Cybersecurity after COVID-19: Securing orgs against the new threat landscape
By Tom Kellermann,
Picture this: An email comes through, offering new COVID-19 workplace safety protocols, and an employee, worn down by the events of the day or feeling anxious about their safety, clicks through. In a matter of seconds, the attacker enters the network. Factor in a sea of newly remote workers and overloaded security teams, and it’s easy to see how COVID-19 has been a boon for cybercriminals.
Cracks in cyber defenses
The global pandemic has exposed new cracks in organizations’ cyber defenses, with a recent Tenable report finding just under half of businesses have experienced at least one “business impacting cyber-attack” related to COVID-19 since April 2020. For the most part, COVID-19 has exacerbated pre-existing cyberthreats, from counter incident response and island hopping to lateral movement and destructive attacks. Making matters worse, today’s security teams are struggling to keep up.
A survey of incident response (IR) professionals found that 53% encountered or observed a surge in cyberattacks exploiting COVID-19, specifically pointing to remote access inefficiencies (52%), VPN vulnerabilities (45%) and staff shortages (36%) as the most daunting endpoint security challenges.
VPNs, which many organizations rely on for protection, have become increasingly vulnerable and it may be cause for concern that the average update cycle for software patches tends to generally occur on a weekly basis, with very few updating daily. While these updates might seem frequent, they might not be enough to protect your information, primarily due to the explosion of both traditional and fileless malware.
As for vulnerabilities, IR professionals point to the use of IoT technologies, personal devices like iPhones and iPads, and web conferencing applications, all of which are becoming increasingly popular with employees working from home. Last holiday season, the number one consumer purchase was smart devices. Now they’re in homes that have become office spaces.
Cybercriminals can use those family environments as a launchpad to compromise organizations. In other words, attackers are still island hopping, but instead of starting from one organization’s network and moving along the supply chain, the attack may now originate in home infrastructures.
Emerging attacks on the horizon
Looking ahead, we’ll continue to see burgeoning geopolitical tensions, particularly as we near the 2020 presidential election. These tensions will lead to a rise in destructive attacks. Moreover, organizations should prepare for other emerging attack types. For instance, 42% of IR professionals agree that cloud jacking will “very likely” become more common in the next 12 months, while 34% said as much of access mining. Mobile rootkits, virtual home invasions of well-known public figures and Bluetooth Low Energy attacks are among the other attack types to prepare for in the next year. These new methods, in tandem with a surge in counter IR, destructive attacks, lateral movement and island hopping, make for a perilous threat landscape. But with the right tools, strategies, collaboration and staff, security teams can handle the threat.
Best practices for a better defense of data
As the initial shock of COVID-19 subsides, we should expect organizations to firm up their defenses against new vulnerabilities, whether it’s addressing staff shortages, integrating endpoint technologies, aligning IT and security teams or adapting networks and employees to remote work. The following five steps are critical in order to fight back against the next generation of cyber attacks:
Gain better visibility into your system’s endpoints – This is increasingly important in today’s landscape, with more attackers seeking to linger for long periods on a network and more vulnerable endpoints online via remote access.
Establish digital distancing practices – People working from home should have two routers, segmenting traffic from work and home devices.
Enable real-time updates, policies and configurations across the network – This may include updates to VPNs, audits or fixes to configurations across remote endpoints and other security updates.
Remember to communicate – about new risk factors (spear phishing, smart devices, file-sharing applications, etc.), protocols and security resources.
Enhance collaboration between IT and security teams – This is especially true under the added stress of the pandemic. Alignment should also help elevate IT personnel to become experts on their own systems.
Hackers continue to exploit vulnerable situations, and the global disruption brought on by COVID-19 is no different. Organizations must now refocus their defenses to better protect against evolving threats as workforces continue to shift to the next “normal” and the threat landscape evolves.