Prepare for the 'day after' COVID-19
Over the past few weeks, we have been waking up with the daily briefings on the major TV stations listening to the numbers behind the COVID-19 pandemic. The disease headlines have spread out all over the world, including Bulgaria. The newly implemented restrictions forced thousands of organizations and individuals to embrace new practices such as social distancing, hand washing and remote working. Nevertheless, while the world is focused on the health and economic threats posed by COVID-19, cybercriminals undoubtedly are capitalizing on this crisis.
Although biological diseases and pandemics are under the category of operational risks for the business, resulting in information security aspect and should be taken into consideration during risk assessment and business impact analysis, nobody could have even been able to predict such a scenario what we face now with COVID-19.
The business has acted reactively, turning their activities into remote ones as an alternative to total closures. With increased remote work unfortunately we faced an increased risk of employees accessing data through unsecured and unsafe Wi-Fi networks, using personal devices to perform work, and not following general security protocols established by the company.
By the end of March, an increase of domains registered with keywords like "COVID", "corona" or "vaccine" has been noticed. Many of these are considered to be developed with malicious intent – to be more precise, 2,022 malicious and 40,261 marked as high-risk domains, according to Palo Alto Networks report.
The reason is obvious – cybercriminals create fake websites related to COVID-19 to entice victims into opening malicious attachments or clicking phishing links, resulting in identity impersonation or illegal access to personal accounts. Trend Micro reported that nearly one million spam messages have linked to COVID-19 since January 2020.
Just because the organizations were pushed to make this move into teleworking, but at the same time without being prepared for that, this has revealed the need for real cybersecurity measures.
The same way we are instructed to keep our hands' hygiene high, luckily, there are 7 basic actions you can take when working remotely to keep your so-called cyber-hygiene:
1. Physical security: implement full disk encryption and auto locking-out mechanism and use strong passwords and implement.
2. Securing remote connections: remote access to company networks should be established through an enterprise virtual private network (VPN). VPNs should also be configured with multi-factor authentication as an added security layer.
3. Use of personal devices: where mobile devices are permitted to connect to the corporate network, they should be controlled using mobile device management software.
4. Use of Wi-Fi networks: just because our home network infrastructure is the first security parameter when criminals are attacking, it requires employees to be advised to secure their home Wi-Fi networks with a robust password with minimum WPA2 encryption mechanism put in place.
5. Phishing and malware: employees should be informed about phishing emails disguised as coronavirus updates or as updated company policies. Malware, spyware and Trojans are also found embedded in interactive coronavirus maps and websites. Spam mails are also tricking users into clicking on links which download malware to their devices.
6. Secure conferencing: use only secured platforms for teleconferencing and meetings with colleagues because some services may not be secure or may even record your employees' conversations by default.
7. Take security trainings: cyber threats are constantly changing with increasing digitalization and new technology. Use the time of social distancing and staying at home to improve your resilience by education. It is highly recommend to learn the basics about how to secure your digital presence.
"The day after" the COVID-19 era seems unpredictable. The crisis is likely to be with us for a while and will change our lives forever with new work styles, new cybersecurity issues, new proposed policies, personal hygiene requirements and so on. We will face new risks and challenges, but we need to ensure the security of our networks, devices and data in order to ensure our digital future. The cyberthreats facing businesses and critical infrastructure will continue to evolve causing harm globally, following the rapidly changing social and economic circumstances. Therefore, it is also apparent that in the post-COVID-19 era, organizations will need to rethink their cyber risk management measures.
It is almost certain online scams, phishing and BEC attacks will surge due to the economic downturn and shift in business landscape, generating new criminal activities. The same way as we have the major cybersecurity services provided as "managed service," it is also possible criminals may take advantage of the underground market to look for "cybercrime-as-a-service" given the ease of access, low cost and potential high returns such platforms can offer.
The demand for cybersecurity will dominate in the priorities of every organization now on as each adapts to the post-COVID 19 world. The global cybersecurity market is estimated to be $270B by 2026. By the same year, 77% of cybersecurity spending will be for externally managed security services, reports Australian Cyber Security Growth Network.
Although nobody can be absolutely confident what and how our near future will look like, one is certain: in the post-COVID-19 world, cybersecurity is as critical as Internet access itself.
Lyubomir Tulev (CCISO, ECSA, CEH, CHFI, CEI) is Senior Cyber Security Architect & Business Information Security Consultant at BULPROS. He is also an active member and trainer at International Cybercrime Investigations Training Academy.
BULPROS: Sofia, Business Park Sofia, Building 15A, fl. 5, T: +359 889 584 032, F: +359 2 489 5883, firstname.lastname@example.org, www.bulpros.com
ICITA (International Cyber Investigation Training Academy): Sofia, 7 Trayanovi Vrata St, fl.2, ap. 4, T: +359 887 303 289, email@example.com, www.e-crimeacademy.com