The COVID-19 pandemic has created a huge number of challenges for businesses and organizations – but one that may have been overlooked by many is cybersecurity. Unfortunately, as a result of the pandemic, a number of cybercriminals are actively attempting to exploit the situation by targeting companies when they are at their weakest. Some are even attacking organizations that are involved in the response to the virus.
At the same time, many businesses have made themselves more vulnerable to cyber threats by rushing out new tools and apps to facilitate new ways of working and supporting their staff. Thankfully, however, there are many things that businesses can learn from this pandemic with regard to cybersecurity.
Cyber awareness programs need to be refreshed regularly
Business’ cyber awareness training programs need to be updated as regularly as possible in order to stay relevant in today’s times. Threats evolve at a truly prolific rate, and attackers are adjusting their tactics and strategies in order to exploit the current circumstances.
With more people working from home and anxious to learn more about staying safe through lockdown, there has been a huge rise in phishing attacks themed around the Coronavirus. Organizations need to be quicker at updating their cyber awareness programs to reflect this and provide information to help their staff avoid falling for the latest lures.
Employees need guidance to improve their security at home
The huge rise in remote working during the COVID-19 pandemic means that cybercriminals are targeting home networks with far greater regularity. This is in order to compromise users and devices that access corporate networks. One of the most common ways to target home users is by exploiting home router vulnerabilities and misconfigurations. Once they have access to a router, criminals can redirect users to malicious websites designed to spread malware.
It is important, then, that IT teams are providing guidance and training to remote staff on how to set up their home network securely. This includes changing the default password that routers are shipped with, enabling WPA2 encryption, and disabling remote access and universal plug and play (UPnP).
Security controls need to be reviewed in line with digital transformation
Now that employees are having to work from home, the network-based protections they enjoyed in the office environment, such as firewalls, are less effective. There is also a blurring of the traditional network perimeter; remote work expands the attack surface which means that security teams have to protect much larger areas.
To protect this increased attack surface, businesses face a range of additional security challenges and may need to consider seeking new people and controls as well as outside support to help manage them.
One key technological impact of the COVID-19 impact is that it is likely to drive digital transformation, particularly when it comes to the cloud. Before committing to transformation projects, organizations need to ensure that they fully consider the security risks and implement suitable measures to mitigate them. Cloud misconfigurations cost businesses trillions of dollars every year.
Endpoint security is even more important
There has also been a rise in endpoint-focused attacks; and worse, traditional antivirus software that uses signature-based protection is not effective in identifying the latest polymorphic and fileless threats. Specific COVID-19-related malware and spam have also been a huge problem for organizations, with well-known malware such as Emotet and Trickbot being especially prolific. To deal with this, organizations instead need to consider investing in next-generation endpoint detection and response solutions. These use behavioral analysis to better identify the latest attacks and help security teams to act swiftly and respond to incidents by isolating infected devices.
Other types of tools, like GlobalSign’s Auto Enrollment Gateway, make it easier for organizations to protect their endpoints by allowing administrators to automatically issue and manage publicly trusted certificates to a wide variety of devices.
Use of remote access tools should be assessed
Remote working has a lot of benefits, both for employees and businesses overall, but it can also expose companies to a range of vulnerabilities including cloud misconfiguration and issues relating to remote access controls such as VPN and RDP.
In fact, many of the vulnerabilities currently affecting these tools – such as DejaBlue – have been around for a long time, and remain unpatched. In late 2019, for example, the UK’s National Cyber Security Centre issued an alert relating to vulnerabilities in VPN products created by Pulse Security. It was suggested that in excess of 14,500 Pulse VPN endpoints were vulnerable.
With more people now likely to be working from home on a regular basis, even beyond the end of lockdown, it makes sense to conduct regular reviews of networks, applications, and devices that are used in remote working. Specialized remote working security assessments can help identify vulnerabilities associated with home working and provide support to address them.
Use of SaaS applications needs to be carefully considered
Zoom has been one tool that has skyrocketed in popularity over the course of the COVID19 pandemic. But it has not been without its issues. So-called “zoom bombing” – the uninvited intrusion into video calls – has become such a serious problem that it has prompted authorities to suggest that it could be punished with jail time.
But it’s not just Zoom. Other SaaS applications can be insecure, and organizations need to pay close attention to which tools they are using. This is in order to avoid introducing vulnerabilities and creating issues for data protection and compliance. Controls like two-factor authentication (2FA) can be useful for helping to secure SaaS. Proactive monitoring is also advisable to help quickly respond to threats that are able to bypass preventative measures.
Zero trust is likely to be the future
It is also important to note that when they are a significant number of users and devices connecting to a business’ network from remote locations – it can be very challenging to assess which requests can be trusted. The most common attack vector for cybercriminals remains identity – the majority of data breaches are linked to weak, stolen, or default passwords. So, it is a real issue that organizations are not putting enough focus on validating the identity of users or devices.
Over the long term more and more businesses to move towards zero-trust security solutions – the principle that every user access request needs to be authorized. System access is only granted after verifying the person requesting access, the environment or asset to which they’re requesting access, and the context of the request.
Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.
