March 2020 may be remembered as the day the world went on lockdown because of the pandemic. In Southeast Asia, the rushed transition to work from home and then partially back to the office a year later turned into what people now embrace as the new norm. The hybrid work setup isn’t entirely new, but employees now want to stick to it. At the same time, companies have come to accept it after it proved to have worked fairly well for two years.
Unfortunately, cybercriminals thought it worked to their advantage, too. With tons of valuable data employees bring with them on their devices, it could have felt like the best time for these cyber thugs who found themselves effortlessly stealing from their easy prey.
In 2020, there was an increase globally in the number of people using remote access tools such as remote desktop protocol or RDP, one of the most popular application-level protocols for accessing Windows workstations or servers. It also allows access to other device resources and RDP clients are available for all the most used modern OS such as iOS, OS X, Linux, Unix, and even Android.
Originally designed as a remote administration tool, cybercriminals use RDP to penetrate the target computer by exploiting incorrectly configured settings or vulnerabilities such as weak passwords. Hacking an RDP connection is lucrative for cybercriminals.
In the same year, there were about 147,565,037 remote desktop protocol (RDP) attack attempts against users of Kaspersky in Southeast Asia. When the workforce slowly started going hybrid in 2021, the RDP attack attempts went up a bit to 149,003,835. It was in 2022 when the pandemic restrictions were lifted and by that time, the RDP attempts spiraled down to 75,855,129 or a plunge of -49% from the previous year.
“Among our post-pandemic learnings is that flexibility, agility and openness are important to our sustainability and productivity in business. We are still evolving. Part of this evolution is the resounding desire of the workforce in Southeast Asia to stay within the hybrid setup, which boils down to our need for connection and empowerment as humans and we need to acknowledge that,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
“Part of listening to what the workforce is asking of us is providing options and support within the cybersecurity framework for their safe return to office work in any form. For companies, you will still have to use technology to drive productivity and it will remain this way as things get more and more sophisticated in the business space,” Yeo added.
For the employed, switching to working from home has been difficult enough. After getting used to this setup for two years, returning to the office may just be as tricky. Companies are in the same predicament — rolling back some changes would mean jumping through hoops again like how they did when they deployed these in 2020.
To help stressed IT security managers prioritize, we put together some cybersecurity action items for businesses:
1. Keep work-from-home cybersecurity workarounds
Whether your workforce is returning from home to office or requires work-related travel, using virtual private network (VPN) and an advanced endpoint and detection response (EDR) solution will ensure their safe return to on-site work. Kaspersky Extended Detection and Response or XDR is a multi-layered security technology that protects IT infrastructure. Whereas EDR focuses on endpoints, XDR focuses more broadly on multiple security control points to detect threats more quickly, using deep analytics and automation. XDR creates security efficiencies by improving detection and response capabilities through unifying visibility and control across endpoints, network, and cloud. It facilitates advanced investigation and threat hunting capabilities across multiple domains from a single console.
2. Restore any security controls you disabled for remote workers
To allow remote employees to connect to the corporate network, especially from personal devices, some organizations weakened or disabled cybersecurity controls such as Network Admission Control (NAC). NAC checks computers for compliance with corporate security requirements, such as up-to-date malware protection before granting access to the corporate network. Upon employees’ return to the office, NAC should be turned on to protect the internal systems in case the machines pose any risks. Organizations need to anticipate such issues and have a plan that includes resources, deadlines, bug fixes, and maybe even help from IT integrators.
3. Update internal systems
Don’t forget to check internal critical services. The IT security team needs to know if there are any unpatched servers in the building before letting anyone in. With everyone returning to the office and connecting their laptops to the corporate network at once, just one unpatched domain controller can provide broad access to, for example, employee account data and passwords.
4. Get ready to save — and also to pay
Bringing employees back to the office may save employers some money. Companies can reduce the number of subscription-based cloud solutions or licenses, such as for video conferencing or electronic signature to bring some services back as local resources. Consider spending those freed-up budgets on organizing digital workstations so that employees can split their weeks between office and elsewhere. Remote work technologies like virtual desktops are much easier to deploy, manage, fix, and protect than remote computers.
5. Save the tools and settings that employees used remotely
Thanks to their pandemic experience, employees have mastered new communication and collaboration tools for chats, videoconferencing, planning, CRM, and others. If those tools worked well, employees will want to continue using them. In fact, 74% of Kaspersky’s survey respondents said they want more flexible and comfortable work conditions. Companies should be prepared either to approve new services or to suggest and defend alternatives. Dedicated solutions can help organizations manage access to cloud services and enforce associated security policies. IT security should be a business enabler, not a barrier.
For SMBs and midrange enterprises, Kaspersky in Southeast Asia also has launched a Buy 1 Free 1 promo. Businesses can now enjoy two years of enterprise-grade endpoint protection for the price of 1 with Kaspersky Endpoint Security for Business or Cloud or Kaspersky Endpoint Detection and Response Optimum, with 24×7 phone support.