As a result of the COVID19 outbreak, cybercriminals are increasingly targeting organizations that now have more remote workers and fewer IT and security staff ready to detect and mitigate attacks and intrusions. In the rush to get employees set up for telecommuting or working remotely, it is now more important than ever before to address the key areas within an organization’s infrastructure around cyber security. The reality of working remotely creates new threat surfaces and hence requires a structured approach to ensure an organization’s data and systems assets remain secure. Employees remote access from home either use their home machines or a company provided device and hence requires a higher level of visibility and controls.
Here are a few takeaways about how attackers are exploiting this crisis and what security teams must do to defend their organizations to reduce the possibility of a security breach.
With the sharp rise in employees working from home organizations must ensure they step up their defenses, both for protecting employees as well as protecting the organization. Working remotely increases the threat landscape and the risk to organizations exponentially and hence the ability to identify and defend against an attack is more important than ever before. As always, backup and recovery plans are critical to the recovery efforts in the event of an actual incident. Monitoring for unauthorized access and modifying your disaster recovery plans in-light of this new remote working capability is something we all must do now.
For criminals, this crisis offers a slew of new opportunities. Attackers are moving very quickly to launching phishing campaigns and bogus websites which target people working remotely to invade home networks and move laterally on those devices thereby resulting in unauthorized access to company data and system resources. These new sites create avenues for the cybercriminals to monetize via multiple means, including ransomware, credential theft, bitcoin or fraud.
Suddenly, securing home Wifi networks, ensuring older home routers with outdate firmware are either upgraded or replaced isn't just a consumer security problem, but now a corporate one. These new concerns have created additional threat surfaces for cyber criminals to gain access to corporate networks as the boundaries of traditional networks are no longer confined by the walls of the office anymore.
Employees of financial institutions, government agencies, telecom operators and IT companies are particularly at risk as they are high value targets who are working in less secure environments. To help protect employees organizations should leverage IT security consultants who compile content appropriate awareness material that provide guidance on dealing with suspicious emails and other vectors of attacks being used today. Specific content on the responsibilities of employees to protect the confidentiality and integrity of corporate data while working remotely is critical at this stage.
Criminals are disguising themselves as persons from reputable organisations who are responsible for disseminating information and support on COVID19 with the intention to steal money or sensitive information. If you are contacted by a person or organization that appears to be from WHO or any other local health services institution, verify their authenticity before responding. WHO-themed or other COVID-19 phishing messages attempt to pressure would-be victims into making poor decisions. These cybercriminals use fake web address and phishing schemes to request passwords and even bitcoin donations to fund a fake vaccine.
In conclusion, organization must pay close attention to the threats that are posed to their networks now as the threat landscape has increased and the possibility of compromise has grown exponentially. We will see an increase in the number of company’s who fall victim to ransomware and other forms of malicious software which are aimed at disrupting operations and gaining access to confidential data. The absence of policies, training and planned execution of remote working will no doubt lead to some companies being breach and sustaining additional losses. In these times the response to an incident will be costly and time-consuming in the absence of adequate auditing and monitoring.
Essential defenses for remote workers should include deploying effective anti-virus, email filtering software and other security software to identify and monitor for unusual activity. Staff should be encouraged to report phishing or any emails, calls or activities that appear suspicious. Multifactor authentication is highly recommended for controlling access to important systems and data.
In addition, to gain confidence in the security measures being implemented for your organization ensure your users are trained in how to be safe while working remotely, ensure they understand their responsibility in working remotely, implement a remote access policy and put measure in place to ensure users can identify and report suspicious emails, calls or activities. These are the basic set of guidelines which all organization should follow to address the remote working capabilities now.
Mr. Deon Olton is a UWI graduate and Certified IT Security practitioner. Well-known expert in cyber security, having assisted multiple organizations improve their security posture, written extensive articles for popular publications, written annual cyber security predictions for the region and appeared as a guest on tv and radio interviews. Mr. Olton’s experience in telecoms, ICT and Cyber Security has allowed him to perform multiple roles in IT Risk Assessment, Security Awareness Training and long-term strategic IT planning. With this depth of experience and passion Mr. Olton has developed proactive plans to address the growing Cyber Security threats to the Caribbean region’s economies. As the Project Lead for the Caribbean’s first and only indigenous Cyber security public awareness Campaign, with a mission of “Keeping Caribbean Citizens Safe Online”, he is responsible for the online web portal, creating public service messages, developing age appropriate presentations for parents, schools and the elderly. Additional Mr. Olton has spearheaded community outreach projects to increase knowledge of cyber security within schools and communities all across the region.