Welcome to our “Threat Analysis” series of blogs! These posts usually cover a specific industry and the threats targeting them. The goal with this series is to raise awareness about cybercriminal threats, one post at a time. We will explain the threat and provide a pathway to remediating the vulnerabilities exploited by the threat. Generally, these articles are geared towards organizational leadership and we try to provide a non-technical overview of the dangers lurking in the world of cybercrime.
Cybersecurity in an Uncertain World
Envision red skies, black smoke suffocating the atmosphere, and a raging inferno that seems to have consumed the land itself. Wildfires are a nearly unstoppable force of nature for the areas that are unprepared. Disasters such as these can ruin everything people have worked to build. As we have seen with the recent Coronavirus pandemic, being unprepared can lead to catastrophic and tragic end results. Obviously, a wildfire allowed to burn untended or a disease running rampant would be devastating for the community. The key to preventing catastrophic damage from terrifying situations such as these is proper preparation and response.
COVID-19, Malware, and You
What do wildfires, pandemics, and cybersecurity have in common? In all these subjects, preparation and rapid response prevents total catastrophe. Preparation is the primary counter to the near-certain disasters that will occur at some point throughout the years. In-depth planning, policy adherence, and some good old-fashioned standard operating procedures can help mitigate disaster. Couple a prepared team with a quick response plan and we have the makings of an effective disaster deterrent. But what if the disaster is unprecedented? What if it were something that we couldn’t have planned for? This is where we get into the core topic of this article. We are going to broadly cover some thoughts and cybersecurity implications for the current threat on everyone’s mind – COVID-19.
Smoke on the Horizon
COVID-19 has radically changed the way people work in the United States. We are all living in a revolutionary period where remote operations have taken priority over physical office visits. There are several advantages to this setup for both worker health and productivity; but there is a secret threat looming. Cybercrime has displayed a sharp increase during the months of remote operations following COVID-19. Many organizations were not prepared for the sudden shift to remote operations and were forced to utilize solutions that are significantly less secure than their on-premise solutions.
While remote operations were already partially implemented by many, a completely remote workforce is a daunting proposition for those who are not accustomed to the challenges of remote work. Cybersecurity threats have skyrocketed in the past few months due to COVID-19-related working habit changes. It is up to the organizational leadership and IT to adjust their procedures accordingly and help prevent the new risks that crop-up from a changing workforce.
Remote Work Security
Cybercrime works much like COVID-19 – it targets everyone but a select few are particularly vulnerable. Cybercriminals rely on a business to be unprepared for an attack. The malware they utilize often searches for unpatched devices on the network with easily exploited services. Ransomware in particular generally exhibits nasty worm-like behavior and spreads to the most vulnerable devices before striking the critical blow. It takes careful preparation to prevent a remote network architecture from unnecessary exposure.
The biggest tip we can give our newly remote clients and readers is to follow proper VPN configuration and RDP best practices in this increasingly remote environment. Attackers love access, and it is really convenient for them when they find an exposed RDP service vulnerable to brute force attacks. In fact, we have directly observed a marked increase in brute force and account takeover attacks here at Scarlett Cybersecurity that correlates with the coronavirus hysteria. Keep your employees and organization safe by taking an objective look at your defenses and preparing for the worst. We would recommend utilizing experienced auditors to evaluate your organization’s posture to ensure that you reduce risk wherever possible.
Halting the Spread
Unfortunately, disasters happen. When the worst-case scenario is reality, you need to be prepared. We have previously covered the importance of thorough Incident Response procedures for the breaches that will occur. The remote workforce has only made incident response more difficult. Ransomware can still spread to your network via RDP, VPN, cloud services, and many more vectors – now it’s just harder to unplug the cord. Disaster Recovery as a Service is just one of the newer cloud technologies that can help immediately recover from a successful attack in a cloud environment, but these types of tools are nearly useless without tested procedures.
During the all-important preparation phase, don’t forget to include procedures for your team to follow. When the disaster happens, you want everyone to be ready. Firefighters jump right into action to slow the spread of wildfires – your team can’t afford to be any different. If you can’t find or afford experienced incident response personnel, look into hiring a 3rd party incident response firm to keep a resource on retainer. Creating these initial contact points can save precious hours during an actual cybersecurity incident.
Protect your Organization – Prepare for the Worst
Malware, pandemics, and wildfires all need “fuel” to spread. Pandemics spread through the population. Wildfires spread through the bush and forests. Malware spreads through an unsecured network. We need to be prepared for the very real threats that exist out there. We already wear masks in public to reduce the chances of getting ourselves and others sick. Take the same precautions for cybersecurity – it’s all a numbers game and the odds are naturally not in our favor. Reduce the chances of a catastrophe by following proper planning techniques and responding quickly when something goes wrong. Look into new technologies such as DRaaS. Get a third-party cybersecurity audit. Hire an Incident Response company on retainer. The world can be a scary place, but the good guys are not defenseless. Wearing masks, creating fire gaps, and hardening remote network security all help facilitate a better, stress-free world.