by Rick Grinnell

When it comes to cybersecurity, we need to adapt for now and the future

Mar 25, 2020
IT LeadershipSecurity

As we adapt to a future of remote workers, this is a critical time to ensure you have an incident response plan in place, and can adapt for an indefinite change in operational processes.

4 response time to breach hour glass time clock deadline midnight
Credit: Getty Images

The question of the moment is: How are you holding up? These are trying times for everyone, trying to understand how to work with reduced and staggered staffing, and when possible remotely from home. Entire families in many cases are distanced from each other, while others are sharing more togetherness time than they have had in years. Beyond the disruption of adjusting to this way of working, there is the need to pay extra attention to cybersecurity.

Cybercriminals are taking advantage of overworked (and in many cases remote) IT and security teams, lax security protocols on personal devices being used to work from home, and fear. They are using the coronavirus to attack vulnerable organizations and individuals at a time when SOCs aren’t being staffed by their regular teams.

Coronavirus creates vulnerabilities for the network

People have been working remotely and using BYOD for work purposes for years, so we’ve seen how these activities create risk for a corporate network. However, we have never seen remote work at this magnitude. For example, New York governor Andrew Cuomo issued a mandate requiring 75 percent of the state’s workforce to work from home, adding that only 25 percent can be on the job site at any given time. Many businesses are only requiring essential employees to be in the office, but who is considered essential? Is it the security and IT staff who would be monitoring the network? And even if it is, thanks to social distancing, the in-office staff is likely decreased to one or two people per department. Security is a team effort, but it is hard to work as a team on incident response when everybody is in different locations.

Not every employee is going to be given a laptop or mobile phone; most companies don’t have the resources to supply everyone with the devices they need to work from home. That means workers being asked to use their own computers and phones for work purposes. Because the security team can’t monitor every single personal device, they won’t know if those devices are using the most up-to-date software or operating systems or have other vulnerabilities.

Because employees are working at home, the way they work collaboratively changes. No more in person meetings or stopping by someone’s desk to alert them of an incoming document sent via email. Instead, email volumes are on the rise, as are more attachments. Expect more communications from C-level staff with regular updates involving quarantines and ever-evolving mandates from government leaders. This opens the door for spear phishing campaigns and the sharing of malicious documents.

In addition, hundreds of colleges and K-12 schools have closed, many for the rest of the school year, and are using remote learning. Many teachers and students are using applications they are unfamiliar with. Therefore, the chances of downloading a malicious app increases, and if you don’t know all the features of the app, you won’t notice if something is amiss – malicious code downloaded may be perceived as a normal feature. And all of those kids at home who are not tele-learning? They are spending more time online playing games or watching videos or visiting those live-action sites that zoos have created. If parents are working and encouraging their kids to spend time quietly online, and no one is closely monitoring their behaviors, just think of the cyber troubles that can be introduced to the work network via the home network and shared devices.

And our adversaries know this

Cybercriminals are opportunists. If you want to know what is truly trending in the world, pay attention to phishing campaigns and warnings of fake websites. In a normal year, cybercriminals would be focusing on March Madness, The Masters’ golf tournament, and the upcoming Olympics in Japan. Since at least two of those things aren’t happening as of this writing, hackers have moved on to the only trending event of today – the pandemic. And they are using coronavirus to their advantage in a variety of ways.

Hospitals have long been a target for cyberattacks, and this would be the worst possible time for a medical facility’s network to be unavailable. Yet, that’s exactly what happened in the Czech Republic, to a hospital that is responsible for testing for COVID-19, forcing a slow-down of operations and other hospital functions.

Hackers are taking advantage of the millions of searches on terms like “coronavirus,” “COVID-19,” “virus updates,” and the like. Researchers at CheckPoint, for instance, discovered a cyber theft campaign from Chinese hackers that has been dubbed Vicious Panda that relies on a COVID-related document pretending to be from the government and designed to steal sensitive information from users.

Wired reported “a malicious Android application has been posing as a Covid-19 tracking map from Johns Hopkins University, but actually contains spyware connected to a surveillance operation against mobile users in Libya.”  Another phishing scam claims to be a drug company researching a cure for coronavirus asking the unsuspecting user to install a program on their computer to help them run simulations for a cure. However, the only action that program will be taking will be to steal personal information. 

Cyber criminals have begun to develop and launch malicious applications in the various App stores. One Android app in particular claims to track the virus across the globe, but instead is a ransomware attack in disguise. 

And then there are the data breaches and phishing campaigns. The Department of Health and Human Services, Walgreens, and even Princess Cruise Line, which has been the victim of large coronavirus outbreaks, have suffered data breaches since the COVID-19 began to spread. As for phishing campaigns, the CNBC Technology Executive Council reports a 40 percent rise in phishing attacks and scams, as well as a third of those respondents saying they’ve seen an overall increase in cyberthreats as SaaS systems are less able to respond.

Here’s what organizations should be doing

Because of coronavirus, we are seeing greatly enhanced attacks, we’re seeing greater phishing attacks, we’re seeing ad networks being used to phish unsuspecting consumers, and we’re seeing malware embedded into maps showing positive cases. So how can you address the increase in cyberthreats when much of your workforce is logging in remotely? Here are some tips:

  • Everybody must pull together. Yes, there are security teams who oversee your regular operations, but security should always be a team effort. That’s especially true now, when individuals need to step up their personal security posture as they work from home.
  • Determine if your network can handle the increased number of VPNs and remote desktop systems. Leverage VPNs as much as possible, but if that’s not possible for everyone, determine what other secure connection options are available.
  • Don’t trust anything until you verify the source, and that includes maps, ads, apps on mobile devices, or browser plugin downloads.
  • Use 2FA for everything.
  • Use encryption for sensitive communications and document sharing.
  • Encourage better password management. Usernames and passwords are even easier to steal now, so this is the time to rethink those processes.
  • Understand your industry’s compliance and data privacy regulations surrounding remote work. Things like HIPAA, GDPR, and CCPA are still in effect, even if everyone is working differently.
  • Security training is more essential than ever. Continue whatever routines would be followed in office and have security and IT teams send out regular reminders on how to identify phishing scams and fake websites.
  • Be prepared for changes in employee behaviors. This is not to say that your employees are suddenly going to go rogue and be malicious insiders. But they might be printing out more sensitive documents than usual, saving confidential data on insecure home machines or not logging off work sites before someone else uses the computer. Leadership should present guidelines on how to best prepare employees on to handle sensitive issues at home.
  • Set up secure channels and operating procedures for third parties and supply chains.

How do we adapt for now and the future?

While right now we are seeing an unprecedented increase in remote working due to the coronavirus pandemic, we’ve been on a path toward a general increase in people working outside the office. We’ll see if that continues for the long term, but for now and the foreseeable future it is a prospect companies not only have to think about but address.

As we adapt to a future of remote workers, organizations need plans in place to address incident response. We’re seeing right now an unpopulated SOC, and a distribution of security workers. Do you have a plan or an infrastructure in place for how your security team can easily and effectively collaborate in an emergency? What about the rest of your security response team that should include executives, lawyers, marketing and human resources? How are you managing security overall? This is a critical time to ensure you have an incident response plan and can adapt for an indefinite change in operational processes and know who is managing this response.