As most companies have shifted at least some, if not all, of their employees to telework during the COVID-19 pandemic, they have had to deal with a bevy of problems – remote access, server capabilities and general oversight. None, though, has likely opened up as much potential concern as cybersecurity, yet in terms of focus from IT staffs, it’s probably not getting the attention it needs.
Cybersecurity firm Crowdstrike said that 50% of global employees typically work outside their main headquarters an average of 2.5 days per week. During COVID-19, that number is rising, and rising dramatically.
“A broad shift toward work-from-home arrangements has amplified long-standing cybersecurity challenges: unsecured data transmissions by people who aren’t using VPN software; weak enforcement of risk-mitigating behaviors (the ‘human firewall’); and physical and psychological stressors that compel employees to bypass controls for the sake of getting things done,” wrote Jim Boehm, James Kaplan, and Nathan Sportsman, in a recent report from consultancy McKinsey & Company.
The authors note that employees struggling to access company data networks and internal systems, may turn to workarounds that open additional doors to cyberthieves. In fact, the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert with the United Kingdom’s National Cyber Security Centre (NCSC) on Thursday addressing the increasing cyberattacks occurring at this time.
“Both CISA and NCSC are seeing a growing use of COVID-19-related themes by malicious cyber actors,” the agencies wrote. “At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations.”
The agencies noted that cyber-criminals are increasing attacks on businesses of all sizes as well as individuals, many of whom may be using personal devices to access company systems.
Current threats being observed include:
Phishing, using the subject of coronavirus or COVID-19 as a lure.
Malware distribution, using coronavirus- or COVID-19- themed lures.
Registration of new domain names containing wording related to coronavirus or COVID-19.
Attacks against newly – and often rapidly – deployed remote access and teleworking infrastructure.
These bad actors may be including links that will download malware or ransomware, or an invitation to open a file that contains a virus. One attempt that has been circulating, the agencies said, is an email that provides a link to a real-time coronavirus outbreak tracker. Instead, it installs ransomware on the user’s device.
“To create the impression of authenticity, malicious cyber actors may spoof sender information in an email to make it appear to come from a trustworthy source, such as the World Health Organization (WHO) or an individual with “Dr.” in their title,” the alert said. “In several examples, actors send phishing emails that contain links to a fake email login page. Other emails purport to be from an organization’s human resources (HR) department and advise the employee to open the attachment.”
Phishing attempts and even text messaging are also common attempts these days to steal user information.
The McKinsey authors note that there is an increase in what they call “social-engineering gambits.” These are emails laced with malware that may steal the identities of health or other benevolent organizations. Some, they said, may even appear to come from the company’s own IT department asking for credential information.
Now is a good time for IT departments to offer up some additional security tips to employees. Online security company Norton recommends:
Using a full-service internet security suite
Using strong passwords
Keeping software updated
Strengthening home networks through the use of a virtual private network (VPN)
Crowdstrike said it too has seen an uptick in attacks.
“It is imperative that businesses and employees remain aware of the potential cyber threats they face while they make transitions to alternative business continuity plans, and that they are informed of the immediate steps they can take to mitigate potential risks,” Crowdstrike wrote in a blog posting this week. “CrowdStrike recommends adopting a strong defensive posture by ensuring that remote services, VPNs and multi-factor authentication solutions are fully patched and properly integrated, and by providing security awareness training for employees working from home.”
In a separate blog, Crowdstrike added its own advice to businesses dealing with remote workers for the first time.
“Strong security policies may already exist, but it is important to review them and ensure they are adequate as your organization transitions to having more people working from home than in an office,” it said. “Security policies need to include remote working access management, the use of personal devices, and updated data privacy considerations for employee access to documents and other information. It is also important to factor in an increase in the use of shadow IT and cloud technology.”
The company added policies need to reflect the realities of bring-your-own-device (BYOD) use, in which employees may access company systems via personal devices. These policies should also address control of sensitive company information traveling through home WiFi networks, and all companies need to have a crisis management and incident response plan that can be executed by a remote workforce. Many companies may bring in outside experts in the case of breach, which may not be possible under current conditions.
“A cyber incident that occurs when an organization is already operating outside of normal conditions has a greater potential to spiral out of control,” Crowdstrike wrote. “Effective remote collaboration tools – including out-of-band conference bridges, messaging platforms and productivity applications – can allow a dispersed team to create a “virtual war room” from which to manage response efforts.”