COVID-19 has shifted the way we work. The percentage of employees teleworking now ranges from 80 – 100% in many organizations. Technology teams have worked hard to ensure they have the capability and capacity in place to enable employee access to company digital resources. Employees are stressed as they try to adjust to this new normal that’s upended their work and family life. Emotions are frayed all around.
Unfortunately, bad actors feed on the chaos, anxieties, and fears that run rapid during a crisis and COVID-19 is no exception. They are actively taking advantage of this situation with phishing campaigns, targeted ransomware attacks, and malicious web content and apps. Additionally, bad actors are exploiting our shifting technology usage such as remote access and conferencing (audio, web, and video). The threats are real.
Successful management of cyber risk during this crisis requires a focus on the changing threat landscape. A simple approach to take includes assessing threats, vulnerabilities exploited to compromise your environment, and the mitigation steps that should be taken to reduce risk. In essence, this is an abbreviated threat management exercise. The table below outlines the threats surfacing during this period and options for mitigation.
|Threat||Vulnerability||Threat Mitigation Considerations|
|Remote Access Infrastructure||
||Ransomware uses phishing and RDP attacks to achieve its goal. Mitigating risks associated with phishing and RDP attacks go a long way towards mitigating ransomware. A rise in Ryuk ransomware has been experienced during this COVID-19 period. Refer to our guidance on ransomware mitigation.|
|Collaboration Tools Attacks||
The common themes for threat mitigation include addressing employee behavior and resolving technology weaknesses. These areas most likely present the highest risk and should be prioritized. Additionally, Ryuk ransomware attacks continue to increase so don’t overlook the steps needed to address this.
You must remain vigilant during this period as bad actors will continue to adjust their tactics. RiskIQ provides a great daily update of COVID-19 threats. RecordedFuture provides in depth information regarding threats. Assign someone within the organization to review daily updates and, where appropriate, recommend measures to reduce risk.
We need to support each other during this challenging period. We are all in this together and together we will prevail. Stay well!
- CISA COVID-19 Guidance
- CISA Defending Against COVID-19 Cyber Scams
- Phishing Education: Google Jigsaw (highly recommended) National Cyber Security Center