Operations: Many companies had no choice but to ask their staff to work from home. Some already had some staff travelling or working from home and could just extend the policies, procedures, and training for secure telecommuting to a wider population. Others were completely unprepared and just asked their staff to work from home devices to access company systems and data, simply because they did not have any plan. Either way, on a global basis, the overall attack surface available to hackers and criminals just increased exponentially, nearly overnight overnight.
Technology: As companies started to realize the risk was real and started addressing it with technical solutions, policies, and training for secure WFH, the bad guys were already at work spreading malware, phishing and attacks on extended networks, data storage, and remote access to systems.
Data: Organizations are urged to investigate data usage – specifically, which applications and what data should be made available and to whom? Is there a data classification and associated systems access policy, ideally including multi-factor requirements? Is the organization offering clear guidance on how to manage the crossover between private and personal life on private and corporate devices?
Legal: Legal and compliance challenges have not stopped because of the pandemic. In fact, data privacy regulations like GDPR and other international mandates and standards are gaining traction. The pandemic is no reason not to protect data, especially when the attack surface and threat levels keep increasing. Increasing.
A report released Tuesday details how a Middle East-based advanced persistent threat (APT) adversary is targeting Android users with new, stealthy spyware variants, particularly in the Palestinian territories.