EDITOR’S QUESTION
LINUS CHANG, FOUNDER
AND CEO OF BACKUPASSIST
Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + Q + A +
“
THANKS TO
THE RUSH TO
WORK FROM
HOME, NOW A
HACKER CAN
COMPROMISE A
HOME NETWORK
(A MUCH EASIER
TARGET) AND
USE THIS AS A
SPRINGBOARD
INTO THE
CORPORATE
NETWORK.
Our biggest concern is the post
compromise ransomware attack,
which has been made easier thanks
to work from home (WFH).
This is where a successful hacking
attack allows a cybercriminal to install
ransomware onto a business network to
monetize their exploit.
Prior to 2020, a hacker would need to
compromise a corporate network in order
to launch this kind of devastating attack.
Penetrating a corporate network, with
sophisticated security and firewalls,
is non-trivial.
But thanks to the rush to work from home,
now a hacker can compromise a home
network (a much easier target) and use this
as a springboard into the corporate network.
With work from home now the norm,
millions of employees are using homegrade
hardware to perform work duties.
Many will use VPNs; others use a remote
desktop tool or access cloud services.
Worryingly, their home grade networks are
not protected by enterprise-grade firewalls;
instead security is basic at best and many
people leave default passwords on their
equipment. Also connected to the home
network are machines of other family
members – like a laptop owned by their
high schooler, or a tablet used by a child.
Perhaps there are IoT devices like smart
home assistants, fridges or TVs.
“
AGGRESSIVE
HACKERS ALSO
MAKE THE POINT
OF SEARCHING
FOR AND
DESTROYING
BACKUP DATA.
Any single vulnerability in these
devices can result in the home network
being penetrated and, after that, the
compromised home network is a convenient
springboard to the workplace network.
Once they have infiltrated the corporate
environment, the hacker can install
backdoors that are nearly impossible to
detect and then unleash ransomware on
the corporate environment. Aggressive
hackers also make the point of searching
for and destroying backup data, to force the
victim’s company to pay the ransom.
These risks demonstrate how important it
is to keep good backups and protect them
with the right tools and security. The safest
form of backup is an offsite, offline backup
– I’ve never seen a hacker attack a hard
drive that’s disconnected from a machine.
34 INTELLIGENTCIO www.intelligentcio.com