As the world struggles to contain the current coronavirus onslaught, cybercriminals are implementing creative social engineering methods for accessing networks, systems, and passwords. Capitalizing on the fear and uncertainty of the situation, cybercriminals are exploiting a human weakness to tempt users into conducting insecure online behavior, leading to detrimental consequences in the present scenario. Cybercriminals are seen to be posing as the WHO or CDC to send fraudulent emails, asking for bitcoin donations, or sending attachments with malware to gain access to a user’s system. Most of these attacks are conducted through email ‘phishing’ campaigns, wherein cybercriminals use coronavirus as the bait, and in the guise of providing information they lure the recipient to open attachments with malware. As enterprises are encouraging more and more employees to work from home, it is imperative for them to protect their systems for business continuity. In fact, as per a CNBC flash survey, more than one-third (36 percent) of executives on the CNBC Technology Executive Council stated that cyberthreats have increased, as a majority of their employees work-from-home due to the present pandemic crisis.
Some of the major security challenges that enterprises are facing in the rush to ensure business continuity are discussed below:
Challenge #1: Securing sensitive data.
COVID-19 pandemic has forced businesses to close their offices and send their employees to work-from-home. With that, the large number of employees connecting to VPN has put additional stress on the corporate IT infrastructure. This is especially an area of concern for companies that requires employees to use their own personal devices to access the enterprise networks and IT systems. Since the employee’s personal device may not have the same security controls that are typically found in company issued assets, one wrong click could provide a malicious actor access to the company’s internal systems and databases. Without data leak prevention controls, remote workers can transfer sensitive data from secure enterprise servers to their vulnerable personal devices or personal cloud accounts, which are more susceptible to cyberattacks. If the employees do not use strong passwords, updated antivirus software or encryption software, on their personal devices, the propensity of enterprise data being hacked by cybercriminals increases manifold.
Challenge #2: Securing remote access and communication services.
Remote access services like Virtual Private Networks (VPNs) and Remote Desktop Protocol (RDP) are increasingly being used by remote workers, which could also become targets of people with malicious intent. In fact, RDP has become a common entry-point for hackers to steal sensitive data from enterprise devices and networks. The vulnerability is further escalated due to usage of out-of-date RDP versions, without the latest security patches. While VPN connections are considered to be more secure, such networks could also be hacked in case of an employee being a high-value target, such as an admin or C-Suite employee.
Employees are also relying on online communication services such as Skype, Microsoft Teams and Zoom to connect with colleagues and customers. In a recent incident, Zoom was found to be vulnerable to remote attacks with the hackers stealing user credentials to gain access to Zoom meetings. Such vulnerable interfaces may pose potential cyber threats to enterprise networks.
Challenge #3: Maintaining enterprise resilience:
COVID-19 has disrupted business operations for companies without a proper business continuity plan. The quick change of events forced enterprises to have their entire employee base to work-from-home, without a thorough assessment and impact analysis to identify critical business functions. This is additional stress on business operations, especially for enterprises wherein IT security is not the main revenue-generating function. Additionally, without proper IT security and awareness training, a social engineering attack could expose the organization’s resources to ransomware attacks, resulting in complete business disruption. Without incident response planning, the enterprise will not know how to respond to such attacks and bring back critical business operations.
In order to mitigate any potential impact of cyberattacks taking advantage of the current situation, enterprises could focus on the following recommended solutions:
Recommendation #1: Implementing a stringent access management solution.
While an enterprise may not be able to secure each device of its employees, it could certainly deploy a stringent access management solution to provide access to sensitive information as per the requirement/profile of the user. For instance, providing higher privileges to employees working as system and domain admins or employees accessing critical systems to carry out operations such as financial transactions. Furthermore, scaling up multifactor authentication (MFA) to access critical apps and networks will further secure enterprise systems.
Recommendation #2: Securing remote-working tools.
Enterprises need to encourage employees to set-up security tools such as virtual private networks (VPNs) while accessing business networks. Furthermore, increasing patching for critical systems/infrastructures such as VPNs, RDP, cloud interfaces and end-point security will also help in minimizing system vulnerability. In order to safeguard data on the remote device, ensure employees have configured and enabled encryption software on their personal devices. Encourage usage of mobile device management (MDM) tools to help remotely lock devices, retrieve data or erase it, in case the device gets lost or stolen.
Recommendation #3: Focusing on shadow IT.
Employees often create business processes for the ease of their work, which may not have formal approval from the IT department. This may lead to remote employees not being able to access the resources created on their office workstations or local networks, thereby obstructing the smooth flow of their work. Enterprises need to ensure that such potent shadow assets should be accessible to employees in a secure manner for uninterrupted business continuity. Furthermore, any new shadow-IT systems created or used by remote employees should also be monitored on a regular basis.
Recommendation #4: Communicating regularly with remote employees about cybersecurity measures.
Businesses need to provide employees with regular updates and educate them on the varied social engineering methods, such as phishing, baiting, pretexting and others, used by cybercriminals to capitalize on the fear psychosis of people. They should actively discourage them to open any suspicious / phishing emails or attachments that ask for login credentials or other sensitive information. Remote workers should have ready access to the contact details of the IT support/crisis communication team for instantly reporting any crisis situation or suspicious online activity. They should be encouraged to report any unusual activity that may lead to any possible breach. Regular training on various cybersecurity tools would also help in securing the endpoints.
Recommendation #5: Widening monitoring system and creating a robust crisis management team.
Constant monitoring of systems and networks is the need of the hour, with most employees working from home, especially for detecting vulnerabilities in end-point, databases and networks. Despite all the above well-meaning measures, in case of any cyberattack, ensure that the enterprise has a robust crisis management team, that should be able to handle any crisis situation or breaches seamlessly and effectively. Employing a third-party organization specializing in IT security could be a good move, thereby, reducing dependency on already overburdened internal resources. Furthermore, a robust BCP/DR solution needs to be integrated in the enterprise IT security protocol. While business continuity strategies will ensure creating proactive plans to mitigate cyber-risks and business disruption, disaster recovery plans will help in providing a suitable response/solution in case of an event/breach.
The present pandemic situation poses various challenges for businesses to function in a consistent manner. The enterprise that would be more resilient in the face of these challenges would be in a better position to sustain in the long-run.