COVID-19 and the Perfect Security Storm

The global pandemic has resulted in a dramatic shift to home working. This has created a perfect security storm that has dramatically increased the security risk for enterprises. The best worst-case scenario is that a single device used by an employee working from home is compromised, and sensitive data on that device is stolen or locked with ransomware. Or worse, the compromised device is the beachhead for lateral movement and that data on the corporate network is stolen or locked with ransomware. And in a nightmare scenario, the attackers cripple or disable critical systems. Imagine the consequences if attackers disabled a healthcare supplier’s critical manufacturing system? If that notion seems far fetched, there have already been attacks on French hospitals.

There are three key reasons that contribute to this perfect security storm.

Few Enterprises Designed Security for 100% Remote Working
Within the space of a few days, many enterprises had to move from a situation where completely remote working was not the norm to a situation where it was the default situation. Few enterprises have transitioned fully to the concept of Zero Trust, and unlike companies such as Akamai, few enterprises have the security architecture and solutions that allow them to recreate the same security posture for remote workers they have when the workers are on-network.

Some enterprises will be using a full tunnel VPN and backhauling web traffic for inspection and control. However, typical VPN deployments aren’t easy to scale to cope with that big spike in usage, and many users will just simply disable or modify their VPN configuration to connect straight to the public internet.

Other enterprises will have a less restrictive approach and already use a split tunnel VPN. That solves the problem for performance, but the question then becomes how effective is the security on the device? If it’s a signature-based antivirus, then when was the last signature update? What happens if the endpoint AV, or for that matter the EDR, is disabled by malware? And what about unpatched home routers and password-free Wi-Fi that could be used as an attack vector?

Relying on endpoint security is never a good strategy — by the time the malware hits the endpoint, it can often be too late.

Increased Anxiety Makes Us Click More and Lowers Our Guard
How many of us feel like we are consumed by wanting to keep up to date with the latest developments about the pandemic? We are bombarded with emails, social media, and online news, and the experts say that all of this means we are likely to spend more time online seeking answers and insights. It also means we might be likely to click on a link or open an email that in more normal times we would disregard. Finally, with protracted home working and home confinement, the blurring of our social and business online activities is now harder to avoid. How many remote workers are now using their corporate device to check personal email or update their Twitter profile?

The Attackers Are Focusing on COVID-19 as a Lure
A quick Google search shows that the attackers have quickly adapted their techniques to leverage the pandemic. From targeted phishing attacks that repurpose phishing toolkits, to targeted ransomware attacks on hospitals, the world may be in chaos, but that creates a target-rich environment for attackers. This has led to Interpol, the United States Department of Homeland Security, the UK’s National Cyber Security Centre, and numerous other national security agencies to issue COVID-19 security alerts. Remember, this is just the start — as is normal, the attackers are modifying their tactics and techniques.

In addition and related to the previous point, attackers are experts in using sophisticated social engineering techniques, and with increased anxiety the barriers to being duped by social engineering have been dramatically lowered.

To find out how Akamai can help you quickly improve security for your remote workers, please visit our business continuity page.

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Jim Black. Read the original post at: