Cybercriminals have long been wily and cunning, so it’s no surprise that they’re already trying to take advantage of the COVID-19 crisis. Social engineering attacks commonly seek to exploit victims who are preoccupied or impulsive, and this tactic is being employed in a new wave of coronavirus-themed phishing campaigns. Malware authors are exploiting clickable maps purporting to track the spread of the global pandemic to disseminate their malicious code. Scammers are peddling fake medicines, counterfeit surgical masks, and spurious “immune boosters” on potentially dangerous online marketplace sites. One strain of ransomware specifically targets newly remote employees, warning them: “Just because you’re home doesn’t mean you’re safe,” as it encrypts the files on their hard drives.
Given all this activity, and the fact that we remain fully operational—albeit from home—you might be wondering how the novel coronavirus is affecting the cybersecurity landscape as we see it, and what advice we have for our clients—or indeed for anyone trying to navigate these unprecedented times.
With more unmanaged and uncontrolled devices in many IT environments, visibility is a concern.
White collar workers aren’t the only people now trying to accomplish things at home that they are used to doing outside of it. From Kindergartners to college seniors, millions of students are adjusting to online learning. This means new devices accessing educational networks, new digital tools and platforms, and new habits. And as everything from opera performances to zoo visits and yoga classes is being broadcast via webcam, residential Internet Service Providers (ISPs) are seeing unprecedented traffic spikes.
It looks like the perfect storm for cybercriminal success: device users are more likely to be distracted, networks are being flooded with traffic, many employees are operating outside the corporate firewall, and so many unusual and anomalous things are happening that security teams tasked with monitoring alerts may have trouble keeping up.
What’s going on beyond the firewall?
Many IT security professionals have been surprised to discover that they haven’t noticed as large an uptick in the number of alerts they’re receiving as they had expected during this time. We can only hypothesize, of course, but this may be due to the fact that so many more employees are now accessing the Internet from outside the corporate firewall. Web filtering solutions may not be installed on personal devices that are now being used for work purposes.
All in all, it may be that the risks are greater than ever before, but many organizations’ network monitoring solutions are less able to detect them in newly dispersed, cloud-based corporate IT environments. And small in-house security teams may struggle to adapt to sudden changes in tool usage and traffic patterns.
Ask yourself: Do we have the same visibility and control that we had before?
“Are we prepared?” isn’t exactly the right question to be asking. After all, it’s a crisis situation, and no matter how thoroughly you’ve completed business continuity planning, no one will ever be fully prepared for times like these. Nonetheless, some organizations will find it easier than others to adjust to the “new normal.”
If you already have comprehensive security monitoring in place, and especially a solution that gathers inputs from across your entire environment—not just endpoint devices and critical assets—your security team will still be able to detect malicious activities, even if employees are using personal devices or unsanctioned applications to get their work done. This is possible because attackers need to move laterally across the network before they attempt to exfiltrate data. As long as your monitoring solution covers enough of your environment’s breadth, it’ll still protect the business’s critical data, even if an individual employee’s device does get compromised.
These are trying and stressful times. If your security team is struggling to keep up with the challenges of monitoring newly remote workers, get in touch with us. We’re here to help.