|
Nobody loves a good crisis more than a hacker and, by anyone’s definition, coronavirus is a big, fat stinking crisis that almost everyone on earth is sitting in the middle of. For most of us, a crisis brings out the best.
First responders and the healthcare systems are replete with stories of superhuman sacrifice and commitment to others. Unfortunately, it is this commitment to the work at hand that puts cybersecurity on the back burner and increases the chance of a breach, break-in, or general mischief.
Let’s take a look at the problem of increased network vulnerabilities as a result of ramped up, insecure mobile use and how IT departments and new remote workers should respond.
The single overwhelming consequence of the coronavirus outbreak has been that the human race has, to a large extent, shifted their lives online. We don’t travel. Public gatherings are limited. Most of us spend the majority of our day hibernating at home. And what do we do at home?
Get online, of course!
We’re spending more time, using more bandwidth, and creating more hacker opportunities than ever before. We work online and go to school online using videoconferencing and other collaboration tools. When we’re done with that, we go online to play games, shop, chat, and stream videos all day long. This new behavior pattern has created a beyond maxed-out level of stress on what used to be considered adequate cybersecurity precautions.
Here are the avenues through which new threats emerge:
In case you haven’t noticed, there are a few more of us working from home now than there were back at the beginning of March. Few as in millions. Many millions. This almost instantaneous shift to a work-from-home (WFH) arrangement did not happen in a vacuum. There were consequences that include:
The bottom line is that employees working from home are probably unfamiliar with how to safely access the company network and will likely throw caution to the wind and that hackers aren’t paying attention.
The reality is that hackers are paying attention. They’re always paying attention. Even when they are asleep, their automated little password-busting, data-stealing algorithms never stop cruising the internet in search of easy prey. These days, the algorithms are feasting.
Hackers are never averse to using basic psychology against their targets because such strategies work so darn well. With the newly expanded, and to some extent naive, the remote workforce in place, the bad guys are ratcheting up the pressure more than ever with old tactics (malware-laden emails) sent out under a new guise.
There has been an absolute tsunami of not only phishing but smishing (text-based) and vishing (telephone-based) appeals and “heartfelt” pleas using healthcare, charity, and other benevolent organizations as fronts.
Popular tactics are to approach executive-level decision-makers and trick them into moving funds into what appears to accounts related to vendors, services, or virus-response activities. Such was the case when online trading platform Robinhood was hacked in 2019, as many users were started to find their login and password information was discovered on third party websites.
If you’re not familiar with a particular organization, take a moment to look them up online. Legitimate operations will have tended properly to their online reputation. If you find nothing, be suspicious. With management besieged and under more stress than usual, the bad guys are successful more times than we’d like to think.
With the recent Congressional passage of a multi-trillion dollar aid bill for individuals, small businesses, and even corporations who are under strain from coronavirus-related loss of income, a plethora of websites have popped up both under government and private auspices.
Once again, thanks to the prevailing panicked attitude, these sites often go live before adequate cybersecurity precautions have been put in place, making them easy pickings for hackers.
Another common trick is to take advantage of people quickly typing who enter a website address that is off by one letter. Those looking to steal data know the common keyboard mistakes people make and are ready with a custom-built website that, at first glance, looks like the one you intended to visit but exists only for a nefarious purpose.
This all adds up to breaches, breaches, and more breaches. What’s a CISO to do other than pull out what little remains of their hair? Quite a bit actually.
While those in charge of security were able to respond adequately in the early stages of the outbreak - after all, coronavirus isn’t the first crisis in human history - it has gone on longer, with more momentum, and affected more people than probably anything since the last world war. There are no playbooks for this thing. Everything seems to be a Hail Mary with time running out and hope for the best.
Not quite. We can do a little better than that. Here is where IT and cybersecurity staff should aim for their efforts.
Now is not the time to be rolling out a new set of security tools or undertaking a brand new round of chaos testing. Focus on what is critical to operations and make adjustments only as circumstances demand. For example, if the workforce is now forced to access the network remotely, implement a multi-factor authentication process.
Additionally, make sure employees know safe WFH protocols. After all, they’ve always had you to rely on and never been forced to learn this stuff on their own. What has passed for security procedures in the past was based around an on-site workforce and no longer applies. The good news is that the vulnerabilities are the same, there are just more of them. Educate and remind your frontline employees on how to be security-aware at home because that’s where the threats will strike now.
While some departments might be more prepared than others for the shift to remote work, now is not the time to shake things up with a round of chaos testing. Other departments are already in chaos, and it has nothing to do with testing. Instead, focus on incident-response contingencies. If you have none in place, create them quickly. There is a high probability that the number of security incidents will increase and your team needs to know how to effectively deal with them without asking questions or dithering as to what comes next.
If there has been a sharp rise in the use of collaboration tools in your company, that would be a good place to remotely monitor for new strains of malware, especially if employees are not familiar with the software. The first step of your incident response plan should be to catch and prevent the threat from ever fully manifesting. It’s a lot easier and less messy to prevent trouble than pick up the pieces after it arrives.
Keep this in mind. As destructive as the cybersecurity fallout from coronavirus might seem, all consequences are simply iterations or a rise in the level of incidents IT departments have been dealing with ever since going online became a thing. There’s nothing new here, so don’t panic. Take a deep breath and do your job. You know it inside and out. Tune out the screaming emails and bosses with eyeballs bulging from stress.
This too shall pass. Deal with it. Learn from it. Move on to the next thing secure in the knowledge that you will be much better prepared for the next pandemic that shows its ugly, invisible face.
Sponsored byCSC
Sponsored byVerisign
Sponsored byWhoisXML API
Sponsored byRadix
Sponsored byDNIB.com
Sponsored byIPv4.Global
Sponsored byVerisign