Cybersecurity remains one of the top concerns of employers in the new world of work – especially among those implementing a remote, distributed or hybrid work model.
Attackers have been increasingly on the move, more so now that most employees are working outside traditional office premises and are left vulnerable to security breaches.
Staff are fast becoming an easy target of hackers and fraudsters. But employees don't anymore become just an unwitting accomplice falling for the usual phishing scams.
As many as 48% of surveyed workers in North America have, in fact, been approached by cybercriminals to aid ransomware attacks against their own employers, a new study from identity management firm Hitachi ID revealed.
Ransomware attacks typically involve outsiders gaining access and taking over a company's data systems; denying access to the real owners; and threatening to continue the hijack and to wipe out the data unless the company pays a ransom. The cost usually runs up to millions of dollars.
Data thieves are purportedly growing more sophisticated in their approach, no longer hacking their way into a system but instead offering insiders a share of the ransom money just for letting them pass through layers of security, undetected.
For employees who earn lower salaries or have a smaller stake in the welfare of the organisation, the chance to get a slice of a multimillion-dollar bounty can be tempting, according to Nicholas Brown, CEO of Hitachi ID.
So, while almost half of respondents at the employee level have supposedly been asked to participate in planning an attack, the incidence of an insider threat is said to be higher among decision makers in the company – those at the director level (55%).
Overall, among those "solicited to assist" in ransomware attacks, 83% believe the number of cases of cybercriminals approaching employees has increased since employees began working remotely. This trend suggests a need for businesses to tighten security protocols, verifying identities and limiting access to sensitive data even more vigilantly.
Just in the past six months, seven in 10 employers on average have launched cyber education programs for their staff.
"As cyber attacks grow in sophistication and payouts, security leaders can no longer rely on traditional or reactive access security," Brown said.
Today's cybersecurity landscape has become increasingly risky. "Trust nothing; verify everything," he said.