyberattacks targeting corporate cloud accounts, as companies are largely working from home due to the Covid-19 pandemic.

Based on data from more than 30 million McAfee Cloud users worldwide between January and April, the report reveals significant trends that include the rise of cloud-native threats, access from unmanaged devices, and an increase in the use of cloud services.

During the period of survey, the overall enterprise adoption of cloud services spiked by 50%, including industries such as manufacturing and financial services that typically rely on legacy on-premises applications, networking and security more than others. Use of cloud collaboration tools increased by up to 600%, with the education sector seeing the most growth as more students are required to adopt distance learning practices.

The research shows that threat events from external actors increased by 630% over the same period. Most of these external attacks targeted collaboration services like Microsoft 365, and were large-scale attempts to access cloud accounts with stolen credentials. Insider threats remained the same, indicating that working from home has not negatively influenced employee loyalty. Access to the cloud by unmanaged, personal devices doubled, adding another layer of risk for security professionals working to keep their data secure in the cloud.

Sanjay Manohar, MD, McAfee India, said: “We are witnessing an explosive increase in remote working and adoption of collaborative tools across industries in India. We have seen Cloud-native threats multiply seven-fold. Cybercriminals are adept at adjusting their strategies and are now focusing their efforts to exploit the sudden acceleration in cloud adoption.”

With cloud-native threats increasing in step with cloud adoption, all industries need to evaluate their security posture to protect against account takeover and data exfiltration. Companies need to safeguard against threat actors attempting to exploit weaknesses in their cloud deployments. Tips to maintain strong security posture include a cloud-centric security mindset can support the increase in cloud use and combat cloud-native threats and shifting focus to data in the cloud and to cloud-native security services so they can maintain full visibility and control with a remote, distributed workforce.

It says remote work reduces the ability for hub and spoke networking to work effectively with scale. Network controls should be cloud-delivered and should connect remote users directly to the cloud services they need. Moreover, Cloud-delivered network security and Cloud-native data security should smoothly interoperate, ideally be consolidated to reduce complexity and total cost of ownership and increase security effectiveness and responsiveness.