How to manage the impact of COVID-19 on cyber security

27/03/20

COVID-19 and cyber security

In the current (COVID-19) outbreak, organisations are swiftly responding to crucial operational and financial challenges, which causes an inevitable increase of the threat surface, the probability of cyber attacks and their impact. Attackers are taking advantage of uncertainty and of a situation that is one of a kind, and hasn't been trained before.

Organisations are responding to the COVID-19 outbreak in different ways. Many of these responses will have a net negative impact on the cyber security posture of businesses, and ultimately, its resilience. This will be the result of new risks that emerge, but also of existing risks that are not going to be taken care of due to security budgets restrictions, and technology freezes designed to achieve stability in business operations.

The whitepaper below provides you with in-depth insights into the new opportunities the COVID-19 crisis has created for different cyber threat actors and actionable recommendations that organisations can undertake in order to manage these risks. This article also gives a top-level summary of our recommendations.

Secure newly implemented remote working practice

COVID-19 has forced organisations to shift rapidly to remote working at scale. This is likely to have a significant impact on both IT infrastructure requirements and the attack surface.

For example, security controls may not be applied to new systems or tools hastily stood up to support employees with remote working. Similarly, existing procedures and good practices may be side-stepped or become unavailable.

In our whitepaper, we outline a number of steps that organisations should take to ensure they maintain security while employees are working from home. These include:

Monitoring for shadow IT and moving users towards approved solutions;
Ensuring remote access systems are fully patched and securely configured;
Reviewing tactical actions and retrospectively implementing key security controls which may have been overlooked; and,
Ensuring remote access systems are sufficiently resilient to withstand DDOS attacks.

Ensure the continuity of critical security functions

Organisations need to plan ahead so they can maintain resilient security functions as the COVID-19 outbreak develops. By closely following medical advice, you can plan for the expected peaks in COVID-19 cases and the higher numbers of employees likely to be absent from cyber security teams.

This will involve reducing the reliance on people, as well as maximising the use of process and technology to perform key cyber security activities. Further steps include:

Identifying and monitoring critical security activities;
Reviewing how privileged users are going to perform administration; and,
Deploying asset management tooling to ensure continued visibility as systems are moved away from the internal network.

Counter opportunistic threats that may be looking to take advantage of the situation

As well as reinforcing their security technology, organisations need to remain alert to opportunistic threats. A big part of this will involve giving employees specific guidance on how to spot suspicious activity, such as targeted phishing campaigns using COVID-19 lures, or highlighting to finance teams increased risks of business email compromise attacks which attempt to exploit different or new ways of working.

Organisations should also guard against the increased risk of insider threats and apply quick-win technical controls across the IT estate where possible.

The emerging COVID-19 threat landscape

Threat actors are already exploiting the uncertainty and extraordinary response caused by the COVID-19 pandemic.

The criminal threat actor behind Emotet, which provides malware delivery services to sophisticated criminal actors including TrickBot, Ryuk and Dridex, began using COVID-19 phishing lures in January 2020, while the crisis was still in its early stages.

Other actors have since followed suit, with hundreds of new COVID-19 themed phishing lures being created each day. We have identified criminal and state-sponsored campaigns exploiting COVID-19 and anticipate they will also use VPN and video conferencing software lures to take advantage of users unfamiliar with remote working.