Network Attacks Hit A Three-Year High: How Should Employers Respond?

The CSO at internet security company WatchGuard Technologies recently discussed a high-level summary of its Internet Security Report for Q4 2021, which revealed that all types of threats increased over 40 percent from the previous quarter.

When the pandemic started, observers note a big drop in malware being detected by network security devices, which suggested that as tech-based jobs moved to remote work, many employees were no longer using organizational resources to access the internet. This was likely the main reason employers' networks noted a drop in malware attacks via employee workstations. However, network attacks continued to rise through the pandemic, since the servers still lived at the offices and in the cloud, and network security still protected those.

In Q4 2021, observers noted an increase in the number of malware threats directed at the user level. Some of this may be because of the normal holiday shopping season, but most likely, the returning of workers to the office is the likely explanation for the increase in corporate detection rates. "Network attacks increased to a 3-year high" (Apr. 26, 2022).


WatchGuard also noted that among browser-based malware threats, by far the most targeted was the now obsolete Microsoft’s Internet Explorer (IE). This was so even though IE has one of the lowest user rates among major browsers. Chrome’s market share is at least 70 percent, followed by Safari, Firefox, and Microsoft Edge. IE has less than one percent market share.

The Report noted a decrease in the incidents of ransomware, but crypto-mining malware remained relatively steady.

Finally, it noted a high incidence (66 percent) of zero-day malware infections still exists. This is malware that gets past signature-based protection defenses because in and of itself, it does nothing to attract the attention of the security software. Instead, once operational, it uses built-in operating system files to accomplish its work. Moreover, about 67 percent of that zero-day malware arrives over encrypted

(secure web) connections, often the result of successful phishing attempts. This suggests threat actors are focusing even more on evasion than sophistication.

All of these reports suggest that the threat environment facing employers has increased, but many of the more severe threats can be addressed through continued training and the following of well-thought-out security protocols. Using updated and more secure internet browsers is strongly suggested. Finally, the continued use of evasion tactics by the majority of malware suggests reliance on traditional signature-based defenses may not be the best long-term solution. Instead, the use of real-time or AI-based defenses may be the best option.

Finally, your opinion is important to us. Please complete the opinion survey:


Ask Jack: Home Office Data Security First Steps

Jack McCalmon offers some data security steps for home offices.? Read More

Ask Jack: Should We Allow Employees To Play Games On Their Laptops?

An employer wants to keep employees happy. One idea is to allow employees to game during work breaks. Jack examines the cyber risks. Read More

Ask Jack: If There Is No Evidence Of Data Being Stolen, Can I Still Be Held Responsible?

Jack McCalmon talks about the importance of not just post-breach exposures, but pre-breach exposures as well. Read More