The true cybersecurity impacts of the COVID-19 pandemic are unlikely to be known for months or years, when incidents and data breaches that took advantage of the confusion caused by the pandemic are finally discovered. However, in the midst of the COVID-19 response, a number of cybersecurity “lessons learned” are already apparent.
Telework Should Be Part of a Business Continuity Plan
Before COVID-19, many businesses either chose to not offer the option for remote work or offered it on a limited basis. As a result, these organizations lacked the infrastructure and processes necessary to support a mostly or wholly remote workforce.
Common issues included a VPN infrastructure incapable of scaling to the number of VPN connections required by a remote workforce, and a lack of employee awareness on how to securely work from home. The forced transition to telework has not only highlighted deficiencies in many business continuity plans, but also demonstrated that remote work both feasible and desirable for many organizations.
Identity Management Is Vital for a Remote Workforce
Under normal circumstances, the majority of an organization’s workforce uses devices connected directly to the enterprise network and operates during standard business hours. Such circumstances makes it relatively easy to identify malicious traffic by observing anomalies in login location and timestamp.
With a remote workforce, distrusting connection attempts from external and unknown IP addresses is no longer feasible. With critical information flowing more freely outside of the network to potentially untrusted devices, implementing a zero-trust security model is necessary to minimize the risk of security leaks.
Maintain Regulatory Compliance During Telework
Enforced telework due to a global crisis makes it difficult for organizations to fulfill normal regulatory requirements. As a result, regulatory authorities have relaxed some requirements (e.g. telemedicine) in an effort to allow companies to continue to operate during the crisis.
These authorities, however, also require that organizations maintain compliance during the crisis, follow standard guidance for regulatory compliance for remote workers, and be able to demonstrate after the fact that they maintained compliance throughout the pandemic. Even simple business continuity issues such as a lack of company owned and approved laptops for use by remote employees could endanger an organization’s compliant status.
Cybercriminals Target Critical Infrastructure
Cybercriminals are typically focused on maximizing their profits. During the COVID-19 crisis, this means that the best target would be the healthcare industry; an industry where any amount of downtime could drastically impact patient care. For this very reason, early in the crisis, many cybercrime groups promised not to attack the healthcare industry for the duration of the pandemic. Some ransomware groups even offered free decryption keys for healthcare organizations should they accidentally be attacked.
Despite the gesture of goodwill, some cybercrime groups reneged on their word. The Maze ransomware group, one of the most visible groups to promise not to attack healthcare, attacked Hammersmith Medicines Research, a UK-based healthcare laboratory, shortly after making the pledge. Because Hammersmith Medicines Research is on standby to test potential vaccines, an attack could negatively impact the speed at which a vaccine is made available. Additionally, Maze is one of the ransomware groups that collects and leaks sensitive data if an organization refuses to pay a ransom; an additional risk to sensitive patient data.
Phishers Love a Crisis
Phishing attacks are most effective when they have a believable pretext that induces the target to click the link or open the malicious attachment. For phishers, a crisis like COVID-19 is a godsend. A number of phishing attacks have taken advantage of the pandemic, offering information, fake vaccines, and medical supplies. As employees work from home, often on untrusted devices with less access to their company’s cyber defenses and IT support, the probability of falling victim to a phishing attack is heightened.
Crises Derail Strategic Planning
At the beginning of 2020, many organizations were predicting how cybersecurity and businesses would evolve throughout the year. A few months into 2020, COVID-19 disrupted those plans.
In the wake of the pandemic, many companies are “just trying to keep the lights on,” and, strategies to improve cybersecurity maturity have fallen by the wayside. However, many cybercrime groups have continued to operate and innovate during the crisis, potentially giving them the upper hand when the COVID-19 pandemic ends.