Over recent weeks, the ongoing spread of the COVID-19 coronavirus has had a major impact on the global economy and how businesses operate as a whole. More and more organizations are moving to a mandated work from home (WFH) model to help limit the spread of the virus — introducing a variety of unique and constantly evolving challenges for security leaders when it comes to mitigating cyber risk.
As an increasing percentage of the workforce moves from corporate IPs to potentially flawed home WiFi networks, the attack surface is expanding and company-issued laptops are being exposed to new vulnerabilities. To make matters worse, malicious actors are using this situation to their advantage and playing on the public’s ongoing fear surrounding the pandemic — with cyber attacks and scams at an all-time high.
Hackers seize the opportunity to advance their objectives
In the first prominent wave of cyber attacks brought on by the coronavirus pandemic, hackers targeted individuals with simple phishing techniques involving emails that appeared to come from an official source, such as the Centers for Disease Control (CDC). These emails contained malicious attachments that downloaded malware to the individual’s computer in an effort to gather personal information.
More recently, hackers started creating spyware-ridden apps that promise live updates regarding the coronavirus, as SC Magazine UK reports. Once these apps are downloaded from bogus websites appearing to belong to legitimate global organizations, they often crash or display an error message while starting to ask for permission to access sensitive data.
As we predicted, many malicious actors soon moved their focus from individual attacks to set their sights on the healthcare sector, government agencies, and other industries. In mid-March, the U.S. Department of Health and Human Services (HHS) fell victim to an attack designed to undermine the government’s response to the pandemic. The hackers in question aimed to slow agency systems by overloading HHS servers with millions of hits over a span of hours.
Within this current climate, the implications of such attacks on healthcare and government agencies can be extremely alarming. As Healthcare IT News reported, a major cyberattack on Brno University Hospital in the Czech Republic earlier in March caused an immediate tech shutdown in the midst of the coronavirus outbreak — forcing the hospital to cancel operations and relocate patients.
The security implications of a widespread shift to the remote office
While these targeted threats become more and more prevalent, an increasing percentage of the workforce is going remote — causing the attack surface to increase exponentially. With more employees working on potentially flawed home WiFi networks than ever before, security leaders are facing new and evolving challenges when it comes to maintaining the desired security posture.
During this time when the world is adjusting to a widespread remote office, it’s critical that these leaders remain vigilant, and reinforce their organizations’ security policies and best practices. Security teams should make sure all employees are aware of the latest cyber scams — and know to always refer to official government websites for information on the ongoing coronavirus pandemic. It's particularly important to reiterate that employees should never open any email, link, or attachment that seems suspicious, as, according to research from Barracuda Networks, coronavirus-themed phishing attacks are up 667% since February.
Of course, it’s also important to remember that employees who are working from home are often working on shared networks to which various other devices connect — from a roommate’s personal laptop to a child’s tablet. These shared networks open corporate laptops up to new vulnerabilities, as, according to BitSight data, remote office networks account for more than 90% of all observed malware infections and compromised systems.
In this new remote workforce environment, maintaining the desired corporate security posture goes beyond just the actions of your employees, but also that of everyone else connected to their home networks. If, for example, a child clicks on a malicious link while using a tablet to stream their favorite content, this action could expose your employee’s corporate laptop to a vulnerability. As most routers come with the option to set up a guest network, one strategy to put in place here could be to encourage employees to connect their corporate machines to a different network than the rest of the household.
Continuous monitoring is more important than ever
As we all navigate through this new remote working environment together, having a strong security performance management program is essential. Unfortunately, malicious actors will continue to play on the public’s fear surrounding the pandemic — and seek to take advantage of an organization’s increased attack surface.
During this unprecedented time, it’s critical that you closely monitor all of your digital assets, including endpoints and cloud assets, to ensure they are secure. If you have subsidiaries or geographically dispersed business units, assess how your individual business units are performing relative to one another, so you can see where local security teams may need additional support, or if there are breakdowns in controls and procedures that will warrant intervention and remediation. Make sure all your corporate assets are identified and properly managed — and don’t forget to regularly assess the security posture of your third-party vendors, as well. By continuously monitoring your extended network for any potential flaws or vulnerabilities, you can act quickly to remediate risk and prioritize your efforts to the areas that require the greatest due diligence.
For more insights on how to reduce cybersecurity threats for a remote workforce, explore our new COVID-19 resources page.