There’s an ancient Chinese curse that goes something like this: may you live in interesting times. To be perfectly honest, I’m hoping that these “interesting” times return to normal sometime soon.
For cybersecurity departments the world over, the fallout from the COVID-19 pandemic has made this time in history interesting, unlike anything current generations have ever experienced. It was just reported that the FBI is receiving between 3,000 and 4,000 cybersecurity complaints a day, a big jump from the 1,000 pre-coronavirus daily average.
For chief information security officers (CISOs), the challenge has been twofold. How to keep business operations up and running, while at the same time trying to prevent and mitigate ramped-up security threats.
Why more hacker activity in the midst of the pandemic? It’s simple. The sudden increase in those working from home, combined with stay-at-home orders from the government, has created a restless, confined population that spends way more time online than it used to.
It’s a simple matter of opportunity.
While some businesses have been crushed by the new challenges, others have managed to thrive. Let’s take a look at the latter and break down how they’ve done it.
Threat Vulnerabilities Are On the Rise - Fast
With non-essential travel almost at a standstill and public gatherings eliminated all but entirely, society has gone digital en masse. Workers and students alike find themselves spending more time in front of the computer than ever before, doing their best to maintain some semblance of normalcy in a world gone haywire, through a host of online collaboration tools.
And when we’re done working or studying, we stay online to play, shop, read, stream, and chat. The resulting stress placed on cybersecurity systems has applied a multiplying effect to threat vectors:
Problem #1 - Working from Home
While remote work has been on the rise for more than a decade, COVID-inspired rules kicked it into high gear like nothing we’ve seen before. Overnight, companies were forbidden to let employees come into the office, which left a workforce suddenly relocated with little training in how to secure the company data they would be working with or protect their own personal information from theft.
Further reading How MSPs Can Minimize COVID-19 Disruption for Businesses
Having the knowledge to install or access a virtual private network (VPN) and create strong passwords for every software, app, or network accessed takes or to encrypt the users' drives on more critical importance than ever. The problem is that CISOs everywhere are finding out whether the team paid attention to all that harping on security protocols.
Problem #2 - Hackers Are Bored Too
Fine, upstanding citizens aren’t the only people confined to quarters. Hackers have to stay indoors as well, leaving them with more time to perfect their schemes, and more time for their victims to let their guard down.
We’re talking about all those funny names: phishing, smishing, smushing, vishing. Call them what you want, but most involve tricking the at-home crowd into believing the sender is a legitimate user. Notably, black-hat social engineers have taken advantage of COVID by pretending they represent various healthcare and charity organizations.
Further reading Coronavirus Phishing Awareness Guide
Hackers are getting creative too. PDF files used to be considered hack-proof. A lot of people believe that this is still the case, but even electronic newsletters or invoices created from templates and saved in that format can be turned into a malware delivery system. Worse, the process is so sophisticated that most email scanners won’t detect anything amiss.
Problem #3 - Hidden in the Chaos
While Congress has been busy adding trillions of dollars to the national debt through a variety of aid packages intended to replace the American economy, hackers have kept busy noticing that any time the government gives away money, they typically set up a bunch of new websites. The COVID response has been no different.
Another thing hackers have noticed is that it’s easy to set up a website built around a domain that is very close to the official one (like givememoney.com, instead of givememoney.gov) and load it down with malware that steals social security numbers, banking account numbers, and more. Desperate people -- and there are a lot of them these days -- often don’t even notice that the URL is a scam, so gratefully turn over their personal data to the bad guys.
It’s like shooting fish in a barrel to drive traffic to the bogus site.
Alternatively, hackers know that all these new, legitimate government sites likely have weak security in place, so breaking in is a simple matter.
Here’s What the Smart CISOs Are Doing
While the present COVID pandemic is certainly not the first crisis faced by cybersecurity departments, the scale and unpredictability are beyond anything ever encountered in modern times. This takes the ability to draw from past experience off the table. Though there has been no precise playbook to craft a response to COVID’s specific security challenges, successful responses have included iterations of the following:
Focus on Mission-Critical
The middle of a pandemic is not the time to experiment with untested tools or technology unless it is in direct support of business operations. Instead, simplify where you can. Spend your time detecting, preventing, and mitigating threats that target operations. If you haven’t used multi-factor authentication with employees before, now is the time to start. Likewise, do a roll call to make sure everyone knows how to connect to the Internet through a VPN and why they should do it.
Test Incident Response
Hopefully, you already have detailed plans in place on the exact steps that should be taken in the event of a security incident. If not, create them immediately and run tests to make sure they are effective. The only thing worse than a compromised network is a compromised network that stays that way because no one knows how to seal it back up.
Keep an especially close eye on new collaboration or software tools the team uses. These are likely vulnerability points where new strains of malware will appear. Also, watch employees and endpoints. The goal is to try and catch, isolate, and kill a new threat before it is able to have an adverse impact on operations.
Further reading Endpoint Detection and Response (EDR) Explained
In the final analysis, keep in mind that your team hasn’t made it their mission in life to drive you crazy. Everyone is dealing with work and personal challenges and trying to hold it all together until this COVID thing blows over. Have a little compassion and don’t come unhinged when an innocent mistake by a well-intentioned remote worker hits you at the wrong time.
We’re all in this together, doing the best we can. While securing company assets from threats is your top priority, complete the task without becoming Darth Vader in the process. While we likely have months of uncertainty in front of us before normal dares to raise its head again, let’s face these trying times with as much dignity as we can muster.