The crisis caused by COVID-19 has led businesses to think of maintaining business continuity and protection against new threats and overcome all sorts of disruptions. There are ways to handle such situations without any playbooks.
Phishing attacks –
Malicious attackers are launching coronavirus-themed emails which contain links to obtain personal information from users and also installables which are malware that take control over user’s systems and steal information. These emails normally appear to come legitimate sources and contain valuable information, for instance methods to prevent spread of infections, convincing the user to open the email and respond appropriately. Good security practices should be followed to avoid phishing attacks-
- Unsolicited email received from unknown sources should not be opened.
- Government websites should be consulted for guidelines and updates on COVID. Links embedded in emails should not be clicked directly. They should be typed in the browser window.
- Personal information and passwords should not be provided to anyone over email.
- Emails containing attachments, if received from unknown sources, should be deleted without opening them.
Phone scams –
Cyber criminals are impersonating government officials and trying to obtain personal or financial information targeting young and elderly people. In order to protect oneself from falling victim to such calls, one should be cautious of what information is being passed onto the caller. No personal or financial information should be shared with numbers that are not familiar. It is best to hang up and not indulge in such conversations.
Taking control of organisational assets –
During the course of pandemic, organisation should take a stock of their physical and digital asset and validate if they are effectively used. Organisations might have handed out assets to all associates due to the remote working arrangement with an expectation that the organisational tools and capabilities will have a view of all endpoints to monitor, detect and respond to malicious activities. However, if any asset is lying unused, organisations may struggle to have visibility over the endpoint and therefore might not be able to deploy agents to respond to an incident or perform forensics should an event occur. Also, if patches or antivirus signatures are not regularly deployed on unused assets, the vulnerabilities on the assets can easily be exploited by threat actors. Other key aspects of asset protection are following the principle of least privilege, appropriately classifying information held by the asset based on criticality and sensitivity and relying on security baselines to detect deviations and unexpected anomaly from the baselines.
Patching –
Patching of remote systems over virtual private networks have increased in the aftermath of COVID in order to prevent security breaches by fixing security vulnerabilities which can be exploited by malicious attackers or software. The increased load can sometimes give rise to performance issues. Nevertheless, critical vulnerabilities should be patched as soon as possible. These can be identified by penetration testing exercise or vulnerability scanning. Additionally, hardening of technical components should be performed as necessary.
Security measures –
Organisations are relying on multifactor authentication, single sign-on and usage of virtual private network as an extra layer of security for the virtual environment.
Home network security –
Home wifi of all associates should be protected by strong passwords.
Insider threats –
At times, corporate information is forwarded to personal emails by accident or for a legitimate reason. It is key that insider threat programs are able to raise flags, monitor and validate the reason for such actions. Appropriate policies need to be in place to take necessary actions for users intentionally trying to grab data or identify business needs to perform such an action.
Third-Party risks –
With the pandemic, many supplier relationships have been disrupted and organisations are sometimes forced with work with third-parties that are untested or has not gone through appropriate vetting or vendor management process. It is critically important for an organisation to understand the third-party related risk that they are willing to accept and the impact it has on the business. Due diligence and audit rights needs to be built into third party contracts and there should be mechanisms to follow it.
Evolving of Red team –
Red team performs scenario-based simulation exercises emulating the real world attackers who are trying to steal information or break into the system critical to the business. During the pandemic, many organisations have lowered the priority of having a red team in place and relies on accepting the risk until business returns as usual due to multiple reasons like budget cuts or physical organisational infrastructure not being used. Such decisions may have long term impact as we are now aware that the COVID is not disappearing anytime soon and remote red team should be reprioritised and brought back as they have the ability to identify critical vulnerabilities, which when remediated, reduces the latest real work attacks.
Adoption of cloud services –
Adoption of cloud services has accelerated during the pandemic. The tooling and monitoring capabilities are stronger on the cloud than it has been on legacy datacenters. Cloud also offers better segmentation of environment. Several cloud platforms allow IT team to deploy machine learning capabilities to understand user behaviour analytics.
Ensuring a back-up plan –
The business continuity and disaster recovery plan needs to be tested and updated regularly so that it can be utilised appropriately in case of a cyberattack.
In view of growing threats during the pandemic, companies should be proactive and better prepared to prevent cyberattacks rather than responding to them when they happen. This requires focussed planning and action. The reality of the situation is that the companies need to change their mindsets from ‘what if’ I get attacked to ‘when’ and prioritise cybersecurity initiatives to address security gaps. Cybersecurity should be given due attention as the biggest learning from the pandemic is that ‘preparation is key‘.