/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow Us/pcq/media/post_banners/wp-content/uploads/2020/04/Cyberattack.jpg)
COVID-19 has severely disrupted lives the world over. Measures to contain the spread of this deadly virus, including work from home mandates and restrictions on general day-to-day activities, have led to billions of people being confined to their homes. Amid the lockdown, dependence on digital channels for daily interactions and transactions has increased. This has rendered sensitive data, now accessible via a multitude of devices running on home networks, vulnerable.
With almost all operations moving from safer corporate IPs to relatively more exposed home networks, business and companies across the globe are finding it challenging to ensure the security of data. Aggravating the situation, people, driven by their fear and curiosity surrounding the pandemic, have become more active on various networks, exposing systems further to lurking cybercriminals. This has taken cyberattacks to an unprecedented level.
The initial cyberattacks are seen at the start of the COVID-19 crisis revolved around simple phishing techniques. Individuals were targeted with emails carrying malicious attachments appearing to have originated from genuine official sources such as healthcare authorities, and councils. Phishing-related cyberattacks rose by over 600% in March 2020.
Moreover, of more than 4000 coronavirus-related domains registered globally since January 2020, 3% were malicious and 5% are dubious. More recently, cybercriminals pushed through spyware-ridden apps, playing on the general sense of fear and concern among people. Such apps, once downloaded crashed computers, locking the systems and accessing sensitive data—often users were asked to pay ransom in lieu of unlocking the systems. Cyberattacks soon moved on from individuals to targeting larger groups, such as companies in a sector.
The biggest victim of this was healthcare. Organizations in this space have reported the highest average cost of data breaches, at $6.45 million in 2019, over 60% more than the global average of all other industry sectors. Healthcare sector was naturally the primary target, given the scope for cybercriminals to exploit the anxiety surrounding the health crisis, and target individuals, healthcare setups and authorities equally.
Cyber-attacks against the World Health Organization (WHO) doubled in the last month, including a fake WHO website that mimicked the organization’s internal email system. The website had been used to steal passwords and sensitive information from multiple employees in the agency.
London-based medical company Hammersmith Medicines Research, which conducts clinical trials of new medicines and vaccines, was hacked by ransomware that accessed its patient records. The attack is believed to have been in the form of exploit kits or phishing emails containing malware.
The United States Department of Health and Human Services (HHS) faced a security breach on March 15, originating from a misinformation campaign that was spread via social media, SMS, and email. HHS’s servers were overloaded with millions of requests intended at slowing the system’s ability to respond. HHS was successful in deflecting the attack due to its competent security systems and multiple cybersecurity levels.
Several incidents were reported in other sectors as well, such as IT and BFSI.
As recently as April 18th, Cognizant Technology Solutions Corp’s system network was attacked by Maze ransomware. It infected and encrypted every computer and transferred data to the attackers’ server. Attackers threatened to release confidential information if the company failed to pay, in short asking for a ransom for release. The attack resulted in the disruption of service for some clients.
Federal Deposit Insurance Corporation (FDIC) in the US also reported a rise in fraudulent activities in the form of fake calls, text messages, letters and emails to its customers. Scammers pretending to be FDIC employees made false claims about banks either not providing access to deposits or about security issues with bank deposits, creating panic among customers. Scammers also targeted bank accounts and other personal information of customers.
Combating cyberattacks and improving security
Organizations need to have a diverse response mechanism to manage existing and future threats. Risk management framework should be strong and effective to ensure security and continuity of business. The pillars of cybersecurity strategies and policy are:
Infrastructure with appropriate tools and controls
• Deploying appropriate multifactor authentication (MFA) for all employees in accessing networks and corporate applications according to their respective access requirements
• Ensuring virtual private networks (VPNs) are strong, and effective endpoint protection systems with frequent security update cycles are in place; this would help address any vulnerability with minimum delay
• Deploying smart tools such as Intrusion Detection Systems (IDS) or Security Information and Event Management (SIEM) systems to detect potential attacks, and minimize damage
Well-defined response guidelines
• Having robust employee awareness initiatives and work from home policies
o Ensuring that employees use only IT systems and tools provided by the company and avoid using third-party devices from unknown sources; spreading awareness about the pitfalls of using insecure systems/networks
o Informing employees about security hygiene, including access control and handling of sensitive data
o Increasing awareness via refresher training courses about typical cyberattacks, social engineering practices, and the best practices to follow in such incidents
o Providing information on trusted sources for sensitive data
o Building two-way communication channels between employees and security teams to ensure real-time reporting of incidents, sharing of best practices, etc.
• Monitoring high-risk users and assets to identify unusual activities or incidences that may indicate a breach of protocols or an impending cyberattack
• Providing additional front-line support to ensure necessary protocols and safeguards are in place when employees work remotely
• Testing and reworking existing incident response, business continuity and disaster recovery plans to evaluate their efficacy; having a robust emergency response plan to address and reduce, if not eliminate, risks to business continuity
• Having runbooks or response protocols with responsibilities clearly demarcated for security teams, business leaders, and employees in case of a cybersecurity incident; laying down policies to be followed in situations where critical decision-makers are unavailable
• Monitoring and evaluating business systems and response mechanism of partners and third-party suppliers to ascertain their capability and dependability in responding to attacks
Building cyber resilience
Persistent uncertainties demand that information security leaders across all sectors – public and private – be proactive, diligent and have a long-term vision while designing and implementing policies to ensure cyber resilience, not just cybersecurity.
Business and information security leaders need to work together to understand likely vectors for cyberattacks emanating from vulnerabilities associated with the evolving working environment and prioritize the protection of critical information and applications. Educating employees is all the more vital, especially in the case of work environment transitioning from office to home. Revamping and strengthening disaster recovery and business continuity plans is another important aspect.
In the current situation, cybersecurity companies will continue to invest in developing advanced systems and tools for accurately predicting and detecting attacks, and effectively responding on-time across different working environments. Going by their experience in the current crisis, organizations would increasingly rely on advanced technologies such as AI-enabled security systems to preempt attacks and respond effectively on time.
However, the growing transformation of the work environment and the involvement of various remote systems may mean fresh challenges for cybersecurity. As a result, cyber insurance may gain traction among organizations globally, as they look to hedge against cybercrimes.
In such a condition, striking the right balance between immediate needs and actions for long-term cyber resilience, along with risk trade-offs, will be the holy grail for business and information security leaders.
By Himanshu Mhatre, Senior Consultant, Business Research (Technology, Media and Telecom), Aranca
&
Vivek Thawkar, Specialist, Business Research (Technology, Media and Telecom), Aranca