The COVID-19 pandemic has had a significant impact on “business as usual.”  Within a matter of weeks, organizations around the globe have been forced to transition to telework in order to continue operating during the crisis. This sudden transition to remote work has had significant effects on organizations’ cybersecurity.

Key Takeaways From the COVID-19 Response

The true cybersecurity impacts of the COVID-19 pandemic are unlikely to be known for months or years, when incidents and data breaches that took advantage of the confusion caused by the pandemic are finally discovered. However, in the midst of the COVID-19 response, a number of cybersecurity “lessons learned” are already apparent.

Telework Should Be Part of a Business Continuity Plan

Before COVID-19, many businesses either chose to not offer the option for remote work or offered it on a limited basis. As a result, these organizations lacked the infrastructure and processes necessary to support a mostly or wholly remote workforce.

Common issues included a VPN infrastructure incapable of scaling to the number of VPN connections required by a remote workforce, and a lack of employee awareness on how to securely work from home. The forced transition to telework has not only highlighted deficiencies in many business continuity plans, but also demonstrated that remote work both feasible and desirable for many organizations.

Identity Management Is Vital for a Remote Workforce

Under normal circumstances, the majority of an organization’s workforce uses devices connected directly to the enterprise network and operates during standard business hours. Such circumstances makes it relatively easy to identify malicious traffic by observing anomalies in login location and timestamp.

With a remote workforce, distrusting connection attempts from external and unknown IP addresses is no longer feasible. With critical information flowing more freely outside of the network to potentially untrusted devices, implementing a zero-trust security model is necessary to minimize the risk of security leaks.

Maintain Regulatory Compliance During Telework

Enforced telework due to a global crisis makes it difficult for organizations to fulfill normal regulatory requirements. As a result, regulatory authorities have relaxed some requirements (e.g. telemedicine) in an effort to allow companies to continue to operate during the crisis.

These authorities, however, also require that organizations maintain compliance during the crisis, follow standard guidance for regulatory compliance for remote workers, and be able to demonstrate after the fact that they maintained compliance throughout the pandemic. Even simple business continuity issues such as a lack of company owned and approved laptops for use by remote employees could endanger an organization’s compliant status.

Cybercriminals Target Critical Infrastructure

Cybercriminals are typically focused on maximizing their profits. During the COVID-19 crisis, this means that the best target would be the healthcare industry; an industry where any amount of downtime could drastically impact patient care. For this very reason, early in the crisis, many cybercrime groups promised not to attack the healthcare industry for the duration of the pandemic. Some ransomware groups even offered free decryption keys for healthcare organizations should they accidentally be attacked.

Despite the gesture of goodwill, some cybercrime groups reneged on their word.  The Maze ransomware group, one of the most visible groups to promise not to attack healthcare, attacked Hammersmith Medicines Research, a UK-based healthcare laboratory, shortly after making the pledge. Because Hammersmith Medicines Research is on standby to test potential vaccines, an attack could negatively impact the speed at which a vaccine is made available. Additionally, Maze is one of the ransomware groups that collects and leaks sensitive data if an organization refuses to pay a ransom; an additional risk to sensitive patient data.

Phishers Love a Crisis

Phishing attacks are most effective when they have a believable pretext that induces the target to click the link or open the malicious attachment. For phishers, a crisis like COVID-19 is a godsend. A number of phishing attacks have taken advantage of the pandemic, offering information, fake vaccines, and medical supplies. As employees work from home, often on untrusted devices with less access to their company’s cyber defenses and IT support, the probability of falling victim to a phishing attack is heightened.

Crises Derail Strategic Planning

At the beginning of 2020, many organizations were predicting how cybersecurity and businesses would evolve throughout the year.  A few months into 2020, COVID-19 disrupted those plans.

In the wake of the pandemic, many companies are “just trying to keep the lights on,” and, strategies to improve cybersecurity maturity have fallen by the wayside.  However, many cybercrime groups have continued to operate and innovate during the crisis, potentially giving them the upper hand when the COVID-19 pandemic ends.

Staying Secure Through COVID-19

The COVID-19 pandemic has created significant challenges for organizations as they try to support and secure a remote workforce. Many of them have discovered that their existing business continuity plans lacked key contingency plans. This challenging time, however, has provided organizations the opportunity to identify shortcomings in their business continuity strategies and determine effective ways of maintaining operations and security. For organizations looking to update their policies and procedures and deploy security solutions to meet new business needs, MorganFranklin cybersecurity advisors are available to assist through every stage of the process.

Let’s Work Together