Opportunism is the bread and butter of cyber-attackers; if there is a known route into a network, it will be exploited. Would-be malicious actors riff on the zeitgeist, exploiting predominant hopes, fears or uncertainties to breach defences. And there’s been no shortage of fear and uncertainty lately. The coronavirus pandemic and lockdown have seen hackers attempt to exploit vulnerabilities at a time of accelerated change, underscoring the necessity of deploying state-of-the-art artificial intelligence to thwart the cyber-thieves.
COVID-19 phishing spike
Britain’s National Cyber Security Centre (NCSC) says 160,000 emails were flagged to its Suspicious Email Reporting Service in two weeks, leading to websites fraudulently purporting to sell COVID-19 testing kits being removed. What’s topical will always be the focus of attacks, says Mark Loveless, security researcher at GitLab: “If there’s a big sporting event coming up, attackers will use those and it’s the same with COVID-19: whatever is happening, people use that. This is just one more thing that’s going to be used,” he says. Cyber security experts at Darktrace even noted a “heartfelt plea” from the supposed chief executive of a company to donate to a COVID-19 charity, in an internal round-robin that was actually a clever scam.
Psychology of remote work
It’s with good reason that organisations undergoing transformation initiatives also introduce change management programmes. Upending the way people work can take its toll psychologically, let alone during an unprecedented crisis. GitLab’s Loveless says that in an office setting, colleagues typically check in with each other if something looks off, but while remote working, we are alone. What’s more, we feel safe at home and may therefore be less disciplined or vigilant.
The necessity of opening virtual meeting rooms has also opened the doors to major security flaws. In South Africa, a parliamentary meeting conducted via Zoom was swamped with pornographic images. In Britain, the NCSC warned tools like Zoom should not be used for any confidential business, as they could be vulnerable to state espionage. The Ministry of Defence banned the tool outright, pending investigation, but that didn’t stop its use across government. The issue extends from virtual meetings in government to perimeter breaches in research and development, with the NCSC warning hostile states may be exploiting the pandemonium to steal COVID-19 research from universities.
Racing to accommodate remote working has meant grappling with infrastructure that may have been alien to organisations and accelerating plans to shift more operations to the cloud. Companies not yet familiar with these systems may be open to mistakes, with steep learning curves leading to poorly configured systems or storage buckets left wide open. After all, it wasn’t exceptional code that was responsible for the devastating Mirai DDoS (distributed denial of service) attacks in 2016, but default usernames and passwords openly accessible online if you knew where to look.
Insider threats and shadow IT
“You can knock devices off, you can close people’s accounts, you can log internal stuff,” says Richard Brinson, director of cybersecurity consultancy Savanti, “but do most companies have a leaving process that’s efficient enough to go and cancel everybody’s SaaS [software-as-a-service] subscription?” Unfortunately, many businesses are downsizing as a result of the crisis, which could leave dumped employees feeling irate and possibly taking action into their own hands. “All the different accounts people use these days and shadow IT are a problem for all companies,” Brinson adds. “It’s heightened at the moment when you can’t get laptops back from people.”
Normally when staff join an organisation there is the expectation of some sort of onboarding process. But this is a tricky prospect when people are not able to meet. While job vacancies are at a low, even compared to the 2008 financial crash and its aftermath, life goes on and businesses are still hiring. “As people come into your organisation and start working remotely you need to ensure you can provide the training you’d normally be providing, completely remotely now,” says Red Hat’s chief security architect Mike Bursell. This remains possible, but the extenuating factors of lockdown and remote working mean rethinking processes, especially logistically, arranging company devices and managing software licences at a distance.