The novel coronavirus has significantly changed the way we work. Tools like VPNs are helping remote workforce stay connected. But there are serious security vulnerabilities with VPNs, NetFoundry Founder-CEO explainsOpens a new window . It is a testing period for CISOs and security teams when it comes to identifying and mitigating cyber threats. To come on the other side of it stronger, organizations need to review security posture, strengthen the overall cybersecurity maturity and align the remote workforce with security and data privacy best practices.
While leading organizations with mature cybersecurity strategies have a better grasp on security, they are not able to triage, investigate or prioritize all security events and alerts. Only 40% of them can successfully address around 90% of security events and alerts on a monthly basis, a recent surveyOpens a new window by AT&T Cybersecurity and Enterprise Strategy Group indicates.
According to Jeff HarrellOpens a new window , Vice President of Marketing, Adaptiva, “Organizations have become desperate to supply their workers with the tools they need to work remotely that companies have resorted to buying laptops off of Amazon. They’re sometimes being issued without the enterprise’s standard security software and regular configurations because IT staff simply cannot spin up ample machines quickly enough. If the content is not being delivered in a timely manner, such practices leave corporate networks vulnerable to attack.â€
We already sounded the scam alert with coronavirus-themedOpens a new window financially motivated phishing, malware, and domain squatting campaigns on the rise. Harrell says as organizations wade through this uncertain period, C-level executives should expect the number of cyberattacks to rise considerably. His key advice: the temptations are too great for bad actors who spy many potential vulnerabilities to exploit. At the same time, your people and your systems can be resourceful. With awareness, and maybe a few good tools, you will emerge as a stronger organization, with new practices and procedures that power an entirely different way to work.
The National Counterintelligence and Security CenterOpens a new window (NCSC), America’s source for counterintelligence and security expertise, also issued a directive, “Foreign adversaries and competitors are actively seeking information that is vital to our national and economic security, U.S. global competitiveness, and your organization’s mission.†Clearly, it is high time for CISOs to create a strong culture of security, build data security practices, tackle network and hardware vulnerabilities, and enforce security-forward practices.
Against this backdrop, we list down nine potential cybersecurity risks and threats that business leaders should be aware of:
Learn More: 7 Cybersecurity Companies Fighting COVID-19 Themed Cyber Threats Opens a new window
1. Cloud security risks
Cloud apps and services are helping workers stay productive. BitGlass 2019 Cloud Adoption report indicates that 86%Opens a new window of organizations deployed cloud-based tools, but only 34% made use of single sign-on (SSO), a basic but critical capability for authenticating users and securing access to corporate cloud environments. This statistic suggests deeper underlying cloud security issues within organizations and indicates that data breaches will continue to rise around the world, BitglassOpens a new window CTO Anurag Kahol, CTO and co-founder shares. According to Imran MiaOpens a new window , Head of Global Solutions Engineering – Finance at NakisaOpens a new window , “Cloud migration allows risk mitigation from a pure infrastructure perspective, there’s also a human element to remote workforce risk management that must be considered. Specifically, risks to employee engagement and collaboration that can creep up unknowingly and slow productivity. Evaluation of currently adopted technology capabilities could show significant gaps in this area.â€
2. IAM governance practices
As remote work becomes a permanent trend, IAM will emerge as the primary perimeter in cloud security. But poor IAM governance can result in massive data breaches. In the words of Chris DeRamus, DivvyCloud‘s CTO and co-founder, all users, apps, services, and systems in the cloud have an identity, and as organizations shifted to remote styles of work, they quickly learned that these relationships are complex. “Understanding the full picture of access in the cloud and working toward least privileged access are difficult , but necessary endeavors to ensure security in the cloud. In the last couple months, plenty of enterprise security professionals have realized that cloud identity and access management (IAM) is an area where they are vulnerable because they lack insight into the complex problem,†he said.
To protect the identity perimeter at scale, organizations will need to deploy automated monitoring and remediation solutions for access management, role management, identity authentication and compliance auditing – all of which help enterprise security teams stay ahead in this complex landscape.
3. Enterprise VPN vulnerabilities
The pandemic has compelled organizations to use alternate workplaces. Remote working options or teleworking requires an enterprise VPN solution to connect employees to an organization’s network. “This crisis is forcing us to look for the quickest optimal security solution. We didn’t get enough time to prepare for the mass move from designated offices to make-do home spaces. That’s why we need tools that keep the learning curve relatively low while still providing much-needed security. It may not be perfect, but if all of the company participates, it will be effective, says Naomi Hodges, a cybersecurity advisor. As organizations elect to implement telework, the Cybersecurity and Infrastructure Security AgencyOpens a new window (CISA) has encouraged organizations to adopt a heightened state of cybersecurity.
4. Coronavirus-themed phishing scams
Cybersecurity has become a dominant narrative ever since the pandemic hit the world. And cyber attackers are not letting COVID-19 distract them from causing mayhem, with companies of all sizes, large and small coming under attack. In fact, since February 2020, spams exploiting coronavirus pandemic have jumped by 4,300% and 14,000% by March, IBM X-Force, IBM’s threat intelligence group reported. The study by IBM X-Force Threat IntelligenceOpens a new window identified emails claiming to be sent by the U.S. Small Business Administration that appear to be a confirmation email for an application for disaster assistance.
Learn More: Coronavirus Raises Cybersecurity Risks, Malware & Phishing Scams on the Rise Opens a new window
5. Zoombombing & Account Takeover Attacks (ATO)
Amid the pandemic, Zoom became the go-to teleconferencing platform. Zoom went from 10 million daily meetings in December to 300 millionOpens a new window but the surge in popularity came with a price tag — a lack of data privacy. Zoom also opened the door for account takeover (ATO) attacks via credential stuffing — a type of cyberattack where automated bots use those stolen account credentials to gain unauthorized access to user accounts. And Zoom is not alone. There is a rash of account takeover attempts aimed at users of Microsoft’s proprietary Remote Desktop Protocol (RDP), striking millions per week. A corporate account takeover (CATO) is an enterprise identity theft where unauthorized users steal employee passwords and credentials to gain access to highly sensitive information within an organization. Now that the pandemic has forced employees to work from home, industry insiders see a steep increase in online banking and e-commerce, among others.
6. Ransomware attacks
In a recent studyOpens a new window , VMware Carbon Black Cloud found out that ransomware attacks increased 148% in March over baseline levels from February 2020. The study also found notable spikes that could be correlated to key days in the COVID-19 news cycle, which suggests that attackers are being opportunistic and leveraging breaking news to take advantage of vulnerable employees and their data. In fact, the CognizantOpens a new window Maze ransomware attack affected its internal network and cost the IT services firm between $50 and $70 million in losses.
7. Malware attacks in the healthcare sector
The pandemic has revealed a disturbingly vulnerable side of the healthcare sector and malicious attackers are taking advantage of that. Recent malware campaigns have revealed that cybercriminals are especially attacking healthcare firms, medical suppliers, and hospitals who are fighting the pandemic. Two malware campaigns were uncovered recently: one targeting a Canadian government healthcare organization and a Canadian medical research university, and the other hitting medical organizations and medical research facilities worldwide. According to reports, the emails sent to these organizations pretended to send COVID-19 medical supply data, and corporate communications regarding the virus from the World Health Organization (WHO) – but actually sent out ransomware and information-stealing malware.
Learn More: Two Things for Securing a Remote Workforce You Don’t Want to Overlook Opens a new window
8. Insider threats
Cyber attacks from within organizations themselves are becoming one of the largest risks. During the pandemic, cybersecurity leaders are becoming more concerned about inadvertent and negligent insider breaches which have become a growing issue as the remote workforce booms. According to Rene KolgaOpens a new window , the industry needs to not only react to changing attacks but proactively get ahead of the curve and build better defenses with improved security hygiene, and defense mechanisms.
9. Cyber espionage
Unfortunately, social distancing by employees and government orders restricting business activities have adversely affected the ability of companies to keep their network secure from infiltration, if conducted by sophisticated threat actors on an international level. Many notorious elements originating from countries like Russia, China, and North Korea, among others, are playing on these fears and confusion.
Do you think security leaders should invest more in automated solutions to resolve security issues? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!