The year 2020 has left many people feeling like we are living in the twilight zone as the coronavirus sweeps the globe, changing life as most know it. From embracing the reality of a fully remote workforce, to dealing with ruthless cyber attackers taking advantage of unsuspecting people looking for help, and like all things, technology is playing a pivotal role in the way the pandemic plays out. The cybersecurity industry has especially seen some unique dynamics that every technologist and business leader should be aware of.
A quick status on the current state of the pandemic
Coronavirus, which causes the associated disease known as COVID-19, is a new virus that first emerged in China. It is a highly infectious disease that affects the respiratory system within infected people exhibiting signs such as dry coughs, shortness of breath, high fever, and runny noses. Although the news about the virus broke out in China towards the end of 2019, in just three months, coronavirus has spread to almost 200 countries and infected nearly 800k individuals. Out of these, there have been nearly 40k deaths, whereas only 165k people have recovered.
These numbers continue rising as affected countries record new cases every day. In a bid to protect the public, nations across the globe have enforced various measures like total lockdowns and social distancing to encourage citizens to self-quarantine to help contain the spread. These approaches seem to have created headway in Wuhan, the epicenter of the outbreak, which recorded zero new cases for the first time in March 2020.
A look back at previous pandemics that impacted cybersecurity
Learning from the past can help inform the future. While most global citizens today have never experienced anything like this in their lifetimes, this is not the first pandemic to shed light on the importance of technical and security preparation in response to a pandemic. One of the most recent pandemics to have an impact on cybersecurity was the Influenza A virus subtype H1N1/09, or more commonly known as the swine flu. It first emerged in the United States back in 2009 and quickly spread to the rest of the world. Having lasted between January and August 2009, it is estimated that the virus caused 151,700-575,400 deaths all over the world.
The H1N1 flu was highly contagious as the virus was airborne and displayed similar symptoms to COVID-19. Swine flu profoundly impacted cybersecurity practices since governments in affected countries enforced lockdowns to contain it. This was one of the first of its kind pandemics to influence modern-day health information compliance, workplace productivity, and cybersecurity practices due to work from home requirements. Other epidemics, like Ebola, also impacted the technology sector though only a limited number of countries felt a significant impact.
Impacts of coronavirus on the cybersecurity industry
The enforced lockdowns have caused organizations and companies to encourage their employees to work remotely to ensure business continuity as critical services and operations must go on. As a result, the pandemic could impact the cybersecurity approaches and strategies implemented in various companies. As businesses seek to stay afloat in such unprecedented times, it is essential to understand how inherent risks associated with working remotely, increased social engineering attacks, healthcare technology risks, and more impact cybersecurity.
a. Remote work demand has sky-rocketed, and most companies weren’t ready
The coronavirus response has motivated companies to allow employees to work remotely in an effort to contain its spread while ensuring the continuance of critical services. This is an extremely radical change in a short time, given that very few companies encourage remote working. For example, after the pandemic reached the U.S., Alphabet, Amazon, Twitter, Apple, Microsoft, and dozens of other companies have all asked their employees to work from home. In the past month, Microsoft has seen a record 500% increase in video calls, messages, and online meetings through its Microsoft Teams. On the same note, Zoom, a video meeting software, has become the number one downloaded application in Apple’s App Store. These numbers show the world wasn’t ready for remote working strategies, thus likely ill-equipped to consider the cybersecurity ramifications.
Companies need VPN now more than ever
There are tools users can leverage when working remotely to do so without exposing greater risks to the company. A primary recommendation is the use of virtual private networks (VPNs). One former public sector CISO, explained that where 20%-50% of the workforce may have been accustomed to connecting to VPN providers in the past, now there is 80%-100%, and most companies just hadn’t planned for that. A VPN provides an encrypted connection to a resource when accessed via insecure networks such as the public Internet. It hides all activities, thus preventing hackers and unauthorized individuals from accessing communications and transactions. However, unprepared companies do not have this technology available to employees, which can increase security risks.
BYOD nightmares become a reality
Some employees have been forced to use their personal devices to connect to corporate networks. These devices, when unmanaged, often lack basic security configurations that can expose the business to higher risk. For example, it is rare for employees to conduct a risk assessment on their personal devices, meaning they might contain unidentified security vulnerabilities. Also, most users don’t install the latest security updates and patches once they are released. This creates more potential access points for cyber adversaries to take advantage of. Without the proper device checks before connection, the cyber threat surface is expanded even further.
Leaders struggle to ensure employee productivity is maintained, while several providers step up to the challenge
As more emphasis is placed on ensuring essential operations do not grind to a halt, most businesses are concerned about ensuring employees retain high productivity levels. While this is a stressful and trying time that requires much understanding, care, and compassion, it’s also an era that requires industries, especially those being hit with greater demand, to step up and deliver. In this case, having adequate logging and employee monitoring solutions can help ensure employees stay well supported, productive, and on track. A few vendors, including Veriato, are offering employee monitoring trials at free or discounted rates to help.
b. This could mean more significant resource challenges for the industry
Inadequate resources have also had severe impacts on cybersecurity processes and approaches. Due to the widespread and necessary lockdowns, organizations, especially in the hospitality, travel, and entertainment sectors, have experienced steep losses of their daily incomes. The aviation industry, for instance, has been among those that have been worst hit by the coronavirus’s ripple effects, with a predicted loss of $113 billion. Due to the lost income, enterprises are realigning their budget allocations to remain afloat. Budget cuts in essential departments such as cybersecurity could result in limitations on the ability of a business to run its operations safely and securely.
An impending shortage of security hardware further exacerbates the situation. The fallout of the virus has gravely impacted technology production leaders such as China, U.S., France, Germany, and the Korean peninsula. This could cause a slowdown or shortage of skills and labor required to continually innovate better technologies for countering cyber threats, in effect causing security hardware shortages around the world. 53% of respondents involved in a CNBC survey indicated that their firms have never been so stressed for security systems to cater for an event of this magnitude.
Lastly, China has steadily recovered from the virus and is slowly going back to business as usual, well before other countries will be up and running again. This means that the market may be further saturated with Chinese-made technology as they operate ahead of the curve. There have been concerns in the past that technology products from these regions could enable espionage, and the capacity to inspect and approve the products internationally may be limited amidst the pandemic.
c. Ruthless social engineering attacks target innocent victims desperate for help and information
Internet con artists and hackers are taking advantage of the coronavirus pandemic to create and execute social engineering attacks. These are attacks used to trick victims into divulging information, paying lump sums of money, and conducting other risky actions. Adversaries are manipulating the latest news reports, federal updates, World Health Organization statistics, and more to conduct phishing campaigns that appear more relevant. They are also claiming to have information on the latest cures, prevention techniques, test results, and more. Some attackers have gone as far as creating coronavirus maps that, once clicked, infect the user’s device with malware. A flash survey by CNBC showed that phishing attacks have soared by 40% since the pandemic broke out. Other social engineering tactics such as smishing and vishing, which are like phishing attacks sent through SMS texts or voice calls instead, might also increase to target as many communication channels as possible.
Additionally, governments are turning to mobile banking and e-commerce transactions to minimize the use of physical cash as they can further spread the virus. Hackers are using this opportunity to intensify their phishing attack campaigns in those areas. For people desperate to get information, these cruel attackers are taking full advantage.
d. Ransomware attackers show no mercy to already stressed hospital systems
As previously mentioned, cybercriminals are manipulating coronavirus news and information to deliver malware via email. An employee in a health institution, for example, can be targeted with a coronavirus-themed email that contains downloadable ransomware. Ransomware attacks lock up access to essential networks or systems, such as Electronic Health Records (EHRs), and then request a ransom payment to restore access. Ransomware attacks can be devastating for all health facilities as they race to treat infected patients and contain the virus spread. Brno University Hospital in the Czech Republic is one of the nation’s largest COVID-19 facilities and was attacked right in the middle of the outbreak. The attack caused the institution to pull down its IT network, and to postpone vital medical processes. This indicates the danger of opportunistic hackers launching social engineering attacks in the middle of the coronavirus outbreak.
As the pandemic ensues, we can expect these attacks to become more prevalent. Cybercriminals will likely increase their campaigns in an attempt to leverage already overwhelmed systems and desperate leaders trying to save the lives of thousands, to rake in hefty ransom payments.
e. The impacts on the healthcare industry span well beyond over-capacity hospitals
The coronavirus has significant implications on the healthcare industry and associated compliance requirements. In the last two months, attacks targeted at the healthcare industry have risen by over 150%. The Health Insurance Portability and Accountability Act (HIPAA) spells out the measures all facilities should implement to ensure health information privacy and security. These include encrypting data, implementing adequate access controls, and proper security to stored data. However, due to the widespread and public nature of coronavirus incidents, health institutions might be unable to safely store patient information, leading to increased disclosure of valuable information. This could be worsened by the recent HIPPA waiver, where the U.S. Secretary for Health and Human Services, Alex Azar, announced the exclusion of some requirements such as a patient’s right to privacy restrictions.
Cybersecurity tips for businesses during the pandemic
- Create or refresh your business continuity plans: Business continuity (BC) plans are essential in containing, ensure continued operations, and eventually recovering from major incidents. Due to the rising cybersecurity challenges and uncertainty surrounding the coronavirus pandemic, developing, updating, and maintaining an effective BC plan is highly recommended.
- Increase user training: Organizations should focus more on user security training and awareness, with an emphasis on social engineering attacks. Such attacks will continue rising as more businesses opt for their employees to work from home. User training can equip employees with the skills needed to identify phishing emails, how to report them, and the best practices for handling them.
- Re-evaluate cybersecurity strategies and focus your users: The need to combat coronavirus has led to many businesses embracing remote work to keep employees safe while maintaining productivity. Companies must re-evaluate their security strategies to adapt to the new risks that arise from this transition. This is a crucial measure since it is more vital in remote organizations to monitor employee activities and uncover suspicious activities, such as sharing sensitive information with unauthorized parties. In addition, this calls for more advanced monitoring capabilities. Using traditional monitoring characteristics such as geolocation alone can become useless when employees are now required to work in disparate locations. Instead, the deployment of user behavior analytics solutions based on big data context and artificial intelligence can enable businesses to assess employee activities no matter where they are. It facilitates the identification of risky behaviors, an essential requirement for effective threat reduction. Also, businesses should make it compulsory for all employees to use VPNs when accessing sensitive resources.
- Observe HIPAA requirements: Failing to comply with HIPAA compliance requirements not only leads to fines and penalties but also increases cybersecurity risks. Once employees disclose their status in regards to coronavirus, employers have a responsibility to protect that information along with the privacy of their employees.
The coronavirus contagion has reinforced the important role that technology and cybersecurity can play in the continued operation of businesses during such a trying time. Whether protecting hospitals from ransomware attacks so that they can save lives or ensuring, companies can support and maintain employee productivity through this storm; cybersecurity plays an integral role in business continuity for every company.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.