Staying Safe in Global Events: Combating Cyber Threats & Ensuring Well-being

Faced with a disconcerting situation of global impact, disseminating truthful and precise information is essential to define the control and protection measures that must be implemented for damage control. In such a situation, cybercriminals find new niches for scams. For example, in the specific case of the COVID-19 pandemic, cybercriminals presented a new way of operating. This has consisted of impersonating international health organizations, such as the World Health Organization, other healthcare organizations, and other government entities, through malicious email campaigns. These are designed to invoke fear in the hope of triggering actions that allow them to gain access to sensitive information systems.

However, this is not the only aspect related to cybersecurity that organizations should pay attention to. To actively respond to health risks associated with COVID-19, many companies have begun to migrate their regular mode of operation to an alternate one based on teleworking or working remotely through virtual offices.

A comprehensive and well-structured approach during an extraordinary event, such as the one we are experiencing, will allow organizations to address cybersecurity challenges proactively.

Table of Contents

• Recommendations for Cybersecurity Amidst Extraordinary Events
• Ransomware and COVID-19
• Phishing and COVID-19
• Identity Theft and COVID-19

Recommendations for Cybersecurity Amidst Extraordinary Events

In light of the protection measures resulting from the COVID-19 pandemic, companies have shifted their business processes towards remote access and collaboration services over the past three years. This shift has introduced new risks, making it necessary to adapt cybersecurity policies, processes, and controls to the new operating scenario.

Considering that four years have passed since the onset of the pandemic, and due to the mutating nature of COVID-19, more and more organizations need to adjust their current processes to execute most of their operations remotely. In response, the related information security controls must also be adjusted, and the corresponding cybersecurity configurations must be updated.

For example, collaborators now have massive remote access, which requires organizations to have greater processing capacity and connectivity. Additionally, they need to open or expand more interfaces to access internal services and enable data access rights through a public network. Companies should not neglect or abandon cyber risk management measures due to this particular context. Temporarily adjusting cybersecurity and network capacity management policies will enable organizations to effectively face the cyber threats posed by the new operating scenario.

As companies recommend remote work for employees, the use of mobile devices and remote access to core business systems increases. Therefore, it is essential to strengthen organizational identity access management and enhance the monitoring and correlation of events.

Ransomware and COVID-19

Cyber risks increase when doing work remotely or from home. Proactive measures can improve the user experience and cybersecurity when working under this scheme. Devices that do not have the necessary protection could lead to data loss, privacy violations, and systems that fall victim to ransomware.

To mitigate the boost that COVID-19 gave ransomware, it is recommended to:

Implement a consistent layer of multi-factor authentication or progressive authentication based on the criticality of access requests.

• Ensure that identity management processes secure all third-party identities with access to the company network.
• Have a comprehensive view of privileged identities within their IT environments, including a procedure to detect, prevent, or remove orphaned accounts.
• Refine the granularity of security monitoring and enrich monitoring in remote operation scenarios.
• Monitor the operation of cybersecurity management functions; identity which may be out of service and the delays in the security response.

Phishing and COVID-19

Crises reduce the levels of alertness and protection of end-users and lead cybercriminals to take advantage of this situation and operate under malicious schemes. Therefore, increasing awareness of the emergence of new cyber threats is recommended. During the pandemic, employees constantly receive a large amount of information about it from internal and external sources. This can cause psychological pressure, which reduces their alertness and impacts their level of response to cyber threats such as social engineering cyberattacks or phishing.

COVID-19-related phishing campaigns, in which cybercriminals impersonate, for example, reputable health organizations, have been on the rise. For this reason, organizations must remain vigilant for fraudulent messages related to this pandemic. Cybercriminals can send emails with malicious attachments or links to fraudulent websites to trick victims into disclosing sensitive information or donating to fraudulent organizations or causes. Attacks like these can spread quickly and widely throughout an entire business network, leading to identity theft and the submission of bogus payment claims and benefit programs. But the increase in psychological pressure does not only impact in this sense. This phenomenon can also cause collaborators to be more prone to making errors in handling processes or engaging in insecure behaviors, such as sharing private information or access credentials.

Therefore, it is recommended to carry out awareness actions with messages, with the following guidelines:

• Be careful when handling any email with a subject line, attachment, or hyperlink related to COVID-19, and be wary of appeals, texts, or calls from social media related to COVID-19.
• Use trusted sources like legitimate government websites for up-to-date, fact-based information about COVID-19.
• Do not reveal personal or financial information in an email, and do not respond to requests for this information.

Identity Theft and COVID-19

A greater risk of confidential or private data leakage exists due to exposure in unsecured environments, so managing remote connections is recommended. Opportunities for remote access and collaboration through non-corporate networks and devices have increased. In the current climate, employees may be tempted to use these means instead of corporate ones.

This situation could expose confidential data on non-corporate networks, social networks, and/or third-party platforms that lack appropriate protection measures. Additionally, many smart network devices with weak security features have entered homes in recent years. The numerous security weaknesses of these devices pose risks that have been warned about by different security agencies, becoming more relevant and impactful under “massive” remote operations.

These devices also create risks from unsecured standard configurations, lack of vendor maintenance or support, lack of security updates, and unknown user access possibilities.

Enterprises must identify and classify remote connection requirements, identify related risks, and quickly confirm the business security threshold allowed under this situation. At the same time, they must avoid accepting many exceptions that undermine the level of information security management and control, especially when these exceptions are due to secondary business needs.

Cybersecurity in the Cloud and Covid-19

Digital transformation allows public, private and mixed companies to develop cybersecurity systems and measures to prevent intrusion and access to critical systems. It is recommended to have a cyber recovery plan. In this sense, the current computer age is characterized by a greater technological transformation and the use of the cloud or greater network capacities show that the cyber threat panorama will continue to increase.

In this context, cybercriminals seek to attack operating systems and backup capacities simultaneously under a highly sophisticated operation scheme, which can cause significant risk for any company.

Companies can improve their cyber defense posture and cyber attack readiness with good cyber hygiene, an incident response strategy, and the design and implementation of cyber recovery solutions, which will mitigate the impact of cyber attacks. A viable cyber resiliency program expands the boundaries of traditional risk domains to include new capabilities, such as employee support services, remote communication and collaboration tools, and a recovery vault.