Why BYOD Is the Favored Ransomware Backdoor

/in


eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

When remote workers connect bring-your-own-device (BYOD) laptops, desktops, tablets, and phones to corporate assets, risk dramatically increases. These devices exist outside of direct corporate management and provide a ransomware gang with unchecked platforms for encrypting data.

Ransomware remains just one of many different threats and as security teams eliminate key vectors of attack, adversaries will shift tactics. Of course, to cause that shift in tactics, first make sure to eliminate the easy access that these ransomware gangs currently enjoy.

Most Compromises Exploit Unmanaged Devices 

Microsoft’s fourth annual Digital Defense Report for 2023 reveals that 80% of all ransomware compromises come from unmanaged devices and that 60% of those attacks use remote encryption. Naturally, this leads to three important questions: What are unmanaged devices? How does remote encryption work? Which unmanaged devices do attackers use?

What Are Unmanaged Devices? 

Unmanaged devices consist of any device that connects to the network, cloud resources, or other assets without corporate-controlled security. Greg Fitzerald, co-founder of Sevco Security, disclosed to eSecurity Planet that their recent State of the Cybersecurity Attack Surface research found “11% of all IT assets are missing endpoint protection.”

Some of this 11% includes the common and recurring problem of overlooked legacy endpoints such as laptops, desktops, and mobile devices. This category also includes routers, switches, and Internet of Things (IoT) devices that can’t install traditional endpoint protection such as antivirus (AV) or endpoint detection and response (EDR) solutions.

BYOD devices deliver another significant source of unmanaged devices unique to our post-pandemic working environment as many remote workers connect to corporate resources using their own devices. According to the National Bureau of Economic Research, 42.8% of American employees work from home part- or full-time, which places an enormous burden on security teams to…

Source…