Evaluate your SIEM
Get the guideComplete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
April 9, 2020
What a world! In February, everyone was busy minding their own business, but since March, the entire globe suddenly focused on the same challenge. The COVID-19 pandemic has taken our businesses and private lives by storm.
The outbreak surprised everyone - a surprise hardly any business was prepared for. It brought country-wide lockdowns for quarantine, office closures and enforced teleworking, which are now commonplace. Unfortunately, these phenomena are posing new and significant security risks for your business.
In this article we outline three points you have to be aware of in order to lead your business securely throughout these challenging times:
It’s uncertain how the current situation will further unfold. The general outlook for the future isn’t very optimistic for business continuity. According to McKinsey, three different economic scenarios are possible: a quick recovery, a global slowdown, or a pandemic-driven recession. In any case, security budgets will be affected.
Home working and social distancing very quickly became our new reality. While some employees may welcome this change as long awaited, it actually opened the door to more attacks and security challenges. While working remotely isn’t a new phenomenon, working remotely on such a large scale certainly is. Few companies have explored mass home working and now they are forced to do so, the attack surface has expanded dramatically. Organizations are swinging from having 10% of their workforce working remotely to 100% now using new IP addresses. This means that our security haystack has suddenly exploded.
Social distancing may have been designed to stop one virus from spreading, but at the same time it dramatically expanded the attack surface, bringing many and new cybersecurity risks. Your organization may currently be experiencing the following:
On the other hand, it is certain that attackers will be taking full advantage of the new situation and acting even faster than we do and more creatively than we can imagine. The expanded attack surface made organizations more vulnerable, making them a particularly attractive bait for cybercriminals in these challenging times.
This situation is so serious, that just a few days ago the FBI has warned of a significant spike in COVID-19 related scams in California, New York and Washington - the three U.S. states that have been hit the hardest by the COVID-19 outbreak.
What is worse, is the fact that these scammers are often capitalizing on the fears of what sent us home in the first place, making us all a particularly attractive bait. We should all stay vigilant and be aware of these two particular threats:
These would usually be emails or text messages asking you to sign in or provide your personal data. This is something that attackers have already taken advantage of extensively. Scammers even had the gut to send messages from the World Health Organizations (it has already issued a warning about such activities), others stayed more pragmatic and resorted to pretend they’re your HR department. You can take a look at some concrete scam examples here, here and here.
The current pandemic is often used as a thematic lure to get people to click on links that install malware on mobile and other devices. Scammers have even created a “live map” with updates on coronavirus statistics which they covertly use to spread malware. Using events which grab the attention of the wider public is not new, however, scammers would usually use them to spread misinformation rather than benefit from them in such a direct and malicious way. Nonetheless, we can expect further growth in domains spreading drive-by malware.
In addition to phishing attacks and serving up malware, we are also observing numerous attempts to exploit Virtual Private Networks (VPNs) and other tools we now rely on while working remotely.
At the time of crisis, we are also observing cybercriminals exploiting the situation by compromising business email accounts. According to Techcrunch, hijackers may use these accounts to extort money. One case involved asking the company’s customers to send money to a different bank account than usual, “because of the coronavirus.” Obviously, it was a mule account.
Staying vigilant is now more important than ever. You have a difficult task of discerning the good guys - your new employees and their temporary digs and behaviors - from the bad guys. Your entire focus right now should be on data protection. Make sure you implement the following immediately:
Keeping your employees informed and educating them on the current risks will be your best shield during those challenging times. Luckily, good information isn’t in short supply, unlike toilet paper. Showing your employees some of the phishing examples I’ve mentioned earlier will increase their awareness and will help keep them more vigilant in these stressful moments. Instruct them to double check the authenticity of emails and messages oriented at extracting data, especially when they call for urgency.
When working with a large number of distributed endpoints, ensure your data protection policies are applied to these endpoints - this is the only way to ensure that these policies are in place when your employees work from home. Applying them directly to the devices will keep those rules active where they have to be. This is a great solution if you have no time to configure a VPN and your employees use their home internet connection for work tasks.
This is the best thing you can do to secure your assets while people continue to work remotely. It also protects against access from malicious actors, who may get hold of devices that were stolen or forgotten somewhere while outside the office. If your devices come with native encryption tools, instruct your employees and ask them to use them.
Begin deploying a VPN. It will provide a Wi-Fi security shield for your entire workforce. Ensure the firewall is properly configured as well. Finally, make sure that your core IT team is able to detect threats and has visibility across the distributed workforce so that it can react to threats as quickly as possible. Sumo Logic can provide vital support with regards to threat detection and visibility.
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.
Start free trial