by Michael Richmond 

SHARE THIS

Many companies are facing multifaceted challenges as business interruption, stress, and working from home at scale are compounded by heightened cybersecurity risks that take advantage of confusion and fast-paced change. Below are the top five cybersecurity issues that P&N’s Cybersecurity Team have encountered during the COVID-19 crisis—and how to reduce the risk.

1. Increased cyber attacks leveraging the COVID-19 pandemic

Per the US Cybersecurity & Infrastructure Security Agency alert AA20-00A, there are several APT groups and cybercriminals targeting individuals, small and medium enterprises, and large organizations with COVID-19-related scams and phishing emails. The primary concern is phishing and malware attacks that impersonate COVID-19 authorities to dupe targets. Threats observed include:

1. Phishing, using the subject of coronavirus or COVID-19 as a lure;
2. Malware distribution, using coronavirus- or COVID-19-themed lures;
3. Registration of new domain names related to coronavirus or COVID-19; and
4. Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.

A comprehensive employee training program can quickly improve employee avoidance of phishing attacks. Programs should include components such as baseline assessments, identification of risk areas, employee training, ongoing testing, and re-education for specific individuals who are most susceptible to risky clicking.

2. Employees utilizing unsecured devices to work remotely

The rapid shift to remote working has resulted in a much greater number of personal devices being used for work as well as the use of company assets in environments that jeopardize security and monitoring controls that were developed for a centralized workforce. Poorly-secured devices and home Wi-Fi networks are exacerbating security issues as well.  It is crucial to separate sensitive data from personal IT equipment and to encourage the use of secure systems for remote while providing appropriate training for users.

The inability to control access to or view activity around sensitive or protected information may also lead to contractual or regulatory issues. Providing a critical security checklist for new systems and system changes can help. This is even more crucial if personal devices are used. Testing all remote access systems is not optional – just because remote access “works” does not mean it adheres to the organization’s security requirements.

An IT team’s ability to support a remote workforce will vary from business to business. Enable your IT team to quickly adapt so they can maintain the continuity of operations. Challenges to shipping logistics, software updates, help desk support and call routing are just of few of the many aspects of supporting a corporate IT environment that must be evaluated and modified accordingly.

3. Incident response plans lack remote capability

Incident response and IT teams must adapt response plans and processes to accommodate a distributed workforce and the challenges to areas like communication with team members and management, technical response capabilities, and tools. A common issue relates to legacy tools and procedures that lose functionality or can’t be opened when no longer connected to the corporate network. Ultimately, efficient communication and technology that enables swift incident remediation will be required to adapt to remote systems and workforce.

4. Changes in staff management and oversight

The tone of communication to team members is often equally or more important than the content. A lengthy email about cybersecurity may go unread by many. Consider the important topics, like phishing awareness and device security, but think of the most engaging way to communicate the key points. In tandem with messaging, consider carrying out phishing tests to raise awareness. Additional vulnerability and penetration testing activities are also warranted as changes to core systems and traffic rules have likely been implemented in adapting to a remote workforce. Management should drive the communication, considering that there are many organizational aspects affected during a pandemic that have nothing to do with IT. Create clear upward communication paths so that employees can present issues and incidents quickly.

5. Lack of pandemic response as part of incident response program

The capabilities of an incident response program are often measured by an organization's maturity, which defines how proactive an organization is. Companies that can map policies to risk levels are better prepared in the event of a security incident. Without knowing the details of your continuity plan, redundancy capacity, or most-critical systems, it is difficult to create an accurate response plan that articulates the impact an incident will have on the organization. Most current incident response programs have not included pandemic response within those plans, specifically focusing on information security during prolonged remote work and a potential global outbreak in mind. Update your organization’s incident response plans to include emerging threats and challenges, and to determine if new policies and procedures should be implemented.

We can help

Whether you need to supplement your existing IT staff, train employees to thwart increased social engineering attempts, or your organization requires full-time monitoring and response services, P&N can help. Contact us to discuss your organization’s needs and learn more about navigating new risks in a post-pandemic world.