Upgrading Cybersecurity for Challenging Times Ahead

by Jul 6, 2020Security

In the race to adapt to COVID-19, businesses suddenly found themselves exposed to a wide range of cybersecurity risks. Hackers exploited this situation by ramping up their attacks, knowing that organizations were suddenly more vulnerable.

Quick patches may have sufficed for a little while. But with no end to this pandemic in sight, it’s critical that businesses now invest in stronger cybersecurity systems as they navigate this new normal.

In this post, we look at the unique security challenges that businesses are facing right now, and solutions that can provide more robust protection in the long term.

 

The problem

How did we get here?

As coronavirus pushed states into lockdown, businesses scrambled to adjust their operations. For many, this meant allowing employees to work remotely, using new software and unsecure devices. At the same time, these rapid shifts put added stress on IT systems, creating a recipe for disaster:

  • The wide range of new processes and systems created new security gaps that made IT systems more vulnerable to outside threats.
  • Many devices were not adequately secured before employees began using them (particularly if users’ personal devices were used).
  • Remote workers didn’t receive adequate training on new systems, increasing the risk of costly mistakes and cybersecurity holes.
  • Overall confusion and uncertainty about COVID-19 made users more susceptible to attacks like phishing scams.

 

Hackers took advantage from the start. Federal law enforcement agencies have repeatedly reported a rise in cybersecurity attacks and scams throughout the outbreak, particularly targeted at businesses.

 

Upgrading Cybersecurity: 300% increase in cybersecurity complaints during COVID-19

It’s a problem that isn’t going away anytime soon.

In June, the U.S. House Committee on Financial Services reported that cybersecurity complaints to the FBI jumped “from 1,000 a day before the pandemic to up to 4,000 a day during the crisis.”

Hackers are primarily targeting businesses, which usually deliver the biggest payoffs from attacks like data theft, ransomware and cyber-extortion.

Whether COVID-related or not, there have been a number of concerning attacks in recent weeks.

  • Amazon Web Services recently defended against the largest-ever DDS attack, with peak traffic volume of 2.3 Tbps.
  • In May, a ransomware attack on IT giant Cognizant was projected to cause up to $70 million in losses, and in June the company revealed that the hackers had gained sensitive information for some employees, including social security numbers, financial account information and driver’s license information.
  • In Australia, a massive (and possibly state-sponsored) cyberattack targeted the country’s hospitals, industry and government agencies.

 

Every business should be monitoring these developments carefully, because it’s only a matter of time before they become the next victim.

As Kelvin Coleman, executive director for National Cyber Security Alliance, recently said on Capitol Hill, “Bad actors were committing malicious acts before COVID-19 and they will certainly do so after this crisis subsides.”

 

7 cyberattacks to prepare for

To be clear, the types of attacks haven’t changed much. But businesses have.

Security holes were created as operations became decentralized (with many workers now working from home indefinitely). Because of these changes, many businesses need to completely rethink how they defend against the most dangerous threats, including:

  • Social engineering: Attacks such as phishing scams that deceive users into clicking malicious links or inadvertently submitting their personal information to hackers.
  • Ransomware: Data-encrypting malware that extorts money from victims in exchange for restoring the data.
  • Network intrusion: Hackers gaining access to networks via security holes in the network configurations, hardware or via malware that already exists on a machine.
  • Data theft / exfiltration: Theft of company data that resides on servers or during transmission.
  • Brute-force attacks: Unauthorized entry into secure systems with the use of password-guessing software.
  • Malware: Viruses and other malware delivered via email or malicious websites.
  • Internal threats: Systems being compromised by an organization’s own users or third-party vendors.

The question that businesses need to consider: How do we continue to protect the business from these threats, while maintaining the operational changes brought on by COVID-19?

Here are some key areas to consider.

 

Expanding network security

A huge chunk of external threats can be thwarted with strong network security. This security is especially crucial now with networks being expanded (often sloppily) to accommodate the increase in remote workers.

Businesses must focus on strengthening their network in multiple ways: 1) for stronger defense against unwanted data entering the network and 2) for better security around network access.

We go into more detail about recommended solutions below, but the most critical underlying step is ensuring that remote workers can securely connect to your networks. This is the only way to maintain control over the security of users’ devices and the data on them.

 

Ensuring secure network access

If users aren’t connecting to your network, you have no control over the software they’re installing, the websites they’re visiting or the threats that are entering their devices. Businesses need to enable workers to connect to the network, wherever they are, and that connection needs to be secure.

Ideally, remote workers should be given their own company-provided devices, just as they would at the office. This enables IT to configure the devices according to company-wide cybersecurity protocols and maintain that control over the network going forward.

VPN access is essential for making the connection secure and encrypted, since you have little control over where users connect to the Internet. Additionally, multifactor authentication should be used to verify users’ identities and prevent unwanted access.

 

Application whitelisting & deployments

Another essential reason to give users company-provided devices is to maintain control over the software deployments.

If a remote worker installs malicious software on their laptop and it results in a ransomware infection, your entire network could be affected. Businesses need to employ the same application whitelisting that they would for on-premise workstations. This will ensure that only company-approved software can be installed and nothing else.

Additionally, the network access will allow IT to remotely deploy software on users’ devices across the network, no matter where they’re located.

 

System patches and software updates

Proper patch management was always essential. But if businesses are going to survive this new, decentralized normal, then they have to be even more proactive about these updates.

Unpatched software and operating systems are an open invitation for cyberattacks. And depending on which flaws hackers exploit, the attacks can cripple your entire business.

Regardless of whether employees are on site or around the world, organizations must have processes in place to apply these updates across the network as soon as they’re available.

 

Stronger firewalls

We mentioned above about the importance of blocking threats at the edge of the network. Your network firewall can do a lot of this heavy lifting, as long as it’s configured properly.

But what does firewall protection look like in a post-COVID-19 world?

It means that every end point needs to be secured, whether by a centralized firewall, a firewall on the user’s device and/or via the VPN connection.

Newer “cloud-based firewalls” can provide similar levels of protection by deploying the firewall on a public or private cloud, connecting it to your network and installing VPN clients on users’ devices.

Regardless of deployment, the firewalls need to effectively stop unwanted traffic, block known malicious IPs and prevent internal threats from moving across the network.

 

Stronger access control

Limiting your users’ file access can prevent your systems being compromised by two different threats: outside cyberattacks and users’ own malicious actions.

If your remote users will continue to access the network, it’s critical that their access is limited to only the files and folders they need for their job responsibilities, a.k.a. the principle of “least privilege.” This prevents users from accessing (and modifying, deleting or stealing) data they shouldn’t be able to see in the first place. But also, it can stop some cyberattacks, such as ransomware, from moving laterally across the network.

Strong access control was already important before COVID-19. But it’s arguably even more vital now as businesses undergo massive changes to their operations.

 

Upgrading antimalware systems

Now is the time for businesses to reevaluate their antimalware systems and invest in more advanced solutions for protecting the entire infrastructure.

A virus doesn’t need to reach your server to derail your operations. It can brick your employees’ devices, killing productivity and potentially disrupting your critical services. Also, if the device can’t be fixed remotely, then you can’t simply move the user to another workstation. They’ll need to get a new device shipped to them, or they’ll need to come into the office to pick one up. Either scenario results in lost time (and money).

This is why businesses should be deploying robust antimalware solutions that provide endpoint protection on every device across the network – so threats are mitigated from the start.

 

Data protection for physical, cloud and virtual infrastructure

Whatever your infrastructure looks like in a post-COVID-19 world, all data should be backed up around the clock.

Today’s businesses require a robust BCDR solution that can protect data wherever it lives, across all operating systems and devices on the network. We like Datto’s backup solutions for SMBs, because they can protect physical, virtual and cloud infrastructure running on Windows, MAC or Linux, and backups are stored both locally and in the cloud.

Plus, in the event of data loss, ultra-fast recovery options, like instant virtualization, restore access to data and systems in seconds, so that companies can eliminate downtime and get back to business right away.

It may be a while before we know when this coronavirus pandemic will be “over.” But by strengthening cybersecurity now, businesses will be better equipped to thwart threats no matter what the “new normal” looks like in the years ahead.

 

Get expert guidance  for upgrading cybersecurity

If you need help with your business continuity planning as it relates to data protection, BC/DR, file-sharing or IT infrastructure, contact our business continuity experts at Invenio IT. Call (646) 395-1170, email success@invenioIT.com or request a free demo.

New call-to-action

Dale Shulmistra is a Business Continuity Specialist at Invenio IT, responsible for shaping the company’s technology initiatives -- selecting, designing, implementing & supporting business continuity solutions to bolster client operational efficiencies and eliminate downtime.