Cloud siem icon white

Automate your SOC with Cloud SIEM Get started

Get started
Back to blog results

April 9, 2020 By Sridhar Karnam

COVID-19 Guide for Security Professionals

What a world! In February, everyone was busy minding their own business, but since March, the entire globe suddenly focused on the same challenge. The COVID-19 pandemic has taken our businesses and private lives by storm.

The outbreak surprised everyone - a surprise hardly any business was prepared for. It brought country-wide lockdowns for quarantine, office closures and enforced teleworking, which are now commonplace. Unfortunately, these phenomena are posing new and significant security risks for your business.

In this article we outline three points you have to be aware of in order to lead your business securely throughout these challenging times:

  • How the new COVID-19 reality affects organizational security landscape
  • The most common threats in the new COVID-19 reality
  • What you can do to better secure your organization

The new COVID-19 reality and its effects on organizational security landscape

It’s uncertain how the current situation will further unfold. The general outlook for the future isn’t very optimistic for business continuity. According to McKinsey, three different economic scenarios are possible: a quick recovery, a global slowdown, or a pandemic-driven recession. In any case, security budgets will be affected.

Remote work suddenly became commonplace

Home working and social distancing very quickly became our new reality. While some employees may welcome this change as long awaited, it actually opened the door to more attacks and security challenges. While working remotely isn’t a new phenomenon, working remotely on such a large scale certainly is. Few companies have explored mass home working and now they are forced to do so, the attack surface has expanded dramatically. Organizations are swinging from having 10% of their workforce working remotely to 100% now using new IP addresses. This means that our security haystack has suddenly exploded.

The expanding attack surface

Social distancing may have been designed to stop one virus from spreading, but at the same time it dramatically expanded the attack surface, bringing many and new cybersecurity risks. Your organization may currently be experiencing the following:

  • Increase in endpoints: while remote workers are becoming commonplace, organizations are now noting a massive increase in distributed endpoints as staff work from home.
  • Implementing changes on the fly: new technologies that are being implemented to enable remote work are often installed without enough testing or security configurations. Adjusting to the new reality requires us to react as quickly as possible and attackers know very well how to use that haste for their own benefit.
  • Putting organizational assets online: what was previously used solely within internal networks is now being exposed to the Internet. Shifting to unmonitored home networks from secure enterprise networks has enormous security consequences and creates an attractive and easy target for cybercriminals.

The common threats in the new COVID-19 reality

On the other hand, it is certain that attackers will be taking full advantage of the new situation and acting even faster than we do and more creatively than we can imagine. The expanded attack surface made organizations more vulnerable, making them a particularly attractive bait for cybercriminals in these challenging times.

This situation is so serious, that just a few days ago the FBI has warned of a significant spike in COVID-19 related scams in California, New York and Washington - the three U.S. states that have been hit the hardest by the COVID-19 outbreak.

What is worse, is the fact that these scammers are often capitalizing on the fears of what sent us home in the first place, making us all a particularly attractive bait. We should all stay vigilant and be aware of these two particular threats:

  • Phishing attacks

These would usually be emails or text messages asking you to sign in or provide your personal data. This is something that attackers have already taken advantage of extensively. Scammers even had the gut to send messages from the World Health Organizations (it has already issued a warning about such activities), others stayed more pragmatic and resorted to pretend they’re your HR department. You can take a look at some concrete scam examples here, here and here.

  • Malware

The current pandemic is often used as a thematic lure to get people to click on links that install malware on mobile and other devices. Scammers have even created a “live map” with updates on coronavirus statistics which they covertly use to spread malware. Using events which grab the attention of the wider public is not new, however, scammers would usually use them to spread misinformation rather than benefit from them in such a direct and malicious way. Nonetheless, we can expect further growth in domains spreading drive-by malware.

  • Exploits of remote access tools

In addition to phishing attacks and serving up malware, we are also observing numerous attempts to exploit Virtual Private Networks (VPNs) and other tools we now rely on while working remotely.

  • Account compromise

At the time of crisis, we are also observing cybercriminals exploiting the situation by compromising business email accounts. According to Techcrunch, hijackers may use these accounts to extort money. One case involved asking the company’s customers to send money to a different bank account than usual, “because of the coronavirus.” Obviously, it was a mule account.

What can you do to better secure your organization?

Staying vigilant is now more important than ever. You have a difficult task of discerning the good guys - your new employees and their temporary digs and behaviors - from the bad guys. Your entire focus right now should be on data protection. Make sure you implement the following immediately:

  • Educate your employees

Keeping your employees informed and educating them on the current risks will be your best shield during those challenging times. Luckily, good information isn’t in short supply, unlike toilet paper. Showing your employees some of the phishing examples I’ve mentioned earlier will increase their awareness and will help keep them more vigilant in these stressful moments. Instruct them to double check the authenticity of emails and messages oriented at extracting data, especially when they call for urgency.

  • Apply data protection policies to all endpoints

When working with a large number of distributed endpoints, ensure your data protection policies are applied to these endpoints - this is the only way to ensure that these policies are in place when your employees work from home. Applying them directly to the devices will keep those rules active where they have to be. This is a great solution if you have no time to configure a VPN and your employees use their home internet connection for work tasks.

  • Encrypt your data

This is the best thing you can do to secure your assets while people continue to work remotely. It also protects against access from malicious actors, who may get hold of devices that were stolen or forgotten somewhere while outside the office. If your devices come with native encryption tools, instruct your employees and ask them to use them.

  • Ensure Wi-Fi security

Begin deploying a VPN. It will provide a Wi-Fi security shield for your entire workforce. Ensure the firewall is properly configured as well. Finally, make sure that your core IT team is able to detect threats and has visibility across the distributed workforce so that it can react to threats as quickly as possible. Sumo Logic can provide vital support with regards to threat detection and visibility.

Key takeaways:

  • In the new COVID-19 reality, homeworking has become a mass phenomenon, expanding the attack surface and making organizations more vulnerable.
  • Key threats are: phishing attacks, malware distributed through addressing our fears over coronavirus and exploits of remote access tools.
  • To ensure your organization is secure, protect your data by educating and informing your employees on the current risks, apply data protection policies to all endpoints and encrypt your data.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Sumo Logic Continuous Intelligence Platform™

Build, run, and secure modern applications and cloud infrastructures.

Start free trial
Sridhar Karnam

Sridhar Karnam

Senior Director of Product Marketing

Sridhar Karnam leads the security product marketing for Sumo Logic. Sri has a decade of experience with SIEM, Security Analytics, Cloud Security, and IT Operations. He has led product management & marketing for SIEM solutions at ArcSight, Arctic Wolf, and at Oracle. He has written hundreds of blogs on SIEM, and has also spoken at many security and IT events.

More posts by Sridhar Karnam.

People who read this also enjoyed