COVID-19 Lessons – Why it is important to have a robust cybersecurity infrastructure and policy?
Covid-19 has wreaked havoc over the world this year, while most of the organizations are battling the brutal pandemic, it doesn’t change the fact that this unpredictable challenge has stressed IT Professionals all over the globe.
As companies, small business and organizations (Government) are finding ways to cope up with this “New Normal” by shifting from “office work” to “work from home” infrastructure, in many cases it involved rapidly rolling out the facilities for remote working.
However, this rapid shift came with little to no warning and the time limit gave no chance to these organization to even test their remote work infrastructure properly. Its quite obvious, that this particular situation is not the ideal situation from the Cybersecurity standpoint.
Launching a new infrastructure with no test at all can leave pretty big hole in the systems and this particular situation is ideal for “Hacker” who wants to take advantage of this and tryout all the malicious activities that he or she thought it was not possible earlier. This new situation was like an “All you can eat buffet” for hackers and they didn’t miss that chance.
Hack for Hire on Covid-19?
When companies decided to work from home, almost immediately Google noticed the increase in malicious activities and even Microsoft had few trends to back that claim. However, you can calm down because the wave of hacking attempts peaked in the month of April along with the pandemic and since then have died down as these companies have made their security sturdier. But, it is also important to note that the danger is still looming around.
In the month of may, Forbes reported that Hack-for-hire was trending and was resulting in increase of number of hacking attempts. This claim was backed by the reports submitted by Google and even the search engine giant admitted that indeed, the Hack-for-hire was trending. A firm called “Threat analysis group” (TAG) which is under Google, confirmed that many in India created fake GMAIL accounts to spoof WHO a.k.a World Health Organization.
They also confirmed that these attackers are mainly targeting Business leaders in financial services, consulting and healthcare corporations in countries which includes:-
“The users of these fake GMAIL accounts encouraged other individuals to sign up for newsletter related to WHO for staying updated with Covid-19 related activities and news and other announcement and they linked that particular newsletter to the websites hosted by them (attackers) which resembled the website of WHO”. – said Shane Huntley the head of Google TAG.
Further he said – “The websites also had fake login pages which prompted user to register/login in order to get their GMAIL account credentials, along with their personal information including the phone numbers as well”. Even the world health organization confirmed that they have seen increased in cyber attacks at its staff members dramatically. And there was also seen a rise in email related scams at large as many of the active email ids of WHO staff were leaked online.
However, this was not the end of it as more and more attempts were rising over the period of time and it is still not slowing down , for that you can read the entire report published by Forbes – Increase in Hack-for-hire. Also, a simple Google search will give you more new reports from credible sources.
As we mentioned earlier, that even though the attacks have slowed down it is still not stopping. Now this slow speed have gave the IT organizations enough window to increase their defense system for remote working. But there is still the looming uncertainty. Why? Let us explain..
Every year, IT organizations has to plan their Cyber security policy because as technology changes, the existing cyber security policy also needs the change along with technology. However, since now all the IT organizations and its employees are enjoying work from home culture, it doesn’t change the fact that this unpredictable year has wasted all the efforts of the IT Security Infrastructure Planners who are in charge of planning and making changes to cyber security policies every year. This is because the sudden appearance of Covid-19 pandemic has turned all the assumptions and cyber security priorities of 2020, up-side-down.
As the IT organizations around the world don’t have a proper answer to how they will open up their regular work culture, this leads to uncertainty, as for now the future is unpredictable.
The increase in attack & defense area during Covid-19
Pre-covid-19 situation was pretty secured as there was a certain limit in the attack area, however, during covid-19 the attack has increase 100 fold thus it led to increase in the attack points for hackers and the IT organizations are left with more area to defend. Hence the entire priority landscape during this pandemic has reshaped into something the world couldn’t predict.
If we were to explain this in one particular scenario, then it will be like this..
In past or until last year IT organizations had their security priorities revolve around a certain perimeter, which involves a good defensive hardware mechanism and software configuration with internal network monitoring along with strict access control for users and the outside attackers. In other words, the general idea was – “It was much easy and simple to prevent internal network penetration attacks, then to harden every single internal device against the attack.
Hence it was easy to secure business resources inside the protected environment of the office, but that has changed during the pandemic because now business are connecting these resources remotely and now employees and clients use their own hardware connect to that particular resource which is now running on untested and less secured remote connection. So the approach that was valid till last year lost its credibility and became useless as the number of attack vectors increased.
This leads to IT organizations rethink their entire network security infrastructure from a completely new perspective. Hence with this we will certainly see an elevation in new security practices i.e securing the software or any application with in-built security, this is because not only hardware defense is important, the in-built software defense system of the applications running on the cloud is also important.
It is also critical to educate employees
Well as it is pretty obvious that IT organization will do whatever it can to protect its integrity by securing their infrastructure, but now since the situation has shifted to remote working, securing the integrity is not only dependent on one single entity, as the employees need to do their work too. And we are not talking about server, cyber security and maintenance people, but by employee we mean each and every person in the organization.
But you might wonder why? well if that’s what you’re wondering, then you might want to take a look at a recent incident – How Twitter was hacked because its employees were tricked into giving out details. Hackers used a non-technical skill for negotiation during twitter breach, which we call it as “Social engineering”.
In the context of information security, social engineering is a type of attack when a person is psychologically led into performing actions that are beneficial for the hacker. In other words, the hacker will psychologically manipulate through words and other means of communication to get sensitive information from you.
Although twitter has not revealed the details of the attack, it was revealed that some of its employees were tricked into giving the necessary, critical and sensitive information.
If you think that something like this won’t happen with your employees, then you who’re reading this article right now – You’re being delusional. That’s because a hacker can easily mimic any of your client or a person from your organization itself to trick you into giving sensitive information, because you’re online and are connecting with each other via video conferencing, the hacker will make it harder for you and your employees to identify him/her i.e the hacker.
It is possible for the hacker to find vulnerability into the video conferencing application you’re using and then mimic someone to trick you like it happened with many who were using Zoom Video Conferencing application for work from home. If you want you can read about that incident here – Zoom has new flaw that let hackers spy on you without being noticed.
Hence this kinds of social engineering based attack make large scale remote working environment or work from home quite dangerous during the covid-19 pandemic period. Also many studies have shown that employees tend to let their guard down when they’re not in office environment. Hence using social engineering during this pandemic to hack a large scale organization like Twitter was much easier as the employees were in relaxed atmosphere.
As a result such simple non-technical skill can become lethal for any organization because the employees tends to let their guard down during the work from home environment. Hence, in other words the awareness for cyber security in every organization around the globe has became extremely important and critical at the same time.
Also during this time, IT organizations are dependent on their cyber security experts to defend their network and the data before the pandemic period, hence they will now have to make sure that each and every single employee in the organization knows how to keep their respective business or work data safe from inappropriate access from no matter where they are working from.
The need for even more secure access control
During this pandemic we also need to secure the access control platform even more because when the need to arrange mass remote working infrastructure arises, we have also seen one huge consequence of this. And that is managing the user access credentials and other assets on cloud platforms was nearly impossible outside of a protected office network environment, and certainly to counter this situation, the organization needs to use “Principle of Least privilege”.
What is Principle of least privilege?
Usually when a new employee joins any particular organization he/she is given a new ID and Password to access all the necessary assets on the network that are required for that position. However, POLP or Principle of Least Privilege is exact opposite of that, first you start by “Zero Access” by default, then you increase the level of access according to the need. Thus maintaining the overall integrity of remote working infrastructure.
However, just using POLP is not enough because, it is just a countermeasure against any kind of hacking attempt, unless we secure the core i.e access control platform even more the POLP method will only act as a method of slowing down the attempt instead of completely blocking or avoiding it.
We are winning over the bad times, but just like we’re changing our habits to increase our immunity, we need to vouch for new Robust Cyber Security Policies with increased priorities based on the tough things that we faced in Covid-19.
One of the thing that we like to point out at the end is – Our organization Krytech Web Security Solutions Pvt.Ltd, is working on the motto of design, develop and secure. This means that we are constantly striving to provide integrated solution based services to our dearest customers and this motto defines the message itself that we’re trying to convey to you readers through this article.