A Whole New World: Cybersecurity in the Time of COVID-19
The global coronavirus pandemic has emboldened malicious, opportunistic criminals to step up and increase their attacks on individuals, companies, institutions and governments. Corporate IT teams are on hyperdrive to protect their networks. From a compliance and risk perspective, there are a few key considerations to help businesses stay safe. Here’s what you need to know.
1 May 2020
In the last few weeks, “non-essential” businesses and employees have had to quickly shift to a nearly 100 percent remote workforce. There are countless stories and anecdotes of adjustments occurring on professional and personal levels. As home and remote networks are jammed with work-from-home, remote-learning, panic-buying, virtual happy hour and fitness users, perhaps another important adjustment to make is ensuring technology platform and service providers are armed with the highest level of security features available.
COVID-19: A gift to hackers and cybercriminals
The battle against a worldwide pandemic doesn’t seem to diminish the crimes perpetrated by cybercriminals, who appear to have ramped up their efforts as the rapid rise of remote working – which has forced many to become more dependent on the internet – has created more opportunities for phishing emails, malware, malicious domains and even spam messages touting COVID-19 prevention and treatments. Cybersecurity experts warn that financial, healthcare businesses, federal and state agencies that deal with sensitive data could be more vulnerable to spoofing and phishing attacks from malicious elements.
Here are some notable incidents/types of attacks that are being reported in the news:
• Hijacking (“bombing”) online conferencing tools: Chances are you are using a remote video conferencing tool, possibly one that has recently zoomed to the top of the most downloaded apps list. Hopefully, you have not fallen victim to the “bombing” phenomenon, wherein intruders will hijack a virtual meeting and say or post inappropriate content. While this is unsettling on many levels, the possibility that hijackers also intercept confidential or sensitive information for financial crime or fraud is real. Videos of these bombing incidents have been shared on YouTube and other social media, which means sensitive information from meetings has been memorialized and shared as well. The conferencing service has since instituted passwords for meetings, software updates and limiting some video functionality for academic users.
• Phishing emails and websites: Sorting through the news about the disease is already a stressful task for everyone – add to that avoiding the phishing emails and untruthful websites that further prey on our vulnerabilities. For example, there are fake portals from WHO (World Health Organization) and the CDC (Centers for Disease Prevention) and bogus emails from the U.S. SBA (Small Business Administration) inviting applications for federal disaster assistance. Preying on the kind-hearted is not beneath these criminals: there are even fake donation sites. That popular video conferencing service has also been victim to malicious domain registrations: around 20 percent of new domains registered between March 23 and 30 were fake, possibly set up to intercept and steal sensitive, personal information. Recent data suggests that phishing websites have increased by 350 percent amid efforts to quarantine and social distance in the wake of COVID-19. During March, there were over 300,000 suspicious coronavirus-themed websites detected.
• DDoS (distributed-denial-of-service) attacks: Pre-COVID-19, the numbers were already disturbing: 8.4 million DDoS attacks in 2019, and 16 DDoS attempts every minute. DDoS attacks disrupt online services by overloading them with botnet traffic; the attackers then extort the service provider. The current environment is ripe for this activity, as many critical and essential service providers could be forced to quickly give in to extortion demands. Medical providers aren’t exempt from DDoS attacks: a hospital in the Czech Republic, which was one of the country’s biggest COVID-19 testing facilities, had to shut down their IT network, delay urgent surgeries and reroute patients to other hospitals because of a cyberattack.
Cybersecurity considerations Now that more of the world is working from home than ever, remote employees need to ramp their digital vigilance and cybersecurity savvy. The common security themes that are emerging from news coverage include:
• Virtual private networks (VPNs): A requirement in many cases for remote workers, VPNs allow employees to connect securely to their work network over the public internet. The increase in VPN usage was substantial in countries where some form of lockdown was already in place during March 15 to 22 (versus the previous week): in the U.S. the increase was more than 70 percent. In Italy, it was close to 50 percent. Globally the average was a 21 percent increase in the past few weeks. Corporate VPNs are certainly challenged with the volume of traffic, and the Cybersecurity and Infrastructure Agency of the Department of Homeland Security (CISA) has been pressing companies to patch systems, watch out for unusual activity and ensure firewalls are in place.
• Data encryption-in-transit and at-rest: Sensitive information is crossing networks, firewalls and geographies more frequently than ever. Some of this information can be materially non-public (MNPI) or personally identifiable (PII) and thereby highly useful for fraudulent activity. This information must be encrypted in-transit (i.e. as it moves through networks as past firewalls) and at-rest (on the device that stores/receives the information).
• Backups/archiving: We’ve likely (or at least know someone who has) been victim to losing important files stored locally on our devices – be it work files, personal information, or even photos. Backing up files is part of a holistic data security practice and can be your lifeline in the instance that coronavirus-inspired attackers take your files hostage or corrupt your device. Relying on a secure, cloud-based storage/backup/archiving service (thoroughly vetted by your corporate IT) is perhaps the easiest and most practical method available.
• Compliance reporting: A significant workforce working from home means extremely heightened regulatory and operational risk. Compliance teams need to step up their game with tools and procedures to monitor, track, audit and report on employee activity, as well as access to and use of sensitive information. They also should keep a keen eye on file sharing and the increased use of collaboration tools to mitigate malicious data use and intercept other operational risks.
As we continue to “shelter-in-place” to avoid being infected (or infecting others) with COVID-19, we need to make sure to shield against cybercrime and malicious attacks which continues to spread much like the disease itself. The precautions we need to take are a combination of commercially available tools and our vigilance: i.e. use corporate VPNs, evaluate security features provided by vendors (DDoS, sophisticated encryption, compliance reporting and risk controls), all combined with the careful judgment of email senders, email subject lines and website addresses.
The sad truth is, while coronavirus will be contained (or at least become more manageable), cybercrime and malicious opportunists will continue to proliferate. All we can do is keep our defenses up, systems up-to-date, and a continuous, critical eye on our technology platforms and vendors.
Intralinks virtual data rooms (VDRs) and secure document sharing solutions feature the processes, controls, and reporting required to safeguard sensitive data and reduce operational and regulatory risk. Contact us to learn how our platform supports remote, disparate working, including sharing sensitive information and large volumes of documentation across a broad range of business scenarios and industries.
Patricia is director of product marketing for banking and securities at Intralinks, responsible for content and go-to-market strategy for the debt capital markets business. Prior to joining Intralinks in 2019, Patricia held senior product marketing and communications roles at global financial services firms including Envestnet, IHS Markit, and Morgan Stanley.