Published: Jun 20, 2020

the impact of COVID-19 and the future of the cybersecurity landscape

The spread of COVID-19 was swift and came as a shock for many in leadership. Countries across the world went into a lockdown, which forced businesses to adopt a work from home approach. With a sudden shift in the business landscape, CIOs and CISOs face a new set of issues as organisations brace themselves for the challenges that come with the future of a remote workforce.

In June 2020, the Singapore Computer Emergency Response Team posted an advisory about cyber threat actors capitalising on the COVID-19 pandemic. The advisory cited some recent examples from the healthcare and Information Technology (IT) industries. One of the victims was Hammersmith Medicines Research, a company working on the testing of the COVID-19 vaccine. The attack resulted in the publishing of sensitive medical documents online, containing more than 2,300 patients’ personal information. MAZE ransomware group also targeted IT services firm Cognizant in April 2020, disrupting the company’s internal operations as well as services for their clients. These episodes serve as strong reminders that cybersecurity best practices must be implemented for effective safeguarding against cyber adversaries.

Driven by curiosity and fear of COVID-19, people are engaging in more searches to learn about the virus and keep up with news about average daily cases. This demand for information makes them more susceptible to phishing. Misled by sites masquerading as trusted sources, people fall victim to social engineering and are tricked into providing login credentials. When credentials to corporate email are compromised, it can be exploited by hackers to infiltrate company networks.

The shift to remote work translates to employees working in an environment that is far more vulnerable to cyber attacks. Employees that work from home may have less security protection as compared to when they are connected to the office network. In the new environment, remote workers can be accessing enterprise systems using their personal computers and mobile devices. They may also use new applications and systems without adequate security safeguards in place. These create instances where organisations do not have full control and protection over sensitive data. The other underlying issue is the use of unsecured WiFi networks to access emails and web portals. While there are vulnerabilities with a home network, the severity increases when workers are at a cafe and connected to public WiFi. Public WiFi allows hackers to trick victims into connecting to a rogue access point, resulting in the ability to intercept the transmission. It is therefore important to think of the use of public WiFi as equal to sharing private information publicly.

This change in work environment sets the context of the house and public spaces as a new frontier for cybersecurity. Up until 2020, organisations protected their network with a ring-fence approach using on-premises solutions. Post COVID-19, cybersecurity leaders will have to rethink their strategies concerning how they safeguard corporate data, strengthen remote workforce cyber hygiene, protect their system from cyber-attacks and the adequacy of their cybersecurity model.

The protection of corporate data is paramount to organisations of all sizes. Having intellectual, corporate, or consumer data in the hands of hackers can impact competitive advantage, damage customer relationships, or incur huge financial penalties as a result of a business data breach.

In a secure enterprise environment, a data loss prevention (DLP) solution can help an organisation control the type of data transferred out of a system. The solution identifies, monitors, and protects data that is in use or stored on networks and devices. With thorough inspection and analysis of transactions, the system enforces data security policies, preventing unauthorised use and transmission.

A dedicated cloud web gateway solution can prevent potential data loss, with or without the user establishing a VPN connection, as it sits between billions of websites and the remote workers’ devices. This proactively protects remote users from security threats, data loss and unfiltered web content. Thus, the traditional network perimeter is erased, enabling organisations to extend their security protection to remote users.

Regular software updates and security patching is essential for system protection. Security patches address vulnerabilities that threat actors target to gain unauthorised access to devices and corporate data. In the wake of new vulnerabilities, the speed and reach of updates to a remote workforce across the entire organisation are crucial.

With a remote workforce, the deployment of security patches may rely on an employee’s connection to the company's VPN. Telecommuting can create the challenge of getting users connected to the VPN to receive patches promptly. Today, with increased adoption of cloud-based email service, enterprises may allow employees to check emails without the use of VPN, in this way creating one less reason to establish VPN connection daily. Leaving remote endpoints unpatched can have severe implications on security. Endpoints that do not receive regular patches may become a conduit for introducing malware into the enterprise environment.

The case for prompt patching can be illustrated with the prevalence of WannaCry, the infamous ransomware attack that made its way around the world in 2017. WannaCry encrypted hundreds of thousands of computers, demanding a ransom paid in cryptocurrency before users could unlock their files. In the United Kingdom, hospitals, government systems and private companies fell victim to the attack. Even today, WannaCry continues to infect vulnerable devices and introduce all sorts of malware. With over a million devices still unpatched, there is an urgent need for users to get the protection they need.

The work from home environment calls for consideration to move from a VPN-everything to a partial non-VPN dependency model. Organisations can shift from an on-premises patch to a cloud patch management solution. This unhinges the limitation that comes with a VPN-dependent approach and allows cybersecurity teams to deploy critical patches with greater efficiency.

In Advanced Persistent Threats (APT), intruders can lie in wait patiently before making a big move. A significant shortcoming of traditional anti-virus solutions is its inability to alert and provide insights to security teams about covert techniques or obfuscated activity. A notable example of such an attack was on managed service providers (MSPs) in over 14 countries by an APT group. The cyberespionage campaign stealthily gained access to networks and successfully stole hundreds of gigabytes of valuable data from dozens of companies. In the wake of these threats, organisations will have to heighten their security standards to protect the confidentiality of their corporate secrets.

Higher levels of surveillance are needed to combat a growing group of threat actors employing the Living off the Land (LOTL) technique. Threat actors use tools or features that exist in their victim’s environment. By using pre-existing software, hackers fly under the radar easily because their activities are not flagged as suspicious. To counter their approach, cybersecurity teams will need an Endpoint Detection and Response (EDR) solution to support the detection and prevention of APT. With an EDR solution in place, security analysts can monitor for threats by continuously leveraging on capabilities like advanced threat hunting, vulnerability monitoring and behavioural detection as the spectrum of endpoint vulnerabilities widens. This provides them with the information to identify, analyse and remediate a security issue. Thus, strengthening its position against the threat actors.

With the surge in remote work, the traditional castle-and-moat security model is fast becoming outdated. The task of securing the perimeters comes under pressure when corporate networks are more exposed to insider vulnerabilities. As aforementioned, it is easy for employees to fall victim to malicious links offering the latest updates on COVID-19 and circuit breaker easing measures. These phishing attacks give hackers a chance to breach the system using corporate credentials. In In Verizon's 2020 DBIR report, phishing and hacking by way of stolen credentials were reported to be the top two methods of breaching security in 2020.

The Zero Trust model is a new way of thinking about cybersecurity and offers a better architecture that demands strict identity verification. The principle of Zero Trust is to believe no one and always seek verification. When put in place, no device or staff within the organisation is exempted from screening when requesting access to resources on the corporate network. By monitoring and managing every device, software, account and network, this new model provides the organisation with visibility and granularity to secure corporate data utilised by its employees and contractors.

The new cybersecurity mindset moves away from unconditional confidence in users within a network to having permitted access based on the user identity and device posture. With the Zero Trust model, power and control can flow back to organisations in a post-COVID-19 remote working landscape.

Cyber attacks have been on the increase during the COVID-19 pandemic, led by threat actors who have been stealing confidential data and publishing it online when organisations fail to pay their ransom. Besides having to deal with ransomware, cybersecurity leaders will also have to navigate the changes that come with a remote workforce. Corporate networks will increasingly be accessed through a broader range of devices and unsecured internet connections. This will require cybersecurity leadership to raise their guard and consider risk management with a stricter security mode. Navigating this well will enable businesses to operate at their best as we ride out the effects of the COVID-19 pandemic.