Posted by Tyler Chancey, GCFA on

Tyler Chancey is a seasoned cybersecurity professional currently serving as the Director of Cyber Security at Scarlett Cybersecurity Services, With a solid foundation in Computer Software Engineering from the University of Florida, Tyler holds a repertoire of certifications that underscore his expertise. These include the prestigious Microsoft 365 Certified: Enterprise Administrator Expert and Microsoft 365 Certified: Security Administrator Associate, showcasing his mastery in Microsoft's enterprise solutions. Tyler's commitment to comprehensive security is further evidenced by his CompTIA Security+ certification, demonstrating proficiency in core cybersecurity principles. Additionally, his GIAC Certified Forensic Analyst (GCFA) credential attests to his advanced skills in forensic analysis—an invaluable asset in today's complex cybersecurity landscape. Tyler's dedication to staying at the forefront of industry standards is evident in the active pursuit and maintenance of these certifications, making him a trusted authority in the field.

HackerBlogImage

Welcome to our “Threat Analysis” series of blogs! These posts usually cover a specific industry and the threats targeting them. The goal with this series is to raise awareness about cybercriminal threats, one post at a time. We will explain the threat and provide a pathway to remediating the vulnerabilities exploited by the threat. Generally, these articles are geared towards organizational leadership and we try to provide a non-technical overview of the dangers lurking in the world of cybercrime.

Cybersecurity in an Uncertain World

Envision red skies, black smoke suffocating the atmosphere, and a raging inferno that seems to have consumed the land itself. Wildfires are a nearly unstoppable force of nature for the areas that are unprepared. Disasters such as these can ruin everything people have worked to build. As we have seen with the recent Coronavirus pandemic, being unprepared can lead to catastrophic and tragic end results. Obviously, a wildfire allowed to burn untended or a disease running rampant would be devastating for the community. The key to preventing catastrophic damage from terrifying situations such as these is proper preparation and response.

COVID-19, Malware, and You

What do wildfires, pandemics, and cybersecurity have in common? In all these subjects, preparation and rapid response prevents total catastrophe. Preparation is the primary counter to the near-certain disasters that will occur at some point throughout the years. In-depth planning, policy adherence, and some good old-fashioned standard operating procedures can help mitigate disaster. Couple a prepared team with a quick response plan and we have the makings of an effective disaster deterrent. But what if the disaster is unprecedented? What if it were something that we couldn’t have planned for? This is where we get into the core topic of this article. We are going to broadly cover some thoughts and cybersecurity implications for the current threat on everyone’s mind – COVID-19.

Smoke on the Horizon

COVID-19 has radically changed the way people work in the United States. We are all living in a revolutionary period where remote operations have taken priority over physical office visits. There are several advantages to this setup for both worker health and productivity; but there is a secret threat looming. Cybercrime has displayed a sharp increase during the months of remote operations following COVID-19. Many organizations were not prepared for the sudden shift to remote operations and were forced to utilize solutions that are significantly less secure than their on-premise solutions.

While remote operations were already partially implemented by many, a completely remote workforce is a daunting proposition for those who are not accustomed to the challenges of remote work. Cybersecurity threats have skyrocketed in the past few months due to COVID-19-related working habit changes. It is up to the organizational leadership and IT to adjust their procedures accordingly and help prevent the new risks that crop-up from a changing workforce.

Remote Work Security

Cybercrime works much like COVID-19 – it targets everyone but a select few are particularly vulnerable. Cybercriminals rely on a business to be unprepared for an attack. The malware they utilize often searches for unpatched devices on the network with easily exploited services. Ransomware in particular generally exhibits nasty worm-like behavior and spreads to the most vulnerable devices before striking the critical blow. It takes careful preparation to prevent a remote network architecture from unnecessary exposure.

The biggest tip we can give our newly remote clients and readers is to follow proper VPN configuration and RDP best practices in this increasingly remote environment. Attackers love access, and it is really convenient for them when they find an exposed RDP service vulnerable to brute force attacks. In fact, we have directly observed a marked increase in brute force and account takeover attacks here at Scarlett Cybersecurity that correlates with the coronavirus hysteria. Keep your employees and organization safe by taking an objective look at your defenses and preparing for the worst. We would recommend utilizing experienced auditors to evaluate your organization’s posture to ensure that you reduce risk wherever possible.

Halting the Spread

Unfortunately, disasters happen. When the worst-case scenario is reality, you need to be prepared. We have previously covered the importance of thorough Incident Response procedures for the breaches that will occur. The remote workforce has only made incident response more difficult. Ransomware can still spread to your network via RDP, VPN, cloud services, and many more vectors – now it’s just harder to unplug the cord. Disaster Recovery as a Service is just one of the newer cloud technologies that can help immediately recover from a successful attack in a cloud environment, but these types of tools are nearly useless without tested procedures.

During the all-important preparation phase, don’t forget to include procedures for your team to follow. When the disaster happens, you want everyone to be ready. Firefighters jump right into action to slow the spread of wildfires – your team can’t afford to be any different. If you can’t find or afford experienced incident response personnel, look into hiring a 3rd party incident response firm to keep a resource on retainer. Creating these initial contact points can save precious hours during an actual cybersecurity incident.

Protect your Organization – Prepare for the Worst

Malware, pandemics, and wildfires all need “fuel” to spread. Pandemics spread through the population. Wildfires spread through the bush and forests. Malware spreads through an unsecured network. We need to be prepared for the very real threats that exist out there. We already wear masks in public to reduce the chances of getting ourselves and others sick. Take the same precautions for cybersecurity – it’s all a numbers game and the odds are naturally not in our favor. Reduce the chances of a catastrophe by following proper planning techniques and responding quickly when something goes wrong. Look into new technologies such as DRaaS. Get a third-party cybersecurity audit. Hire an Incident Response company on retainer. The world can be a scary place, but the good guys are not defenseless. Wearing masks, creating fire gaps, and hardening remote network security all help facilitate a better, stress-free world.

Share this
Tags
Disaster Recovery
Incident Response
Threat Analysis
Cybersecurity
Coronavirus

Related Articles

Learn the Three Rules of HIPAA: Essential Guidelines for Security and Privacy

Learn more

Cyberattacks in the Healthcare Sector: Threats, Impact, & Mitigation

Learn more

Nation State Cyber Attack on Local Government

Learn more