In the wake of the COVID-19 global epidemic, organizations are forced to switch to Work From Home (WFH) strategies to keep their businesses running. And although this is not a new trend, especially in the IT industry, this time it is much different in terms of the scope and intensity.
What is different now
In majority organizations, almost the entire workforce is now depending on the remote connectivity (using VPNs). Using publicly available communication or collaboration channels makes these employees and their connected networks prone to cyberattacks. In many organizations, the infrastructure was never tested for such a massive level of the remote working scenario. And cybercriminals are leaving no stone unturned to exploit the loopholes to satisfy their malicious intents.
Why is it a big challenge
According to a recent ThreatPost survey, around 70% of organizations are experiencing this remote working culture for the first time. Thus, the security teams can be expected to find it challenging to cope with the new challenges such as handling the massive flood of device connections, managing secure access to company resources, protecting the sensitive data, patching and securing endpoints, etc., thereby leaving them vulnerable to attacks.
Moreover, a 40% increase has been observed in the cyberattacks on personal computers, routers, VPNs, routers of those companies, that have allowed their employees to work from home.
The attacker’s strategy
Attackers are fond of using the following tactics to lure their victims:
The same ThreatPost Survey also suggests that Social engineering and phishing are turning out to be a major threat, accounting for 23% of attacks, followed by various other threats like Business Email Compromise (BEC) and ransomware attacks.
Cybercriminals were found using spam emails and fake apps related to Coronavirus to lure their victims. For instance, the emails claim to contain important updates or urge users to make donations while posing as trustworthy organizations like the World Health Organization.
Several cybercriminals have revamped and customized their malware (such as Trickbot, Emotet, and Lokibot to name a few) so that it could be used to take advantage of this global epidemic situation.
Who are the targets
Reports suggest that cybercriminals have been actively targeting organizations in healthcare, pharmaceuticals and manufacturing sectors, although other sectors like education, IT and Oil & Gas are also getting hit. In addition, there has been an aggressive increase in the exploitation of popular collaboration and communication products which are getting popular due to the remote working culture, not only for IT but several other sectors as well.
What can be done
Organizations need to make sure that all their employees and infrastructure are protected using basic security essentials, like the use of encryption for sensitive data, strong passwords for access to corporate resources and having genuine anti-malware and firewalls installed. And on top of it, they must make sure that their employees are aware of the common security hygiene while working remotely.
The UK National Cyber Security Center (NCSC) recommends organizations to look out for more SaaS options, and preparing 'How do I?' series guidelines for their employees.
The US National Institute of Standards and Technology (NIST) suggests organizations to plan and develop dedicated security policies for remote working, that would cover the telework, remote access, and BYOD requirements, and mitigate the risks from hostile threats in the external environments.
Cybersecurity and Infrastructure Agency (CISA) recommends organizations to have well-defined network rules, implement multifactor authentication for all employees, and have a proper incident reporting mechanism to effectively deal with any incident.