Why Covid19' is a game-changer in the whole cybersecurity domain?
It might surprise you that Telephone-operated Crime Survey for England and Wales (TCSEW) estimated a significant increase in physical crimes during April and May 2020 compared with a two-month average in the pre-lockdown period.
While the falling trend might be observed across the majority of crime types like theft offenses and domestic burglary. The survey indicates a rise in computer misuse offenses during April and May.
As hackers who progress on chaos visualized the outbreak as a way to infiltrate people's devices and steal information that could be manipulated and resold on the Dark web.
In March 2019, the World Health Organization pronounced the coronavirus that causes COVID-19 a pandemic. A declaration that leads to a massive number of companies asking employees to work from home. However, millions of workers signing in remotely to corporate networks lead to another threat, Cyberattacks.
Hence sharing my knowledge on this topic is a necessity to me as a cyber researcher. In this article, I shall appraise Covid19's role as a game-changer in cybersecurity.
? Table of contents:
The Open enemy “Cybercriminals”
- Curiosity might risk the privacy
- Workspace shifted from Office to Home
- Covid tracking apps might trap you
Former to the advent of Covid19’, cybercriminals set up a novel trap for internet users that used naive people's fear as bait. Cybercriminals adapted the tactics which aid them to target people in the dark rooms of their homes while sitting miles apart. Hence working from home becomes a gateway t new forms of data theft. Companies are the most vulnerable to cyber threats. However, cybercriminals attempting to access corporate data, customer information, and intellectual property are not the only threats to businesses. Employees are the weakest link in the organization's cyber threat intelligence.
Poor technological infrastructure and inadequate cyber and data security remain the radical cause for this vulnerability spurred by working from home. "These Cyber criminals are focused on remote workforces and hospitals and COVID-19 testing facilities."
found that 40% of organizations have suffered from cyber business fraud within the last 24 months. Similarly, respondents claimed a 47% increase in cybersecurity attacks, dominantly phishing attacks, following the COVID-19 disruption.
Image Source – checkpoint.com
Curiosity might risk the privacy
The thirst for more information gets exploited by cybercriminaCoronavirusttack.
In most cases, as with other high-profile events, attackers employ COVID-19-themed phishing emails, which claim to deliver official information about the spread of coronavirus, but in actual fool individuals into clicking malicious links that hurl Remote Administration Tools (RATs) on their devices.
As an aftermath of COVID-19, the majority of people are turning to earn money or search for new job opportunities. Hiding behind the coronavirus are cybercriminals who are busy unraveling vulnerabilities and using these to their advantage.
Workspace shifted from Office to Home
Attackers also benefit from the fact that many people who work from home do not apply the same level of security to their network as they do in the company environment, or the organization does not implement appropriate company technology or security policies to ensure that all company equipment is owned or operated by the company have the same security features, regardless of whether they are connected to a company network or an open wireless home network.
|
|
Coronavirus |
Cybersecurity |
|
Blocking |
Testing of people traveling abroad and quarantine of symptomatic people |
DMZs, perimeter firewalls, sandboxes, and anti-malware software |
|
Containment |
Schools closed, and restrictions on community events |
Network segmentation |
|
Hygiene |
Handwashing and area segmentation |
Security hygiene- vulnerability policy and privilege management |
|
Early detection |
Motivating symptomatic individuals to reach out for early medical attention |
Anomaly, detection of the breach, and SIEMs |
|
Quick diagnosis and treatment |
Deployment of test kits, Specialized response teams and facilities, and vaccines |
Tools to find defenders identify, isolate and remediate compromises |
|
Prevention |
Development if vaccine |
Development of malware signatures and IOCs |
|
Advanced warning |
Continuous monitoring of health alerts |
Threat Intelligence |
Source – arcweb.com
Covid tracking apps might trap you
In addition, several cases of malicious Android applications pertinent to COVID19 are found. These applications allow attackers to access an encrypted smartphone or device data for ransom. The global pandemic has also resulted in the creation of more than 100,000 new COVID19’ network domains. Although not all domains are malicious, these domains should be suspected.
The Inside enemy “Employees”
Survey shows, Organizations have risks from their internal employees too. What risks as you may think. Let me explain. With the prolonged lockdown, employees had concerns about job security. Hence many employees thought to prepare for the worst, in case the company dissolves or they lose their job. This is a human instinct, but the response will cause severe threats to the company.
I6% of survey respondents admit they are tempted to make copies of essential company data as a precaution. Storing internal company data against a worst-case scenario very clearly illustrates how crucial it is for companies to act to prevent the loss of corporate data, intellectual property and, more broadly, to tackle the risk of corporate fraud.
So what is in our hands?
WHO was found to be attacked by malicious agents too. The Director of Information Security at WHO admitted since the beginning of the pandemic, the organization, has faced an increase in cyber threats. Knowing that even as big of an organization as WHO couldn't be safe is a little terrifying, though. Still, some measures are taken, which I have listed below.
Measures to be deployed by companies
- Make employees aware of these issues, train them to handle sensitive data, and remind them to abide by the code of conduct and related guidelines.
- Another effective approach seems the regulate the measures deployed for the security of tactical IT solutions.
- Monitoring the security of devices and users so that organizations can proactively identify and correct mistakes that users make when managing sensitive data.
- Assessment of the ability to effectively recover from catastrophic cyber-attacks (such as widespread ransomware attacks). After such an incident, the entire IT infrastructure will be restored and operational as soon as possible.
- The performance of its major service providers, suppliers, and channel partners. Supply chain vulnerabilities can lead to major cyber and data breaches.
Only by taking these measures can the company ensure that communications between its office and employees working from home are adequately protected and that the IT environment of the home office does not become a gateway to new forms of cyber crimes
By the VM Ware/Carbon Black report, it is known that many companies have been unable to install multi-factor authentication processes. Twenty-nine percent of the firms that responded said this was the most massive threat they faced during the pandemic so far.
Cyber resilience measures for employees
I have shared below seven precautionary measures you have to take if you want to stop hackers from invading your device.
Image Source – oracle.com
- Make VPN your friend.
During remote work outside the company office, you need to make sure your connection is secure. It is best to use a virtual private network (VPN) service to protect the traffic from your computer to your company. Your company is likely to provide such services. So if you don't have one, make sure you get it.
- Use Company’s equipment for work
Your work usually comes with additional security solutions and built-in protections that your IT department can guarantee. In this way, your IT department can ensure that the equipment is up to date and protected from the most common cyber threats. Therefore, you should use the equipment provided by the company to complete the work.
- Confidential information must not be shared via email
Make sure you don't want to send sensitive information via email when you work from home. This is unwise because the email is not encrypted but transmitted explicitly. The thread is easy to lose. Email, you may spend a lot of time searching for information. Sending emails to the wrong recipient is a "crime" that most of us commit from time to time. Work reports, data, documents, and important research. You don't want a malware attack on your home laptop to clear the report you've been working on for months.
Image Source - esg-global.com
As the main method of communication, email is essential to businesses. According to 73% of respondents who now use email in the cloud, the switch to cloud-based email opens up new possibilities for account acquisition attacks (ATOs) via fraudulent login pages.
- Be careful when downloading software
At this point, if you need to use a computer to work at home, you may miss some applications that you need to complete your work. However, downloading this software yourself may increase the risks faced by you and your business. Fake software download is a popular criminal method that can induce people to download malicious software. List recommended download locations or safe access methods available.
Although access may take longer in times of high demand, it is best not to accidentally download malicious files and simply access your data.
- Backup your data
The smart thing to do is to protect your work through one of the many cloud storage companies. Your employer may even provide you with enterprise cloud backup sites provided by technology companies such as Dropbox, I drive, or Back blaze. Keeping a copy of vital work documents, files and reports will save you from ruining months of work; fortunately, cloud services nowadays do that well.
- Keep a strong password
When you are tired of working in the living room or bedroom, and when working in public places, use a password to protect your laptop, smartphone, and other devices. This provides additional security. If you accidentally leave the device unattended in a public library, nearest coffee shop, or your favorite restaurant, it will be more difficult for people who find it to access and edit files, emails, and pictures.
If you protect your device with a password, you will need to enter a numeric code or password to unlock it. You can also set up your device so that you can open pictures by swiping, showing your fingerprint, or pointing to your face.
- Cover your webcam after use
Conference calls and video calls that require the use of a webcam. Unfortunately, skilled hackers can easily access your webcam without permission and compromise your privacy. Confidential files around the physical workplace, hackers can view them by hacking into your webcam. Webcam your device.
You must unplug it when not in use. If your webcam is embedded, you need to take additional measures to protect yourself. It is unknown when a webcam attack will occur.
Conclusion
The government should also strengthen surveillance. The Ministry of the Interior and other government agencies must regularly issue notices and identify online fraudsters. Also, the organizations and companies must strengthen their security regime. Still, the individual control of online presence is inevitable, in my opinion.
Feel free to leave a message with us if you have any suggestions for Covid 19' as a game-changer in the cybersecurity domain that we might have missed out on.
Your email address will not be published. Required fields are marked