Emerging Trends - Threat & Technology

C4: Hybrid Workforce: The Truth Behind Your Malvertising Risk

Thursday, June 8, 2023 2:45 PM - 3:45 PM

Room 403/404


What do Corporations, State Governments, Ukrainian citizens, university students, real estate storefronts, energy providers and elderly U.S. citizens have to do with enterprise security? Everything. Each group is actively targeted via the digital supply chain to identify vulnerable assets and position for attack. The vector? Malvertising. Today’s connected digital ecosystem is designed to trade on the consumer—employment, location, age, gender, and interests are leveraged to target consumers outside of the Corporate firewall. Whether on personal or company-issued devices, employees regularly access reputable websites for news, entertainment, sports, travel, office supplies and more. These devices—and the networks they access—become known. Despite countless security initiatives, your hybrid workforce is bringing malware to your environment simply by using the internet via their home, mobile or work networks. Every organization is at risk—whether employees are in-office, remote, using company-issued or personal devices. This session will demonstrate how malvertising and other third-party code on websites, mobile-apps, and connected devices were used to: - Install backdoors on Ukrainian devices, a 5X increase leading up to the invasion - Phish for consumer PII via a realtor website, a 3X increase in the past 6 months - Scam the elderly, a 2X increase during 2022 - Install backdoors on university students, a 50% increase throughout 2022 - Drive malware at an energy facility, a 6X surge during summer months Imagine if this was your organization. The digital media ecosystem has quickly become a national, state, corporate and consumer security issue. From the spread of ransomware to propagation of misinformation, employees are exposed to a host of malware purposefully looking to penetrate the corporate environment.

Learner Objectives

After this session, the learner will: 1. Understand how everyday internet behavior is used to target employees with malware inside and outside the perimeter 2. Learn how to defend your organization from malvertising threat vectors 3. Identify and patch holes in your current digital security policy 4. Reduce the risk of your hybrid workforce by mapping the digital attack surface presented by employee devices