COVID-19’s Impact on Cybersecurity
The COVID-19 pandemic has forced the organizations and individuals to embrace many new practices such as social distancing, work from home, etc. Governments are finding ways to ensure that their countries stay stable and they do so by developing and enforcing new economic plans. However, while the whole world is focused on the health and economic threats that are posed by COVID-19, cybercriminals all around the world work to find many ways to capitalize on this crisis.
While the world is struggling with COVID-19’s spread and the threats that cybercriminals are posing, we are already seeing major changes in the way that many businesses operate, and those changes are most likely to have the long impact even after this situation is over and when we return to our normal activities.
There are many ways in which cybercriminals can take advantage of the current climate of uncertainty and many rapid changes. One of them is the proliferation of spam emails and phishing, with many individuals looking for information on COVID-19 receiving “official” emails that are sent by criminals with the links embedded with different forms of malware. Other scams that usually show up in this sort of chaotic environment are phony charity scams where, through emails or various social media, hackers ask individuals to donate money to a fake cause.
Furthermore, as many businesses implement remote working options, it opens us vulnerabilities for cybercriminals to exploit. Since people are working from home and using personal computers to access work systems, individuals may have access to websites or emails that would normally be blocked on a work network. The threat continues if someone is working on a home network or even a shared network, which can also be the cause of vulnerability if the network is not protected.
However, there are ways to protect employees. Employers should provide specific directions on how remotely working employees can safely access work environments and leverage available technology. It is also important that the employees are using networks with strong passwords and accessing the work environment through VPN services that are controlled by the employer. Dual factor authentication should also be used. Furthermore, ongoing employee training about best practices to avoid cyber scams should not be critical but highly advanced.
Also, the old standards should still apply even amid all the chaos. Avoiding on clicking on links in emails that were not expected or that sound generic from unknown sources. Everyone should carefully review email addresses to make sure that they are from legitimate sources. Any directives to transfer funds by telephone should be verified by telephone with appropriate individuals. Work from home should look like work from the office, which means not visiting the suspect websites on computers while operating in work environments. And not providing the credentials to anyone or on any website expect in the manner that is specifically directed by your employer.
There are always certain steps that organizations may take to mitigate risks, and some of them involve:
- Securing the newly implemented remote working practices
- Ensuring the continuity of critical security functions
- Counter opportunistic threats that may be looking to take advantage of the situation.
When it comes to securing newly implemented remote working practices there are few things that one may do:
- Monitor for shadow IT and move users towards approved and secured solutions (using Cloud Access Security Brokers and web proxy filtering).
- All remote access systems should be ensured to have critical security patches and that the security configurations have been used. Secure configurations should also be applied to email, identity management, and any kind of conferencing system that is used by remote workers.
- All the network-centric border security controls that apply to devices when they are on the internal network should also be applied to network traffic when they are not on it.
- Any kind of issues that the employees may have while remote working should be monitored and reacted upon and people should be supported to work safely and securely from home.
- Remote access systems should be enough resilient to withstand DDOS attacks.
When it comes to ensuring continuity of critical security functions:
- Activities that are crucial to managing cybersecurity risk should be identified and monitored.
- Internet-facing systems and services should be audit and documented and ensured that any exposed systems and services are required.
- Configuration changes to high-risk or commonly misconfigured systems should be restricted.
- Any incident response plans and playbooks should be updated and ready to work perfectly with a remote workforce.
With countering opportunistic threats that take advantage of the pandemic an organization should:
- Target additional awareness and communications where emerging threats are – for example, highlighting to finance teams increased risks of business email compromise attacks that attempt to exploit different or new ways of working
- Develop plans to rapidly restrict on-notice employees’ access to systems and data, to reduce the risk of data being stolen or systems being damaged.
- Consider implementing additional technical control to reduce the threat from phishing emails.
- Organizations should also seek to deploy quick-win technical controls to reduce risk.
What awaits (us) in the future?
There is no doubt that more changes will occur in the cybersecurity world, which cannot be predicted right now. However, the industry has proven in the past that it can adjust quickly, and while cybercriminals are fast to react, security companies and researchers are not far behind.