COVID-19: Responding to the cyber part of the crisis

Welcome to part four of our six-part blog series based on our recent whitepaper entitled ‘COVID-19: A biological hazard goes digital.’ If you haven’t read the first three parts of this blog series, you’ll find them in the insights tab (via our blog page) on our website here. Be sure to check them out!

In light of the changing emergent threat model we explored in parts one, two and three, in this blog we’ll be offering guidance to businesses and professionals considering the cyber element of what might be the most serious threat to global well-being since World War 2.

The world is in a state of panic right now. Ironically, the security industry has been sadly vulnerable to and shamefully guilty of exploiting such fear, uncertainty and doubt in the past. But as cybersecurity professionals, we need to consider our cyber response strategies calmly, without aggravating the situation and creating unnecessary panic.

While we find ourselves in a state of heightened threat, we’re not necessarily experiencing an increase in vulnerability. We can’t control the threat, but we can control the vulnerability, so we should focus on that. This means working smart, rather than hard – focusing our energy on considering the primary cyber concerns for our businesses and looking to address those one by one. Forming partnerships with suppliers, service providers and even competitors can help you keep a level head – they may not have all the answers, but given we’re all in the same boat, they may have balanced, rational or opposing views that can help you to make informed decisions about your own cyber strategy.

With this in mind, here’s just a few of our guidelines for approaching the cyber threats stemming from COVID-19:

• Take the time to improve: If there are elements of your infrastructure or processes that were not adequately ready to deal with cyber threats before this crisis broke, now is the time to review and improve them. Home computing resources and remote access solutions can be improved incrementally.
• Check on your suppliers: For many businesses, there is a direct correlation between suppliers’ level of security and their own. We’re directly dependent on one another to bring cybersecurity threats under control. Create open lines of communication between security and risk teams, suppliers, providers, consultants and partners. This will enable you to have productive conversations about how to respond to elevated threat levels together.
• Stay in touch with partners: Service providers like Orange Cyberdefense are doing everything in their means to remain ready and available to support clients. Our team and others have information, intelligence and resources available that can greatly assist you should the worst happen – or to reduce the likelihood that it does.

As previously argued, we want to focus our strained resources on elements of the threat that are of most concern to us. We would like to propose the following set of general priorities for businesses to consider in responding to the cyber threats arising from COVID-19.

1. Establish emergency response procedures and systems. Assume attacks will happen during this time and that successful compromises are more likely than usual. With this in mind, take some time to facilitate a planning session with key IT and security role-players to consider your response capabilities in the event of a suspected compromise or breach.
2. Establish a security support hotline. Providing users and customers with a number or address they might use to speak to someone about attacks could be a powerful tool for reducing levels of anxiety about the crisis and improving security postures.
3. Review back up and disaster recovery. Two real threats which have arguably escalated due to the pandemic are ransomware and Denial of Service. Take some time to review the state of your backups and the readiness of your data and disaster recovery processes. Think about the data being generated by home workers – if you don’t already have a suitable backup system to support remote working, then public cloud solutions like Google Cloud, Dropbox and Microsoft OneDrive may present a viable alternative.
4. Equip users with the information they need to make good decisions. Users are your first line of defense, so the better educated they are on cyber threats, the better equipped they are to help you fight incoming attacks. Exercise vigilance and share information.
5. Consider remote access. Secure and reliable remote access to the Internet and corporate systems appears to be the biggest challenge facing our customers right now. The best solution will vary dramatically from customer to customer, but there are a number of principles to follow to guide the design of any remote access architecture. Check out our whitepaper for these principles.
6. Establish visibility over remote endpoints. A shocking realization for many businesses at this time is how much their attack detection and security monitoring capabilities depend on the perimeter. With users now working remotely on a large scale, enterprises without a robust Endpoint Detection and Protection or Response capabilities may find themselves flying blind.
7. Consider malicious mobile applications. We’ve observed a five-fold increase in the number of malicious mobile applications detected between February and March this year. We can expect this trend to continue as the COVID-19 crisis stretches out. While there are various plausible options, the only practical technical solution to this challenge is to make a mobile endpoint security or AV solution available to users, or provide company-issued mobile devices with Mobile Device Management (MDM) software installed.
8. Consider patching and hardening of remote endpoints, including mobile. On the 25^th March, we published a security advisory about two critical zero-day flaws in Windows systems. Microsoft issued a security advisory regarding two critical, zero-day vulnerabilities and warned that limited, targeted attacks have been detected. The vulnerabilities are present in all supported versions of Windows and could lead to remote code execution if successfully exploited. These kind of vulnerabilities on Windows servers and desktops continue to appear and are actively being exploited. Although we don’t believe that they represent the most likely attack vector at this time, remote endpoints cannot be ignored. Failure to address them will expose your business to unnecessary risk.
9. Review your insurance. Cyber insurance is a complex topic and a matter best left to experts. However, we would recommend that businesses invest some effort in reviewing and reconsidering the appropriateness of their cyber insurance policies, as the last line of defense in any security strategy. However, it should not be considered as a replacement for other priorities and actions described in the paper.

The above is just a glimpse of all of the guidelines and priorities you can find in full in our whitepaper. Check it out for more information on how to better protect your business from cyber risk during the COVID-19 pandemic.

In part five of our six-part blog series, we’ll move on to exploring what the business landscape looks like when our current crisis is over, and employees start returning to work. There will be a few things to expect and look out for!