How SF companies can defend against hackers as workforce returns to the office

By Sai Venkataraman

By Sai Venkataraman

Special to The Examiner

As portions of San Francisco’s workforce heads back to the office in light of California’s reopening June 15, cybercrime will be a key concern. Hackers love when businesses and employees experience significant change because it sows the seeds of fear, uncertainty and doubt that make digital attacks so effective.

Last year is a perfect example. Hackers saw employees forced to work remotely due to the pandemic and suddenly found themselves outside of the protective confines of their offices and using new digital workplace tools like Zoom, Microsoft Teams and Slack. On top of that, political unrest raged around the world and added to workers’ unease. These conditions are a cybercriminals’ playground as they stepped up the volume and customization of their attacks. Need evidence? Google blocked more than 18 million Coronavirus-related phishing attacks in April 2020 alone.

So now that San Francisco is opening up, and we’re entering another transition period, what tricks do hackers have up their sleeves? I pulled together some of the top local security experts to offer their advice not only on the types of attacks that are heading your way.

Employees in transition

Employee mindsets are essential when thinking about their resilience to cyberattacks. Salesforce is among a growing number of businesses that have endorsed a hybrid workplace that allows people to work in the office or from home based on their own needs. Other company leaders, including Apple CEO Tim Cook and Netflix’s Reed Hastings, have required a return to in-office work and received significant pushback from their employees. Dr. Homa Bahrami, a workplace agility expert and Senior Lecturer at UC Berkeley’s Haas School of Business, said that employees’ mental state could be significantly affected by these shifts in the workplace.

“It depends on the demographics and personal circumstances (of the employee). Younger people are more interested in getting back and interacting with their co-workers while those with young families want more flexibility,” said Dr. Bahrami. “Everyone is in a different place and faces different circumstances. Coming up with a one-size-fits-all strategy may not be helpful for businesses.”

Cybersecurity is everyone’s responsibility within a hybrid workplace, from the CEO to entry-level employees. Whether they are a Millennial, Gen Z or Gen X, people are susceptible to different types of attacks based on their understanding and familiarity with the digital workplace and their organization’s cybersecurity policies. In the same way that businesses trained employees to operate safely in a remote environment, hybrid workplaces require similar training.

Hacking your brain

Phishing is the most likely cyberattack an employee faces. Microsoft’s Future of Work Report found that 62% of security professionals surveyed said phishing campaigns had increased more than any other type of threat in 2020. Phishing refers to emails from seemingly legitimate sources, including colleagues and software alerts, that are sent to workers with the ulterior motive of obtaining an employee’s credentials so they can steal sensitive information or money. Employees using new workplace tools wouldn’t be fazed if they received information about a new software update for Microsoft Teams, an external partner asking them to update payment details or a boss with a seemingly innocuous request.

These types of attacks are so effective because they play on our cognitive biases. Workers’ brains are so overloaded that we make subconscious mental shortcuts to save mental energy. Hackers know this and psychologically manipulate workforces to motivate them to engage in risky behaviors they otherwise wouldn’t do. Here are three recent examples of sophisticated phishing attacks:

  • An email alerts an employee that they are about to be charged for a magazine description and must call a specific number to cancel. When the worker calls the number, she speaks to a pleasant-sounding “rep” and is directed to a site to download a “cancellation form” with embedded malware. This is Bazarcall.
  • Hacintor malware impersonates well-known business service DocuSign to trick employees. The phishing emails are near-perfect replicas of DocuSign alerts, down to the correct colors and logos. Workers’ inherent trust in the brand – and its ubiquity within offices globally – makes it particularly effective.
  • A late-day email from an executive to the accounting team needs immediate action. An external partner hasn’t been paid in months, and a wire transfer is required, “RIGHT NOW!” An unassuming accountant fulfills the request and is then shocked to learn that he sent a large sum of money to a cybercriminal.

Andy Horwitz, vice president of Technology Alliances and the CrowdStrike Store, commented, “It has long been said in cybersecurity that an organization’s weakest link is its employees, and threat actors will always target the weakest link to launch their attacks.”

He continued, “Recent news has demonstrated the damage that the evolving techniques of ransomware actors can cause a business, a community, and a country. These same threat actors continue to sharpen their tactics to achieve the most gain from their exploits, moving beyond simply collecting ransoms and incorporating double extortion models that strong-arm businesses to pay an additional fee so as not to have their data sold or publicly released. As long as employees continue to be vulnerable, and organizations continue to pay – threat actors will continue to attack.”

Work apps aren’t safe, either

According to Ray Conzanese, threat research director at Netskope, employees should also be wary of the new enterprise tools their companies adopted last year.

“The transition to remote work resulted in increased adoption of cloud-based apps and tools to ensure that employees, regardless of their physical location, could work accordingly. Not only did this experience shift the behavior of employees, but it also shifted the behavior of online attackers. According to Netskope’s recent Cloud and Threat report, bad actors are recognizing the vulnerabilities in cloud apps and services and making them a prime hunting ground. In fact, the percentage of malware delivered using cloud apps topped 61 percent at the end of 2020,” said Conzanese. “As we transition to a hybrid work environment, we’ll continue to see high usage of cloud offerings, and that, in addition to the risky behavior of employees as they try navigating the return to the office, means that threat actors will continue to target cloud-based resources.”

If it’s any solace, San Franciscans have been the targets of cyberattacks since their invention. The area’s world-class innovation economy of the country’s best tech companies, VC investors, and colleges has made San Francisco a prime target. As business leaders, we must empower workers with the education and security training they need to protect themselves and our businesses from cybercriminals. As workers, we must do our part in building a human firewall. These next few months will be challenging, but it’s nothing we haven’t faced before.

Sai Venkataraman is the CEO and Co-Founder of SecurityAdvisor, a Sunnyvale-based firm focused on reducing security risk through personalized security awareness lessons. Before SecurityAdvisor, Venkataraman held leadership roles in Fortscale (acquired by RSA), McAfee and Bain and Company. He holds an MBA from the Indian Institute of Management, Ahmedabad.

How to address California’s gun violence problem

4 ideas that will make a dramatic difference

By Brian Malte
Why omicron was first found in San Francisco

Destination’s popularity with global travelers makes it vulnerable

By Soumya Karlamangla
New state laws promote diversity, equity, inclusion, family values

They include expanded childhood education, health care, gender-neutral toys

By Christopher B. Dolan and Kim E. Levy