The COVID-19 pandemic caused a dramatic shift to remote work that placed many who previously worked in the office at home working alongside their families. We saw an increase in personal usage of company laptops, including personal web browsing, gaming, media consumption, and online shopping. In this blog post, we will take a look at the personal usage of managed devices from a different angle: data security. In 2020, 83% of users accessed personal app instances from managed devices each month.

The biggest fundamental shift in the era of digital transformation is that data is no longer on a CPU that the enterprise owns. Security teams focused on cloud must invest in the right technology to achieve more complete data protection, and we all need to ensure Zero Trust principles are applied everywhere data needs protection. At Netskope, we describe this as Zero Trust Data Protection. In its simplest form, Zero Trust means: Don’t trust the things you do not need to trust.

On March 2, Microsoft released patches to address four zero-day vulnerabilities in Microsoft Exchange Server software. Those vulnerabilities, known collectively as ProxyLogon, affect on-premises Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. (Exchange Online, which is part of Microsoft 365, has not been affected.)

Cloud-native threats have multiple implications. We are used to seeing legitimate cloud applications exploited within sophisticated kill chains, and we forget the basics: such as the risks posed by Shadow IT, like when personal email accounts are used to improperly handle corporate data. This is a very real risk right now, when users are working almost completely from home and the line between the professional and personal use of work devices is blurred.

As we address a number of anniversaries related to the COVID-19 pandemic, you’re likely reminded of a lot of the uncertainty you were feeling coming into an indefinite work from home scenario. I know I certainly am.

Not even seven days after its public release, the American Rescue Plan Act has already been exploited by cybercriminals. This is the latest example of using a relief measure as bait for phishing or malware delivery.

In the summer of 2020, there was a big, short-lived spike in malicious Office documents. The Emotet crew had been quiet in the spring and began leveraging their botnet to send extremely convincing phishing emails to their victims, often with a link to download an invoice or other document from a popular cloud service. Those documents contained malicious code that installed backdoors, ransomware, bankers, and other malware on unsuspecting victims’ computers.

On March 2, Microsoft released patches for four zero-day vulnerabilities affecting Exchange Server 2013, 2016, and 2019 (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). In the following weeks, attackers have been aggressively targeting vulnerable servers to install web shells that provide persistent remote access to infected servers. On March 9, attackers began installing a new ransomware variant known as DearCry or DoejoCrypt on infected servers.

On this one-year anniversary of the COVID-19 pandemic declaration from the World Health Organization (WHO), let’s check back in on the remote work stats for the past year.

Leaky cloud services are a major concern these days. As more and more organizations move their data and applications to the cloud, ensuring new forms of collaboration and agility for their workforce, setup errors and misconfigurations (or even the lack of understanding of the shared responsibility model) pose a serious risk for the new, enlarged corporate perimeter. So far, in 2021, I have collected 12 major breaches fueled by cloud misconfigurations, and I wonder how many flew under the radar.