The COVID-19 pandemic has created many security challenges that will persist long after the crisis ends. As time passes, it appears that work-from-home will become more permanent. Couple that with rushed digital transformation projects and inflamed security vulnerabilities that if not addressed quickly will lead to serious security and compliance problems. As we look to 2021, here are some challenges security teams must address:
- Prepare for health data breaches. The pandemic has caused an explosion of electronic health data – often collected and managed by organizations that have never had to before. This data includes everything from track-and-trace to temperature checks, test results and barcodes showing immunity. Some companies now ask employees to provide health data for themselves and their family members. This raises some important security questions: What happens to all this data once the pandemic passes and it’s no longer needed? Will companies destroy the data? Or will it sit in a database somewhere on the cloud just waiting for the hackers? Companies need to make sure they have the proper people, processes and technology in place to protect their data.
- Stay vigilant for social engineering attacks and insider threats. In our daily cyber reconnaissance work, we’ve seen an increase in overall attacks related to COVID-19. These attacks will only rise, especially when it comes to social engineering attacks and insider threats. For example, a social engineering attack could escalate when an individual who claims they know someone has tested positive for the virus and then gives that person instructions, which could include revealing personal sensitive data. In addition, insider threats – doctors, nurses or other medical professionals who have access to extremely valuable items like COVID-19 therapies or a vaccine – could turn to the underground markets or the dark web to sell them. During the recent hydroxychloroquine craze, we saw the drug for sale on the dark web for $43 per pill! Companies must stay especially vigilant for any type of suspicious activities targeting employees and keep in close communication with employees about these types of potential threats, including what procedures they should follow if they find themselves in these types of situations.
- Re-evaluate security education. Many corporations are not requiring employees to come into the office until 2021. Thus, the workforce will stay dispersed and continue to access sensitive corporate data remotely from their homes, often on personal devices. This opens a glaring need to evolve cyber-education programs so they adopt the same characteristics of other formal e-learning programs. It’s not enough to simply send informational emails and newsletters – companies need to develop virtual security training modules that include tests to ensure the employees consume and understand the information.
- Understand how the underground markets work. Our team has seen an increase in extortion attempts against enterprises that extends beyond just ransomware operations. Given the onslaught of phishing campaigns around COVID-19 and the typical dwell time of a successful attack, threat actors and ransomware operators have likely been exfiltrating a large amount of data that we will not hear about until the fall. Attackers are now executing ransomware while simultaneously threatening a public data dump, a one-two punch that calls for increased vigilance. It’s important for organizations to have their finger on the pulse of the underground markets related to network access. The initial perpetrator of a successful network or systems penetration often sells that access to the ransomware operators. Our team has averted ransomware attacks in this way, by alerting the enterprise that their network has been penetrated and has been monetized between threat actor groups.
- Get the staff involved. Security teams can’t rely on technology alone as the solution to cybersecurity challenges. Humans remain the greatest vulnerability in enterprises and are also uniquely qualified to take on the critical reconnaissance and early-warning intelligence to prevent breaches. For example, most companies find out about their own data breaches from customers or third parties. Doesn’t it make more sense to have employees find out when a company’s data gets sold at the earliest moment possible, so the company can mitigate that breach before customers start calling to complain?
Companies must strike the right balance between tools and humans to manage digital risk in the new world resulting from the COVID-19 pandemic. Technology innovations like AI and big data will improve the technical side of the equation, but to effectively manage risk in the future, companies will need to tightly integrate the technology tools with human intelligence and judgment.
Kurtis Minder, co-founder and CEO, GroupSense