Limited functionality available
As most professionals have shifted to working remotely from their homes, to access organisational networks and systems many of us are using our personal devices, as opposed to company-issued machines. By adding these devices into the organisation’s environment it is increasing the attack surface for malicious actors.
Taking advantage of the COVID-19 pandemic and international lock down or ‘work-from-home’ rules, cyber adversaries now have an extended access to target and penetrate the organisation’s most critical assets, its data, and operational environments.
Whenever there is haste to make change, people – both employees and those setting up systems – make mistakes. While companies relax their risk tolerances to maintain business continuity, this leaves their data and intellectual property vulnerable to opportunistic cybercriminals.
Before the COVID-19 outbreak, 27% of users globally worked remotely on the average weekday.
A conservative estimate today identifies more than 60% of users work remotely.
As the necessity for these millions of professionals globally to meet and work with each other and their customers during COVID-19, has meant the quick adoption of various communication platforms including Zoom, Microsoft Teams, and Slack.
Observed threat: Without security controls in place, adversaries may access and join any meetings. We have all heard of Zoom ‘bombing’. In addition, cloud-based communications platforms may allow cybercriminals to access sensitive information such as meeting details and conversations.
Suggested top actions:
The economic impacts of COVID-19 have spurred a series of wage subsidies. As employees receive many communications from government entities and their employers, it is critical that they avoid phishing campaigns which are disguised as relief payment plans.
Between March 13-26, 2020 there were more than +400K incidents of spam emails pertaining to COVID-19.
The Australian Competition and Consumer Commission’s Scamwatch has received more than 1000 of coronavirus-related scam reports since the virus outbreak. The Australian Cyber Security Centre notes thousands of COVID-19 related websites have been registered in the last few weeks, many of them delivering ransomware to unsuspecting users.
Observed threat: Recipients of the coronavirus relief payment from the government opened a phishing email from a criminal sender, with a malicious attachment that used macros to deliver malware to obtain their banking information. Recipients were based in North America and Europe. We anticipate that this threat will occur across many geographies as similar government relief plans are put into place.
Suggested top actions:
Employees working from home using their personal devices is leading to a significant increased risk of cyber adversaries accessing internal infrastructure where data and intellectual property can be accessed. Personal devices may not have the latest security patches and tools, or even a VPN connection to ensure a more secure connection to the business environment.
Our research shows that 1,000+ insecure personal devices connect to enterprise networks every day in 30% of U.S., U.K., and German companies without IT’s knowledge.
Observed threat: A spam campaign was observed leveraging a fake ‘Corona Antivirus’ lure to distribute malicious software (malware). Using a fake COVID-19 themed website, threat actors advertised a ‘Corona Antivirus’, which makes bogus claims to protect users from the COVID-19 infection. However, the application infects users with malware.
Suggested top actions:
BUSINESS CONTINUITY & FINANCING
Work and economic climates will continue to contribute to an increased volume of insider threats. Leadership should consider how the enterprise is equipped to pursue a risk-based insider threat monitoring program.
Security and IT executives should brief senior leadership regularly and ensure there is a clear understanding of leadership’s expectations and their true level of risk acceptance. Threats from early opportunistic attacks can remain latent in the environment and pose sustained elevated risk.
As markets recover from COVID-19, scrutiny will likely increase around consumer safety, privacy and regulation, influenced by Europe’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), various privacy regulations in South America, and regulatory activities in China, which are improving the cyber posture for organisations and industries across global markets.
Companies should consider balancing their expanding digital footprints with a growing focus on cyber risk. Emerging technologies are often attractive avenues of opportunity for cyber criminals looking to expose weaknesses in an organisation’s digital ecosystem. In the absence of a well-orchestrated cyber program, new products and services will be exposed to greater financial, brand, and regulatory risks, likely to slow their development and marketplace penetration.
WORKFORCE & STRATEGY
Many countries still do not have resilient cybersecurity infrastructure, efficient and agile institutions and emergency plans prepared. Investment in more technology, resources and people to strengthen cybersecurity posture will be necessary. Building on the global understanding of the importance of physical distancing, we can help train the world to help protect themselves from cyber threats.
Changing behaviors through awareness, education and training is key to the success of any new process. By looking for ways to augment your workforce, organisations can consider managed security services to either operate an existing security program, or onboard to a turnkey solution. As a result, organisations may be able to recover faster and with less strain to the broader enterprise.
Tommy leads the cyber risk services strategy and governance team based in Sydney and has over 30 years’ experience in information technology, IT risk and cyber security governance across a broad range of industries. He helps organisations with the development and implementation of cyber risk strategies and solutions, including, information security management systems, cyber threat management programs, cyber monitoring solutions, cloud solutions, third party strategies and secure by design solutions.
James is a recognised cyber expert and successful business leader contributing to service and cyber security innovation at businesses and regulators for over a decade. He has implemented good practice cyber operations, managed services, global cyber incident response capabilities and has led multiple complex award winning projects for clients. James has given key note addresses at conferences, been quoted a number of times in the press, written articles, appeared on live TV and radio and won awards.