Ensuring Cybersecurity During Covid-19 Driven Changes

It is a sad reality, but both hostile state actors and opportunistic cybercriminals are already leveraging COVID-19 themed campaigns to conduct phishing, deliver malware and compromise cybersecurity.  Secureworks Counter Threat Unit researchers have observed that, as is common with all topical news stories, criminal actors making cynical use of the current crisis to promote misinformation and products with the intent to harm organisations and individuals.

By following key good cybersecurity hygiene practices, organisations can protect themselves and their employees against these attacks.

At Secureworks, we exist to secure the human progress that technology enables. In this new COVID-19 corporate landscape, our customers are dealing with the competing challenges of protecting employees and business systems, while also rapidly making business and technology changes, including adopting new temporary remote working practices.

If you are one of the many companies rapidly adopting these new working practices, including encouraging remote work from home, I want to give you our best advice for maintaining business continuity while not increasing your organisation’s cybersecurity risk:

Remote access services are now business critical. Services that facilitate communication, collaboration and delivery of core business services for a remote workforce will now become vital systems, where previously they were a flexible convenience. Organisations may need to open up additional access and reconfigure services in order to enable full remote functionality. There will be pressure to do this rapidly and bypass normal change control processes. I want to challenge you to balance the need for speed of delivery with diligence in ensuring that proper controls and security practices are maintained to keep data and systems safe. You don’t want to be left vulnerable in what is now a mission-critical situation.

Multi-Factor Authentication (MFA) is a must-have. Credentials abuse is at the root of most intrusions involving remote access services. Where possible, make sure your organisation is making use of proper Multi-Factor Authentication (MFA), Virtual Private Networking (VPN) technology, and secure cloud web services like web mail, collaboration portals and enterprise business applications. Exceptions to this will be your Achilles Heel, as the adversary only has to find one hole in your defences, and multiple threat groups actively target these services on a near-continuous basis.

Organisations currently in the midst of responding to a cyber intrusion may encounter the additional challenge of being unable to respond with the implementation of new controls such as MFA because the potential for disrupting remote workers is deemed too high. There may also be a reluctance to patch Internet-facing systems and remote access services that the business is now even more reliant on, even when those are the very systems that may be most at risk from attack. The answer is to enhance your visibility to spot threats early.

Increase your monitoring and visibility across this new environment. This includes endpoint, network, and cloud services and task cyber defenders with actively hunting for threats and re-entry attempts. In combination, this can provide a temporary mitigating control while the enterprise works through the challenge of responding to the incident.

Contingency planning in the new virtual world

You are undoubtedly talking about contingency planning as part of your business continuity plans right now. I want to encourage you to also include cybersecurity contingencies in that discussion.

• Do you have a cybersecurity crisis communication, management and response plan?
• Do changes to working practices stemming from the COVID-19 pandemic alter that plan?
• Can you correlate multiple stages of an attack that could lead to a catastrophic event (e.g. ransomware) and neutralise the problem early, before it becomes a disaster.
• Are you prepared to rapidly respond and recover based on various degrees of business impact?

We know our Secureworks customers depend on us. Our teams around the world are committed to being your cybersecurity partner in this digitally connected world—the larger WE simply cannot allow threat actors to exploit this crisis. Our communities are already fragile, so we cannot tolerate anything that results in additional financial burden, business disruption or patient care risk.

Good cybersecurity practices will carry you through. We will be alongside you every step of the way, protecting the progress of our customers so you can stay focused on being there for your employees and customers.

Barry Hensley leads Secureworks’ Counter Threat Unit (CTU) and Cyber Threat Analysis Center (CTAC).