Cybersecurity preparedness in time of COVID-19

Kevin Lau

The unprecedented COVID-19 crisis has posed a huge change in many aspects, for instance, remote working has become a trend to reduce the spread of virus. This has provided insights for company’s management and board on cybersecurity preparedness. Regardless of company size, IT expenditure is unavoidable in order to maintain operations during the crisis. The related cybersecurity investment due to regulatory and compliance measures have since increased.  Most companies are caught off guard by the coronavirus. On one hand company’s computing resources are limited to support remote working, at the same time employees in general have not subscribed adequate firewall protection and antivirus packages to work remotely on their personal computers. With remote working becoming the new norm for companies worldwide amid the COVID-19 crisis, cybersecurity is even more crucial than before to support thousands of workers working from home accessing their companies’ networks.
 
There is a significant increase of cybersecurity risk with more individuals working from home.  While global effort is driven to tackle health and economic threats caused by the COVID-19 outbreak, cyber criminals are exploiting the current world disruption through additional flood of COVID-19 related scams in the form of phishing malware, ransomware and password hacking. It is important to realise the cybersecurity challenges we face during this special period and take corresponding actions to alleviate the emerging risks.
 
The challenges

Getting connected remotely
For many years, all of us are accustomed to working in a physical office, with local networked machines and local IT support. Face-to-face meetings was often preferred. The current social distance situation is a massive change to the norm of such operation, which there are plenty of hurdles for businesses to overcome in order to equip and enable all staff to work from home effectively. The basics would be implementing VPN to connect with corporate networks and video conferencing applications for meetings. For some organisations that were already operating with a remote-enabled culture, this transition is a lot more seamless than for others that have to invest extensively on IT equipment such as laptops, video conferencing licenses, and configure their networks to operate in this way at scale. Although business productivity being imperative, security and resilience of the new operating model should not be treated as a second priority.
 
Secure remote working
Although the COVID-19 epidemic situation seems to have stabilised, many companies are still encouraging staff to work from home. Larger companies are also utilising the situation to explore remote working as a crisis management plan. The unfortunate global disruption has shredded lights for companies to rethink the priority of ensuring business to continue operating securely and resiliently. From a security perspective, this is a very different environment to the existing security practice where measures such as network penetration tests, Internet gateways and firewalls, policy frameworks, and DLP (Data Loss Prevention) needed to be enhanced. In recent years, adoption to digital transformation programmes such as adoption of cloud computing as well as moving towards more remote working with the use of video and document sharing technologies have gathered pace steadily. With current events, these digital transformation initiatives would be greatly accelerated, and once productivity established, together with the ability to cut costs and made them work effectively by doing away with the previous working practises including onsite approaches to technology, such changes would likely be staying beyond current events as investments have been made. Many of these changes are positive and progressive, though they come with a new set of risks.
 
Risks of a remote workforce:
  • Insecure home network: Enterprises invest a lot to secure their IT infrastructure to limit cyber risks, this includes solutions from enterprise-grade firewall to the extent of use of security operation centre which monitor the network environment to limit attack vectors. In contrast, home computers are more vulnerable to cyber-attacks as they are probably running on consumer-grade firewall and antivirus software which are not reliably updated.   
  • Isolated IT Assets: With many employees using personal devices to connect to the company’s network, IT are unlikely to be able to access those devices to harden cybersecurity or standardise settings. Without specific calibration with the company’s security policy and parameters, IT are not able to effectively address and manage vulnerabilities on each of these personal devices contains.
  • Accidental data exposure: With thousands of new, remote workers accessing data outside of the secure office network, it comes with the risk that company’s data ending up in the open, especially through the use of cloud storage and other third party services. That data could include customer information, credentials, or other sensitive and confidential information critical to the company.
  • Expanded attack vectors: With increasing reliance on internet connectivity to enable remote working, employees are more likely to expose to threats that target web services and applications. There is an exponential growth of phishing and adware attacks during the pandemic, with attackers exploiting COVID-19 hysteria through malicious domains, social profiles and campaigns. With millions of people attending video conferences, attackers have devised ways to hijack the administrative privileges granted to conferences to remotely execute malicious code, not to mention the unwanted or uninvited attendees to video calls.
  • Limited remediation opportunities: Infected machines tend to require direct attention of technicians to restore. That would be easy to accomplish by the IT department in an office environment, but become very challenging with a remote working environment. If a remote working computer becomes infected, it would be very difficult for IT department to respond and resolve the issue. And as a result, the attack would possibly last longer and causing even more damages.
The advice
After examining the potential risks associated with the COVID-19 crisis and working remotely, we would like to recommend the following security measures to decision-makers for implementation to decrease the organisation’s overall cyber-security risk level.
 
  • Advanced endpoint protection: Having large amount of externally connected devices connecting to the corporate network opens up more paths for hackers to access corporate and customer information. With remote working being a norm, endpoint protection becomes more important than ever. Next generation Endpoint Detection and Response (EDR) protection incorporates real time response and continuously monitors within the environment. The new capabilities significantly aid in the detection and response of any threats.
  • Encrypted connection: Implementing VPN solutions have been heavily discussed during current crisis as VPNs is one of the best tools for organisations to maintain productivity of workers for remote working. As a result, it is important to ensure the protection of VPNs.  In order to mitigate man-in-the-middle (MITM) attacks, it is highly recommended to use VPNs with an always-on model, which user’s device must be connected to the designated VPN to access any resource that requires an Internet connection.
  • Increased identity and access management: It is necessary to enhance access control to eliminate risks of losing credentials and unauthorised access to systems. Multi-factor authentication should be used to add an additional layer of security when accessing corporate resource. At the same time, continuous monitoring and visibility of access is also very useful in detecting abnormal behaviour. Management should grant staff only the rights to access they need to perform the required duties to avoid attackers gaining the access to sensitive information.
  • Email, instant messaging, and browsing protection: Malicious emails and URLs are usually the major threat vectors. Companies should deploy advanced and specific solutions to protect users. Those services are expected to be used widely, given the nature of remote working, as they are heavily targeted by threat actors.
  • User security awareness: New tools and solutions are used to provide an effective remote working environment during the contingency period. Users may not be familiar with these newly adopted tools or solutions tailored for remote working. To mitigate increased risk, companies should provide extensive user education and training on the risks of remote working and the different types of threats they may encounter.
Despite the recent surge caused by the COVID-19 outbreak, the global workforce is increasingly moving towards a remote working environment. As such, organisations should be planning ahead and applying security controls and creating threat models for its particular environment now, as well as when things go back to normal.