Depending on which reports you read, the average time it takes to detect an intruder in your network after a compromise is 206 days…
Getting a sense of the overall threat landscape is rarely straightforward. The nature of cyber crime is dynamic; tactics and techniques fall in and out of vogue as criminals choose the path of least resistance.
In the wake of Covid-19, cyber criminals have latched onto the global emergency, seeking to exploit individuals and businesses through coronavirus-themed phishing campaigns, malicious apps and fraudulent outbreak map websites, to name just a few.
It’s well-reported that the cyber security industry is facing significant global shortages, both in numbers and skills. This shortage doesn’t only stretch cyber personnel, but IT professionals lumbered with security responsibilities on top of their existing workloads. They’re often in a continual state of deficiency, in numbers, expertise or both, with a multitude of security technologies to manage.
The wave of remote working across the UK due to Covid-19 is compounding these challenges. Traditional security perimeters are now decentralised, with no way to fully control what happens in the home-working environment. This expanding footprint can be likened to in-house IT and security personnel playing zone defence on a significantly larger pitch, but with far fewer players than its opponents, who have multiplied.
Cyber criminals are unlikely to be complaining as they look to exploit vulnerabilities wherever they exist and leverage whatever they can. They’re taking full advantage of understaffed businesses with limited abilities to prevent, detect and respond to attacks.
The primary trends observed by the IT Lab Cyber Security Operations Centre (CSOC) during the Covid-19 emergency have been the systematic targeting of users via phishing and their remote workplaces.
The blended home and workplace works in favour of cyber criminals. As remote workers cope with additional stresses and distractions, this arguably makes them more vulnerable to a phishing attack than before. Unsurprisingly, phishing has spiked in response to the emergency, which proves time and again to be an extremely effective method of defeating security defences.
Typically, a hacker must circumvent enterprise technology to compromise a network endpoint such as a laptop, mobile or tablet. But if not managed effectively, security controls are weakened by remote working because existing layers of security haven’t or can’t be applied or enforced.
Active attempts underway across the UK include:
- Attacks on unprotected and unpatched devices to exploit existing vulnerabilities.
- The installation of malware on users’ endpoints to intercept traffic and steal login credentials and other sensitive information.
- Attacks on network domain name servers to redirect user requests to malicious websites.
It’s worth highlighting that cyber criminals are also targeting the commercial tools used to facilitate remote working, such as the Zoom remote conferencing platform. It’s unlikely that either remote workers or businesses could have anticipated that Zoom would bring the data loss and privacy dangers to the workplace that it has.
Most modern businesses have networks of third parties including outsourcing partners and vendors, with some representing a dependency for your own business. It’s vital that businesses look beyond their own realm and assess the information security and business continuity of third parties to determine how they are or could be affected by the crisis, and consequently what that risk could mean to them.
When the dust finally settles around Covid-19 and normality returns, businesses should take the opportunity to reflect on what did and didn’t go well. They should identify improvements to equip themselves for better business continuity. Don’t see a ‘lessons learned’ exercise as optional; it’s an opportunity to build on the approaches that worked and avoid repeating mistakes.
Businesses should:
- Consider additional protection for their corporate networks, applications and data, with the expectation that cyber criminals can penetrate remotely-connected devices.
- Protect the devices of their remote employees in the same way as they do for the systems on their corporate network.
- Continue to educate employees on security practices, from the basics of avoiding opening unknown links to the protection of their remote workplace and home network. The shortage of cyber security skills and IT resources to protect remote workloads means some protection burden will fall on employees. It’s therefore vital to have a user-friendly cyber protection solution that doesn’t need excessive training to provide an adequate level of protection for home devices.
The reality is that while Covid-19 will eventually subside, the risk of a cyber attack won’t. Depending on which reports you read, the average time it takes to detect an intruder in your network after a compromise is an estimated 206 days. What will this look like in a post-Covid-19 world? It’s reasonable to expect that just when businesses regain stability, they will face another, equally merciless experience by way of a data breach.
Although the pandemic has been a global disaster, it presents a unique opportunity to improve your approach to cyber security and bring security awareness to all users.
As the shift towards remote working continues to grow, we can expect to see more managed security service providers (MSSPs) shouldering the cyber security burden. They’ll play a crucial role in deploying extra cyber protection capabilities for businesses and corporate infrastructures with remote working and the protection of homeworkers in mind.
Luke Kiely is the cyber security operations manager at IT Lab.
