The COVID-19 pandemic has forced a majority of companies to promote work from home (WFH) arrangements. What used to be considered a benefit to improve employee work-life balance is now the new normal for most companies as a safety measure against coronavirus infection. While some companies have proven to be technologically well-equipped for WFH arrangements, unfortunately, many are also not ready. The ill-equipped are once again the targets of cyber threat actors. These insidious groups know very well the meaning of Winston Churchill’s words, “Never let a good crisis go to waste” and they will take advantage of the seemingly chaotic situation. They are even more active now due to three reasons: weakened corporate cybersecurity controls, taking advantage of FUD (Fear, Uncertainty and Doubt), and heightened use of technology.
WEAKENED CORPORATE CYBERSECURITY
Some companies are loosening, bypassing, or simply turning off cybersecurity controls in order to allow employees to access company systems while at home. They are turning off their secure remote network access controls (i.e., Virtual Private Networks and token authentication) because they only have a fraction of the licenses to accommodate the employees working from home or remote locations. In this scenario, the only protection the company has is a text password which could be eventually guessed by cyber threat actors.
Critical security patches and updates may not be installed on employees’ computers in time, if at all. The deployment of these security patches is typically done from a central server in the company’s network. It’s easier to deploy the security patch in the office since the network speed is usually fast. However, in most cases, the security patch will be hard to deploy through the narrow bandwidth of the employee’s home Internet connection. This means that many of these unpatched company computers are left vulnerable to cyber threat actors while connected to the Internet.
There will also be employees who will try to disable or bypass the company security controls in their laptops in order to install unauthorized software or access restricted websites. This action leads to inviting a wide range of malware to infect the computer (e.g., keyboard stroke loggers, audio/video recorder, or ransomware).
TAKING ADVANTAGE OF FUD
Cyber threat actors are also using the current atmosphere of Fear, Uncertainty, and Doubt for unjust monetary gain. They are using COVID-19 to target both people and companies with carefully crafted phishing messages. Many of the phishing campaigns currently in progress have frequently been related to groups specializing in ransomware attacks. The current crisis has led people to be more curious about the virus and what’s happening, especially in their communities. Sophisticated phishing emails and malicious websites now abound to exploit this knowing that somebody who wants to stay updated on the pandemic will eventually make that “click” and compromise his or her computer.
HEIGHTENED USE OF TECHNOLOGY
The use of technology and the Internet is unprecedented at this time. One can really just stay at home to purchase goods, pay bills, or watch a movie with just a few clicks. There is a rise in the usage of video conferencing and online banking systems. Almost immediately, new fake domains have been set up to mimic these systems. Moreover, malicious executable files were also quickly developed around these popular systems with the goal of making people install malware onto their devices to harvest usernames and passwords, among others.
“Stay Safe” is now a common expression when ending a conversation. Similar to all the precautions that we take to keep the COVID-19 from infecting us, we must do the same for our technology.
To help mitigate the risks, consider some recommendations from the article of EY’s Global Advisory Cybersecurity Leader, Kris Lovejoy, “Seven ways to keep ahead of cyber attackers during COVID-19.”
1. Understand your company’s remote connectivity and authentication capabilities. Be mindful of potential workarounds which employees might be using to do their work and keep in mind insecure use of these technologies is the easiest path for an attacker.
2. Assess and implement new security analytics models to account for privileged activity and use of new administrative tools and services (i.e., system administrator’s activities).
3. Review your current e-mail security controls and take into consideration current remote workforce conditions. Utilize current controls provided by your e-mail provider to the fullest before looking to purchase additional services or technologies.
4. Assess the current visibility of assets (i.e., computers) and network traffic to identify what has changed due to workforce relocation.
5. Update and test your incident response and disaster recovery plans to ensure they are applicable to the current state of your workforce. Update your external incident response provider and consider an additional external provider if a more appropriate response time is needed.
6. Test the ability to recover from your backups in a timely manner with a keen eye to ensuring that your organization is backing up all the data it needs in a format that is accessible yet secure to prevent both explicit or inadvertent tampering or corruption.
7. Review, update and recommunicate cybersecurity training to all employees. Ensure that the latest threats to your organization and employees are highlighted.
The unprecedented scale of global disruption caused by the COVID-19 pandemic has wrought significant paradigm shifts in nearly every sector and aspect of society. However, companies that take decisive action to deal with the situation now, create contingencies for what happens next, and proactively plan for the world beyond the pandemic will have better chances to survive and thrive in the new normal.
This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinions expressed above are those of the author and do not necessarily represent the views of SGV & Co.
Philip B. Casanova is an Advisory Partner and Nathaniel F. Dizon is a Manager of SGV & Co.