Cybersecurity In a Post-COVID-19 World
As businesses radically altered how they operate, security must be of paramount importance. With masses of remote workers and networks under strain, how should your enterprise ensure post-COVID-19, your organization is safe and secure?
* This story was originally published on Silicon UK by David Howell
With workforces now at home connecting to their business’s networks remotely, ensuring these connections are secure is of paramount importance during and after the COVID-19 crisis. Ensuring endpoint security is reliable and robust is a prerequisite, but so is education for staff who may not have the insights and awareness to combat ransomware and scareware attacks. Phishing attacks have risen an unprecedented 667% in the UK compared to February, as malicious actors trick users via fake coronavirus alerts. Government statistics revealed that 75% of large organizations were hacked last year, meaning this enhanced threat is all the more worrying. James Stickland, CEO of authentication platform Veridium says: “What makes this situation so difficult are the timeframes. Where typical changes of this scale are planned, researched, deployed and tested over months, and even years, the UK now has just weeks to overcome some genuine problems.” Stickland continued: “These circumstances, albeit challenging and worrying, indeed present a long-term opportunity for businesses to reassess their security strategies. Many companies are facing increasing scrutiny over their identity verification requirements, particularly video conferencing tools which have exploded in popularity. At this current time, invoking business continuity must be prioritized – ensuring clients are serviced, and secure authentication for remote employees is provided.” The National Cyber Security Centre published has published its own guidance. Also, advice on how to secure SaaS applications is also available. And, its guidance on how to securely use VPNs. Silicon in Focus To gain an insight into how COVID-19 is altering the threat landscape and how business should react, Silicon UK spoke with Gaidar Magdanurov, Chief Cyber Officer & Chief Operating Officer at Acronis.
How is the COVID-19 crisis impacting cybersecurity across the business community?
Due to the COVID-19 crisis, many people that used to work from the office had to switch to working from home, and the massive number of new remote workers brings to light many security issues.
First, most home networks have only basic security. Most internet providers issue a basic internet router with basic security configuration: many home users don’t have strong Wi-Fi passwords and have no protection against unauthorized access.
Besides the computer used for work, home networks have multiple other devices – computers of other family members and multiple other internet-connected smart devices – and all of those devices may not have recent updates installed and may not be secure – and through those devices home a malicious agent can penetrate the network.
The workers not used to remote work may not be adequately trained in security practices, not to mention that their household members may not have any understanding of computer security. These facts create an opportunity for attackers to get access to corporate data and applications that are stored on the device used for remote work.
What is more, as the devices connect to corporate networks and resources – through virtual private networks or web applications – attackers can gain access to corporate systems and create significant damage to the businesses.
Will cybersecurity, in general, have to change post-COVID-19?
The cybersecurity world is adapting to the new situation – multiple remote devices, employees working from remote locations not trained in cybersecurity, work, and entertainment devices in the same network. Thus, we can expect more corporate IT and managed service providers to deploy more cyber protection tools for workers, and design future corporate infrastructure with remote work and protection for remote workers’ devices, in mind.
With the widespread usage of corporate networks, the “forever day” vulnerabilities concept grows in relevance. Commonly used “zero-day vulnerability” is a vulnerability in the software that was recently discovered and can be used to attack a system or application because there is no patch protecting against that vulnerability is available.
But with multiple smart devices at home, there is a growing number of “forever day vulnerabilities” – vulnerabilities that will not be fixed by the vendor. There may be older devices, not supported anymore, or vendors not paying attention to the security of simple, smart home devices, while those devices are still can be used to get unauthorized access to the home network.
Now, with remote workers surrounded by devices that may run vulnerable software, for IT professionals setting up remote workspaces, the concept of “zero trust” network becomes crucial. Instead of trying to protect the network and trusting all devices on the network, “zero trust” requires strict authorization rules for all devices and users. Home networks will have to upgrade from a convenient mode of trust to less comfortable for users “zero trust” mode to protect remotely accessed business data and corporate systems.
Has the threat landscape changed because of COVID-19?
Based on the Acronis Cyber Protection Operations Center reports, there are two primary trends for the threat landscape related to the COVID-19 outbreak:
The first trend shows an increase in the overall frequency of attacks targeting users to open malicious links or install malicious software, using Coronavirus and COVID-19 related keywords. Attackers send emails on behalf of government agencies or healthcare providers, using the interest to the subject and forcing an emotional response from users to deploy malware known for a long time.
Attackers build websites using keywords related to the pandemic; they build fake dashboards with information about the infection statistics –to force users to download and install malicious software. For instance, we see attackers distributing well-known malware like Agent Tesla password-stealing tool, NetWare remote access trojan, or LokiBot trojan.
The second trend presents a growing number of attacks targeting remote workplaces and home network infrastructure. Starting from the attacks on unprotected and unpatched devices, exploiting existing vulnerabilities to install malicious software on users’ systems, to network traffic intercepts to steal users’ passwords and other sensitive information, and attacks on network domain name servers to redirect users’ requests to the legitimate website to phishing mirrors.
It is worth highlighting that attackers also go after tools for remote work gaining popularity. For instance, recently, there were lots of security issues reported in the popular videoconferencing software Zoom, as the userbase of the software grows. Users usually don’t expect that the tool they use for video calls may bring danger to their system. Still, those types of tools open a wide variety of attack opportunities –message injections, remote control hijacking, hijacking of conference sessions, intercepts of text chats and video streams, redirect of users to malicious web addresses.
It is also important to remember that getting access to a work device from the home network may be possible by attacking other devices and other users. Therefore, family members, and especially children, are getting into crosshair of the attackers, using social engineering to deliver malicious software to their home networks. The attack vector is shifting from corporate networks to home users.
Have businesses been prepared or unprepared to protect a workforce that is now working remotely?
Most businesses were not prepared for this situation, as even companies actively using remote work had a significant staff working from the office and secure corporate networks. Corporate IT and managed service providers that deploy and manage infrastructure were used to maintain devices in a secure corporate system.
Now they must support devices in multiple home networks. Initially, they focus on protecting the device used for work, leaving the other devices on the network and network infrastructure unprotected – as they have to focus on the primary device first.
Lack of security measures deployed in home networks creates a window of opportunity for attackers to go after remote workloads now, while the corporate IT and MSPs are catching up with the new challenge. We can see fast growth in deployment of cyber protection, endpoint security, and backup tools to the remote workloads as we see IT professionals establishing protection for home devices.
Can you identify any new cyberthreats that have manifested because of COVID-19?
Cybercriminals use any chance to attack users, and it is not specific to the COVID-19 outbreak; instead, an increase in attacks on the workloads that became abundant because of the requirement for many people to stay home and work from home.
Of course, as with any event that brings a lot of public attention, cybercriminals try to leverage the keywords related to COVID-19 and Coronavirus in their phishing attacks, playing on emotions of people to get them to install malicious software.
For instance, phishing sites distributing malware, pretending to be maps or other sources of information about the outbreak like malware pretending to be a COVID-19 case map. Dashboards and information sources became very popular with users, and attackers are riding the wave of this popularity.
What is your main advice to business when considering their digital security during and after the crisis?
First, every business should consider additional protection for its corporate network, applications, and data, expecting that malicious attackers can penetrate remotely connected devices. This requires the deployment of cyber protection for all systems, applications, and data.
Second, businesses should protect the devices of their remote employees the same way they used to protect their systems on the corporate network – deploying cyber protection for all remote devices.
Third, employees should be trained on security practices – from the basics of avoiding opening unknown links, to the protection of their remote workplace and home network. Due to a shortage of qualified IT resources to protect all remote workloads, some protection burden falls on employees. They need an easy and efficient cyber protection solution that will not require an excessive amount of training to provide an adequate level of protection for the home devices.
The situation with the COVID-19 outbreak is no doubt a global disaster; however, it also presents a unique opportunity for changing the approach to IT security and brings security awareness to every user. Organizations are becoming more distributed – as, during the outbreak, more people started to work remotely, and companies established efficient processes for remote work – now they can continue expanding remote workforce, hiring people in different regions, and have access to a larger pool of talent.
Managing business remotely is also more efficient; thus, we could expect growth in virtual meetings and companies moving more offline interactions to online. All of this leads to higher demand for the reliability of the IT infrastructure and security of home networks. Therefore, there will be more attention paid by software vendors for delivering cyber protection to home users and the integration of cyber protection in applications and systems.