Client Alert: Cybersecurity- How COVID-19 Has Changed the Threat Landscape
There has been a shift in life globally with the recent COVID-19 pandemic, the pandemic has caused lockdowns, curfews and restrictions to the lives we normally used to live. This is not the first time such a pandemic has happened but there is a lot different now than there was during the Spanish flu or the Antonine plague, that difference can be summed up as technology. Advancements in this field have made businesses somewhat still functional and others fully functional as they have managed to leverage technology to allow their employees to work remotely from home.
These businesses that have managed this step have created a sense of business continuity but with this remote continuity cybersecurity experts within these businesses must take note that the threat landscape has shifted completely. It is no longer a tightly controlled area that they could manage but a wild, unpredictable jungle not knowing what is out there.
Working from home (WFH) is also limited to industries that are knowledge-driven, this job category can work remotely very easily. However limited WFH is, the landscape of threats and types of threats has changed very drastically. Organisations had just recently started to embrace Bring Your Own Device (BYOD) where employees could bring home laptops, mobile phones and/or other devices that could connect to the corporate network and use these resources. Policies were being developed to accommodate this shift, technology was being bought to secure BYOD. COVID-19 just shifted that to Take Our Device Home (TODH) and this simple rearrangement is very complex in cybersecurity.
The type of new threats in this new landscape call for organisations to build up cyber resilience and security awareness to their WFH staff. Allowing staff to connect to resources required for their work while still maintaining security was the immediate challenge that most organisations had to face. This was achieved with the use of a Virtual Private Network (VPN). The VPN would have an authentication method to ensure the right user or device is accessing the resource.
Office devices are now connected to home networks that are less secure than organisational networks where a lot of investments has been put in place to ensure certain security standards are met. The first simple step would be having antimalware software to help secure the device even when it is not connected to company infrastructure.
Other sets of users are using their personal devices on their home networks to connect to office infrastructure, these devices are unknown and their current state upon connecting is also unknown. The devices may already have been compromised long before the need to connect relevant work resources. The use of containers would be the simplest way to ensure one step is taken towards cyber resilience. Other methods such as zero-trust can also be effective and improving cyber resilience.
The focus on devices is only one piece of the puzzle. Users and their behaviours are the next piece to find and place correctly. User behaviour is easily influenced by locations that they have formed associations with. A user in the office may rarely click on suspicious links, visit malicious sites, respond to phishing attacks and many more but once at home where the general prevailing habit is to drop our guard means that there may be a desire or curiosity to click everything we receive, visit any site (especially where there is no client application such as an antimalware to block malicious sites and URLs from being opened). Adding the effects of the pandemic that attackers may disguise malicious content in what appears to be relevant updates or information regarding the ongoing pandemic.
Organisations’ maturity models for their new way of work will have to adapt to a lot more than just these user and device challenges but also new attack vectors and new prizes out there for attackers. A quick look at the new attack vectors are home devices that may grant them access to secure and authenticated connections to corporate networks, corporate devices now on unsecured home networks, tools that have been delayed to monitor staff productivity, improve collaboration, host webinars and conference calls are all now new targets for attackers. Some of these tools are easily abused by malicious attackers due to simple misconfigurations by users or more advanced means such as discovering zero-day vulnerabilities and weaponization of malware to take advantage of zero days.
The prizes for attackers have also grown significantly as a lot of data is now available for them. The pandemic has pushed industries to their extreme and some organisations have tried their best to play a role in offering services for free that will ensure industries and organisations can still work remotely. The increase in free services that require sign-ups has slowly been building data for organisations and for some malicious attackers, this is like Christmas. The beauty of data is that it can be sold several times over making it an ideal target for attackers who will later sell it or hold it ransom using malware.
While we may still maintain the same models for assessing maturity, there will be significant changes in risk assessment, business continuity planning, policies, employee awareness and training and technology used.
Far too often we only realise how fragile we are only during a crisis and the sooner we make that realisation, the better placed we shall be to take charge and effect change that will help us endure crises of the future and become more resilient in uncertain times.
This analysis was put together by the IT Department team led by CIO Michael Michie