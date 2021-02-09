The pandemic turned 2020 upside down. COVID-19 impacted almost all aspects of our lives, especially information technology and medicine. Attackers of all kinds were quick to seize and exploit the opportunities presented by the pandemic.

The topic of healthcare became one of the most popular baits for attacks of varying complexity: from emails with malicious attachments to phishing and targeted attacks. The latter involved advanced persistent threat (APT) actors such as Lazarus and Transparent Tribe, which we observed using COVID-19-themed lures to target their victims. Kimsuky, APT27, and others did the same, according to open-source intelligence. These types of threats will remain for as long as the pandemic lasts.

At the very start of the pandemic, the CTI League was founded - a voluntary organization of cybersecurity experts seeking to protect medical organizations and help them respond to cyber-incidents. Hospitals have been assisted too by security software developers including Kaspersky which provided medical organizations with free access to its products.

Businesses will also need to rethink the way their corporate networks are organized. It is not obvious at first glance, but COVID-19 should be considered when undertaking a threat-modeling exercise. Since not all machines are located in the office or connected to the corporate network, adjustments need to be made to ensure endpoints stay secure and corporate resources are protected. For example, companies with a corporate VPN need to take steps to ensure nothing illicit can be downloaded. In addition, it is important to have access to the best threat intelligence source available.

However, a stronger focus on healthcare infrastructure isn’t the only thing to consider. While corporate and perimeter security remain important, the recent mass transition to remote working has shown all too clearly that even the best corporate security cannot compensate for a lack of user awareness. Moreover, for many businesses, remote working is not a temporary solution. Many have already announced that, even after the pandemic subsides, work-from-home options and a hybrid work model will become permanent fixtures of the employee experience. This means that cyber-hygiene training should be implemented and accompanied by changes in IT administration. IT needs to provide additional support to employees, making sure updates are applied on time and any issues with remote connections are fixed promptly.

The focus on digital security in hospitals offers hope that 2021 will be the year when cybersecurity and healthcare join forces. Past experience has shown that painful lessons, such as the Wannacry epidemic in 2017 and the coronavirus pandemic in 2020, are the very things that incentivize organizations to pay more attention to infrastructure security.