Cybercriminals love a good crisis. So it’s no surprise that they jumped at the opportunity to take advantage of the COVID-19 pandemic to exploit tens of millions of home-based workers who have provided new access points to malware, cyber viruses and phishing attacks. The attack surface for attackers has never been wider.
The assaults, of course, don’t stop here. Cybercriminals also use newly-implemented technologies to move to the next step and try to penetrate corporate systems.
Earlier this year, corporate chief information security officers (CISOs) pivoted from working on routine tasks and quickly instituted measures to maintain business continuity by monitoring soaring threat levels and patching remote systems over virtual private networks. But it hasn’t been enough.
This raises an obvious question. Is your company’s cybersecurity policy as effective as it should be amid these tumultuous times? And if you’re not an employee but the owner of a small business – typically someone with much less sophisticated cybersecurity protection – how does your online security stack up?
The answer: Cybersecurity has improved, but markedly more has to be done to secure networks in 2021, the second year of the pandemic. The number of cyberattacks has become staggering.
The FBI recently reported that the number of attack complaints in their Cyber Division has reached as many as 4,000 a day – a 400% increase from what it was seeing pre-COVID-19. Meanwhile, a study by CrowdStrike, a Silicon Valley cybersecurity vendor, showed more intrusion attempts on corporate networks in the first six months of 2020 than in all of 2019. Its threat-hunting team blocked 41,000 potential intrusions – compared with 35,000 in all of 2019. One of the biggest reasons behind the increase, the company said, was the rapid adoption of remote workforces, significantly expanding the attack surface at many corporations and other organizations.
Another problem has been the strain of resources experienced by many organizations, creating new security vulnerabilities. In recent months, for instance, some healthcare organizations have temporarily relaxed firewall rules to facilitate additional work-from-home capabilities or short-circuited vendor diligence protocols. They have also rapidly expanded telehealth capabilities or quickly erected temporary medical facilities lacking traditional security infrastructure.
It’s not that companies haven’t been trying to improve their security. Since the start of the COVID-19 pandemic, they have increasingly deployed customized proprietary security plans instead of generic plans and focused more on who is connecting into their infrastructure securely. More are also recognizing that relying solely on preventive measures without also employing offensive measures to curb attacks is insufficient. Many, however, have yet to follow suit.
“Companies will get breached,” says Robert Lee, the CEO of Dragos, an industrial cybersecurity firm. “Companies shouldn’t worry about that because they can’t stop all breaches. But if they don’t have the data they need to respond to an attack and know how to respond, they will fare much worse.”
Another reason for the surge in attacks – despite the enhanced security steps taken by organizations – is that many have been forced to rapidly develop and deploy ad- hoc continuity plans. This leads to rushed and incomplete solutions. While often functional, they typically are not secure enough for the long term. One way for companies to help combat this is to explore artificial intelligence-based methods to better protect their remote mobile workforce so that they can access any data or application required to be productive.
“To realize this benefit, companies have to deploy zero-trust solutions that ensure this improved way to work is truly secure,” says Charles Eagan, the chief technology officer of Canadian-based cybersecurity vendor Blackberry Cylance.
There are a number of even more important – and more basic – steps that companies and other organizations can take to mitigate cyber threats. Here they are:
- Companies must make a point of teaching their employees how to be on the look-out for signs of malicious activity, and how to react if they are suspicious. Applying maximum skepticism of inbox security is crucial at all times.
- Those with large work-from-home bases need to prioritize the purchase of services such as overall management of detection and response, managed endpoint and response, and vulnerability management services. Midsized enterprises, in particular, have traditionally invested security budgets mostly on preventive controls, such as firewalls and endpoint protection, leaving them underinvested in detection and response.
- Update company software and systems. Make sure that the potpourri of devices in the hands of users are all updated with the latest versions of their operating systems. This typically requires embracing a “push” methodology, forcing new security updates onto a user’s device. This is better than a “pull” methodology, which notifies the user that new security patches are available to be downloaded but often never are.
- Conduct top-to-bottom security audits. This audit will review the security practices and policies of your central IT systems, as well as your end-user departments and at the “edges” of the enterprise, such as IoT devices at manufacturing plants. The audit should also examine remote site compliance with security policies.
- Demand regular audits from vendors and business partners, among the most significant threat vectors. Most sizable companies now see the cloud as integral to their technology, making audits of outside players even more important.
- Perform regular data backups that work. A significant problem, unfortunately, is not that companies don’t perform regular backups but rather that they don’t always work properly. Data backups and disaster recovery measures need to be thoroughly tested at least once a year.
Meanwhile, what should small businesses do?
If they don’t have one already, small businesses must create a cybersecurity policy and train employees in their stipulations and install a firewall as a protective barrier between their data and cybercriminals. Businesses must also document a BYOD policy focused on security precautions. In addition, they would do well to adopt a managed security service, which provides round-the-clock monitoring and management of intrusion detection systems and firewalls.
The overriding message behind all these steps is abundantly clear. Businesses big and small need to continue strengthening their cyber protection. The COVID-19 pandemic is continuing in 2021, and no company wants a re-play of all the unprotected cyber threats that lie in wait if unaddressed.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.