Cybercriminals are trying to profit en-masse from coronavirus fears. In a month’s time, the number of phishing attacks and fake websites launched has increased fivefold, according to figures from Capgemini’s Security Operator Centers (SOCs) worldwide. Understandable, working from home is generally less secure than working on the company network. What makes the situation even more worrisome is that many infected devices are up for abused later on, namely when employees have returned to the office. That’s why companies need to get their cyber-hygiene in order now.
Sebastiaan de Vries, Incident Response Expert at Capgemini, divides the current threat landscape into three phases. First phase: old wine in new bags. Cybercriminals mainly use old and well-known phishing attacks that they simply rebrand to COVID-19. According to De Vries, we are now in phase two: an increase in the number of complex attacks. “The attack techniques and the type of malware are becoming more advanced as attackers have had time to prepare and target. Increasingly, organizations that focus on curbing the corona crisis are being targeted, such as government agencies and the health sector”. The third phase starts when users return to the office, explains De Vries: “We expect an increase in security incidents then. Cybercriminals mainly aim to gain financial benefit from this”.
Working from home: sharpen your policy and business processes
This situation also offers opportunities for the future, according to De Vries. “Working from home will become more and more standard. Employees are now getting used to this way of working. Why not use this moment to draw extra attention to cyber security? Think of it as an opportunity to assess and tighten up your current BYOD policy. Not only to create extra awareness among employees, but also to force your own organization to set up business processes to work remotely at an accelerated pace. With protected ICT solutions that are flexible and adapt to how people work”.
Start with your cyber-hygiene
The challenge for companies is, that the increase in the number of (complex) attacks puts even more pressure on the current staff responsible for cyber security. Despite this pressure, how do you ensure that you minimize the impact of cyber-attacks while at the same time better structuring your business processes? Nico de Smidt, Security Orchestration and Response Specialist at IBM: “First of all by continuing to do what you have already done in a very practical way. Think about installing updates, properly configuring firewalls, blocking malicious emails and domains. Set up simple and basic rules for remote workers. Think about the golden-3, “prevention, detection and response”. Make sure you as a company understand how infections will impact your business and work from the assumption that any employee’s device is infected. Avoiding private use of business devices, or at least have an ERD tool in place.” says De Smidt.
And stick to these rules
It is important that for remote communication platforms, such as video calling, reputable providers with manpower are used to solve security problems. Does your organization have a SOC team? SOC specialists are used to working in teams on location to analyze attacks but are now working from home. That is an extra challenge in communication. The advice: check in regularly with the teams. Is everyone still able to work? Are plans up to date and playbooks rehearsed? De Smidt: “This will ensure that SOC’s continue to make their analyses in the same way and thus tackle incidents in a timely and consistent manner. Keep communicating!”
By introducing a more flexible and dynamic way of communication and working, driven by a repeatable and rehearsed process, the organization becomes more and more resistant to incidents. “Your tooling and response must follow an auditable and repeatable process, rehearsing possible attack scenario’s and continuously run Compromise Assessments. This ensures that you know your infrastructure and threats and know where attackers could be in your network. If we know this, we will be able to return to the office cyber-safe,” says De Smidt.