Gone phishing: Why summer brings increased security threats to the enterprise

Employees working away from the office, including over vacation, could increase the chance of network compromise.

Why phishing remains a critical cyber-attack vector Spear phishing emails targeting business users are so well-crafted they should be called "laser" phishing attacks, says Microsoft's Cybersecurity Field CTO Diana Kelley.

Summer often brings a more leisurely pace to many businesses, as employees often go on vacation or work remotely more frequently, relative to the rest of the year. But these trends may have a negative impact on enterprise security, according to LastLine's Risks and Riptides Survey, published Thursday.

Though nearly half (47.1%) of cybersecurity or infosec professionals surveyed said they have not witnessed a pattern to the seasonality of attacks, of those who said they do, 58% see more threats in summer than in other seasons, with autumn the second-most cited, followed by winter and spring. 

Likewise, phishing attacks are the most cited (46.5%) as increasing in the summer, as attackers may be hoping to catch employees off guard, or at a minimum, with less vigilance than in other parts of the year. Malware is a close second at 43.5%, with spear phishing at 26.4% and ransomware at 24.1%.

SEE: Phishing and spearphishing: An IT pro's guide (free PDF) (TechRepublic)

Notably, the survey indicated that "nearly 20 percent of respondents indicated that more than 50% of employees work from outside the office at least 5 days throughout the summer, including while on vacation." The potential risk for this could be a strong case for not working during vacation.

Being outside the office is not necessarily an indication of working from home—it could be in a coffee shop, or other location, on public Wi-Fi, which is more susceptible to being compromised by hackers.

The survey indicates that 34% of security pros believe the increase in threat activity is related to employees working remotely. "Nearly a third (32%) say that their network is "much less
defined in the summer" because more people are working remotely," the report said.

Connecting to public, unsecured Wi-Fi networks is the biggest concern, with 68.1% of security professionals concerned about potential attacks that leverage these connections. Phishing is second at 46%, with employees leaving computers accessible and unlocked in a public location at 43%. 

For more, check out "30% of employees have lost a work device while on vacation" on TechRepublic.

Also see

istock-916200122.jpg

Getty Images/iStockphoto