Managing Cyber Risk in a COVID-19 Environment

Home » Insights » Managing Cyber Risk in a COVID-19 Environment

COVID-19 has shifted the way we work. The percentage of employees teleworking now ranges from 80 – 100% in many organizations. Technology teams have worked hard to ensure they have the capability and capacity in place to enable employee access to company digital resources. Employees are stressed as they try to adjust to this new normal that’s upended their work and family life. Emotions are frayed all around.

Unfortunately, bad actors feed on the chaos, anxieties, and fears that run rapid during a crisis and COVID-19 is no exception. They are actively taking advantage of this situation with phishing campaigns, targeted ransomware attacks, and malicious web content and apps. Additionally, bad actors are exploiting our shifting technology usage such as remote access and conferencing (audio, web, and video). The threats are real.

Successful management of cyber risk during this crisis requires a focus on the changing threat landscape. A simple approach to take includes assessing threats, vulnerabilities exploited to compromise your environment, and the mitigation steps that should be taken to reduce risk. In essence, this is an abbreviated threat management exercise. The table below outlines the threats surfacing during this period and options for mitigation.

COVID-19 Threats

Threat Vulnerability Threat Mitigation Considerations
Phishing Attacks
  • Employee behavior
  • Weaknesses in email
  • Employee behavior
    • Perform an employee awareness campaign
      focusing on phishing attacks: scams, brand
      impersonations, business email compromise.
      Example COVID-19 phishing campaigns
    • Stimulus checks
    • Hospitals stating the recipient has the virus
    • U.S. SBA to Small Businesses promising
      disaster assistance grants and testing
      center vouchers
  • Weaknesses in email
    • Ensure email filtering is effectively addressing
    • Ensure email services are configured to combat
      phishing – SPF, DKIM, and DMARC
Remote Access Infrastructure
  • Technology weaknesses
  • Secure configuration
  • Technology weaknesses
    • Patch remote access technologies (Virtual Private Network (VPN), Virtual Desktop Infrastructure (VDI))
    • Patch all services using Remote Desktop Protocol (RDP). If possible, disable internet access to services
    • Consider multi-factor authentication for remote access
    • Perform remote access infrastructure vulnerability scanning and penetration testing
  • Secure configuration
    • Review remote access technology configuration to ensure proper authentication, encrypted communication, and appropriate logging and auditing
    • Review access to services and restrict using least privilege principle
Ransomware Attacks
  • Weaknesses in email
  • Technology weaknesses
  • Employee behavior
Ransomware uses phishing and RDP attacks to achieve its goal. Mitigating risks associated with phishing and RDP attacks go a long way towards mitigating ransomware. A rise in Ryuk ransomware has been experienced during this COVID-19 period. Refer to our guidance on ransomware mitigation.
Teleworker Attacks
  • Endpoint weaknesses
  • Network weaknesses
  • Endpoint weaknesses
    • Maintain up-to-date software and install patches
    • Use VPN software when accessing the internet
    • Restrict sharing services on endpoint
  • Network weaknesses
    • Ensure network device software is up-to-date (Wi-Fi, internet router firmware)
    • Verify secure wi-fi configuration – WPA2 or WPA3 protocol enabled and device authentication required
Collaboration Tools Attacks
  • Employee behavior
  • Technology weaknesses
  • Employee behavior when using video conferencing
    • Disable features that are not required (e.g., file sharing and chat)
    • Do not reuse access codes
    • Continually monitor dashboard to identify participants
    • Do not record meetings unless absolutely necessary
    • Meeting recordings must be encrypted. Remove recording from platform immediately after the meeting
    • Be aware when sharing sensitive information
  • Technology weaknesse
    • Keep conferencing software up-to-date

The common themes for threat mitigation include addressing employee behavior and resolving technology weaknesses. These areas most likely present the highest risk and should be prioritized. Additionally, Ryuk ransomware attacks continue to increase so don’t overlook the steps needed to address this.

You must remain vigilant during this period as bad actors will continue to adjust their tactics. RiskIQ provides a great daily update of COVID-19 threats. RecordedFuture provides in depth information regarding threats. Assign someone within the organization to review daily updates and, where appropriate, recommend measures to reduce risk.

We need to support each other during this challenging period. We are all in this together and together we will prevail. Stay well!