By Vivek Mehrotra
Covid-19 has heavily impacted many countries in the world in many ways, it has impacted the entire working and learning culture. When pandemic started, most organisations around the world went into ‘responding’ mode by balancing between protecting the workforce and continuing the business. Organisations have pivoted to telecommuting and quickly reacted to using ‘digital’ as an alternate option to serve customers to keep the business alive.
As users move from office locations to remote work sites, the organisations were forced to take some quick actions to upgrade their IT infrastructure such as video teleconferencing, virtual private network (VPN) capacity, Virtual Desktop Infrastructure (VDI) etc. The usage increased multifold; organizations started facing issues of data overload and stressed networks. Many organisations also faced the issues of limited infrastructure capacity such as limited number of office laptops for the users who were working on stationary workstations and resorted to providing non-office approved laptops or using users home machines as they begin to work remotely.
On one hand, this new remote access arrangement has posed questions that, are there areas of security that may have been overlooked in a rush to enable business continuity? Have we improved from the state of where we were during early stages of pandemic response and have we done enough to support this new cyber normal? On the other hand, this has allowed hackers and cyber scammers to take advantage of this situation to lure people by sending fraudulent email and WhatsApp messages related to pandemic capitalising on people’s state of confusion, latching on the information overload which has resulted during this pandemic.
It has been observed that the volume of malicious emails has increased during this time to attempt to trick the people and click on malicious links so that hackers can take control of users’ computers or mobile phones. Business Email Compromises scams are being designed to trick users into transferring sensitive data or funds using personal or corporate accounts. What are hackers or cybercriminal eyeing for? These criminals are looking for vulnerable systems, weak links and ignorant users, using which they can penetrate the organization networks and compromise data, sensitive information and payment systems etc.
This is also evident from the fact that several global organisations have issued warnings. WHO reported a fivefold increase in cyber-attacks since the start of Covid-19 and urges the users to stay vigilant. INTERPOL Secretary General Jürgen Stock states that “Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by Covid-19.”
As organisations are trying to do these transitions, the biggest challenges are their lower cyber risk tolerance, their openness to use collaboration tools and other remote access methods which have not been in use earlier and make those a part of daily work culture in a secure manner. Assessing the cyber vulnerability and risk tolerance is important to understand where the organisation stands and what are their security maturity levels before implementing and fixing the gaps. Identifying the attack surface, monitoring and protecting is the key to cybersecurity strategy. Once the organizations have a good understanding of where they stand and what they have to protect, then comes what are some of those methods companies can try to mitigate and manage cyber risks.
It is important to continuously educate the users with the help of several specifically designed awareness sessions. Periodic trainings and keeping the users refreshed about common cyber hygiene such as making sure everyone is using virtual private network to do office work from home, using approved encrypted USB drives, only using the password protected WiFi networks, keeping strong passwords, not disabling the antivirus, thinking and verifying the identity before clicking and unknown emails or messages are the key here. When an unsolicited email or message is received, the best approach is to simply delete those. It is often clear from the subject line or sender email that the message is junk, at a minimum one could try to verify the identity of the sender before blindly clicking on it.
Organizations must adapt to Zero Trust Security Framework. This is a new paradigm that promotes “Never Trust, Always Verify” security implementation. No device, user, network, system or entry point should be trusted by default regardless of the location they are operating from, whether inside an organization firewall or outside as remote access, thereby protecting from all the sides not only outside the security perimeters unlike in traditional cyber security implementation.
Organisations must begin to focus on implementing Adaptive Security Models which cover cloud, mobile and traditional systems and environments. Adaptive Security Model enforces continuous monitoring of threats and learns & improves the response to cyber threats as they evolve over time. This is in contrast to the “Reactive Security Model” where we respond to the threats as they occur or the “Protective Model” where we protect our systems and networks from the cyber threats. Use of Machine Learning and Artificial Intelligence (AI) to learn from the cyber threats as they occur is the key in Adaptive techniques. Organisations must improve their cyber command to introduce state of the art techniques of continuously monitoring and learning about threats ahead of time based on the suspicious patterns of system and network access by users or autonomous systems of any nature.
If we look at it more deeply, this pandemic has not only challenged commercial organizations but also our first responders, military user base and several government installations are on a high target too. Most of the government organisations and military userbase use IT infrastructure to access sensitive information. It’s highly challenged these days when these sections of workforces are also remotely accessing classified systems and needs to implement the right controls to improve cyber security posture.
Many organisations do have the scale and those have built upon the same to improve the cyber threat response. For example, the Department of Defense USA has created the Commercial Virtual Remote (CVR) Environment to support and manage their large-scale remote workforce in response to the COVID-19 national emergency. As per DoD, this new tool provides enhanced collaboration capabilities for DoD teleworkers to facilitate continuity of operations throughout the duration of the emergency. It is important for small and midsize organisations to improve their security posture and implement the right level of cyber controls to become resilient during and after pandemic.
In reality, a computer system is only secure when it is inside the box, powered-off. The moment it is outside and connected there are high chances of it to be attacked even if it is within a security fence, just like what happens in case of physical assets such as household or cars. As hackers and cyber criminals are trying newer methods each day to penetrate what is otherwise considered a secure system, therefore it is important to have right cybersecurity controls in place and continue to evolve the security posture. In simpler manner, as we are adapting to newer health and hygiene measures, the adjacent threats emerged due to this situation must also be handled likewise by maintaining cyber hygiene such as educating users, adopting and improving cyber security controls.