Cybersecurity During Inherently Insecure Times

Bad actors love uncertainty—and our current moment is the most uncertain period we’ve had in ages. You hear it on the news time and again: Scams and fraud are on the rise against the backdrop of the pandemic. Candidly, it doesn’t appear this situation will change any time soon, if ever.

One of the fastest-growing areas of attacks is in cybercrime. These attacks are designed to target digital information with the intent to steal or abuse it for gain. While it’s bad when those affected are individuals, the trauma scales when the targets are organizations. Cybercrime targeted at organizations affects the livelihoods of thousands, or even tens-of-thousands, of people. Unfortunately, such cyberattacks are on an upswing, with the WHO reporting a fivefold increase during the pandemic. This is clearly a major issue. Here are the key areas to consider. 

Distributed and remote access. With the recent migration to remote work, many organizations lacked the time, ability and skills to equip and train their workforce on the proper procedures of remote operations. This is especially true regarding the remote access of sensitive corporate information—and it has led to a substantial increase in cybercrime. Operating in our new remote settings, with the increased isolation of individuals and the potential difficulty in contacting their organizations to confirm identities, is a major factor in cybercrime. With the advent of lockdown, individuals, either targets or perpetrators, have become more available, both from a time and access perspective, for cybercrime. The remote setting has also expanded the available target systems for hackers and other cybercriminals, as nearly every remote laptop or station can become a potential entry point into the corporate network. For example, with virtually all key corporate leaders and discussions now on remote systems like Zoom there’s a greater risk of more damaging intrusions. This means organizations must assess and understand cybersecurity in the remote working environment to ensure the maximum level of safety for their organization. EPAM’s Remote By Design™ offers a Remote Cybersecurity Assessment designed to help organizations with just such a challenge. 

Sophisticated intrusion techniques. Gone are the days of the classic 1983 film War Games, in which a teenager accidentally hacked into and took control of the government’s missile command operations. Cybercriminals are now extremely sophisticated, using a plethora of tools and techniques to break into corporate systems.

One of the most common tools in their arsenal are phishing emails, designed to do exactly what they sound like: fish. They aim to bait individuals in the hope that someone will click on a link and subsequently open the door to the underlying corporate systems. Some estimates indicate that phishing emails are up some 300% over the pandemic, with no signs of abating.

Another common approach is impersonation. Cybercriminals portray themselves as a trusted authority figure, such as a bank executive, government official or some other corporate leader to whom most people would normally respond in an open manner. Since contact is usually all digital or phone-based, it can be difficult to verify identities, especially in these pandemic times when so many are working remotely. Impersonation can be surprisingly effective because cybercriminals exploit unsuspecting employees’ intent to be “helpful” to authority figures and get access to some of the most sensitive and critical corporate systems.

Finally, malware or ransomware usage is also on the rise. Nearly every week goes by with yet another malware attack by cybercriminals. Malware is simply the insertion of a malicious piece of code into the corporate system by a cybercriminal. Ransomware is a type of malware that is designed to take control over and “lock-out” a key corporate system—until the company pays the “ransom” demanded by the cybercriminal—hence the name. Organizations need to be particularly vigilant when it comes to these kinds of attacks, as they can potentially be the most damaging, reputationally and financially.

One critical element to note in all three of the techniques is the reliance on the individuals in an organization. Cybercriminals focus a large part of their efforts on defeating the “human” in the security chain, and not the systems. It’s less about technical War Games than individual mind games. 

Individual awareness and training. One of the critical elements (unwittingly) enabling cybercrime is the people who use the digital systems. It’s increasingly important for organizations to offer a robust set of training and materials to ensure that employees operate their systems in the most secure fashion. An example of relevant training is the sharing of best practices, such as the ones the University of California Berkley provides to faculty, staff, students and other affiliates around telecommuting securely. The guidance from Berkley highlights key concepts of restricting private data to corporate systems, keeping devices updated and avoiding public access points and Wi-Fi networks. Organizations looking to set up online cybersecurity education for employees can take advantage of this guidance from CrowdStrike, one of the foremost cybersecurity firms in the market, with its recommendations for online training. Finally, ensuring a focused approach for addressing cybersecurity threats is a core recommendation of McKinsey. As noted in this article, focusing on clearly and consistently communicating about cybersecurity threats and helping employees understand what to do about these security risks goes a long way towards ensuring an organization’s readiness to meet the demands of these currently difficult pandemic cybersecurity threat scenarios. After all, a business’ security is only as strong as the weakest link. See to it that your people are not your weakest link. 

Systems and platform security. Speaking of weak links: Properly fortifying your platforms and systems is essential when creating a robust cybersecurity regime. An organization’s digital ecosystem includes networks, laptops, enterprise record systems like databases and other mission-critical systems of record—and all these need different, specific protections against cybersecurity intrusion. The Center for Internet Security offers a document outlining some of the approaches companies can take to protect them. According to these recommendations from Berkeley, it’s also important to establish critical thresholds for enterprise and networked systems, to ensure they’re adequately protected against cyber-intrusion. Protecting corporate systems and platforms is a non-trivial task and will likely require a substantial effort from one’s organization. Protecting your systems so you don’t have any weak links in your cybersecurity protocols will ensure that your organization is well prepared for maintaining operations during the pandemic. 

Preserving business continuity. Perhaps the most important element of cybersecurity to bear in mind is the reason it’s there in the first place—ensuring minimal disruption to corporate operations. All cybersecurity is designed to protect an organization’s business operations and ensure their continuity. When leading and planning your cybersecurity response, prioritize and focus your efforts on the areas that could most likely lead to interrupted operations. While there will likely be a large number of requests and issues clamoring for your attention during the pandemic, attend to those factors that will affect your ability to conduct business. Next, validate or test your approaches to ensuring your cybersecurity protection protocols actually achieve their end objective. The worst way to find out your testing regime is a failure is after you’ve got intruders in your systems. Prevent this scenario by robustly testing your cyber defenses regularly and monitoring your key entry and access points or any other areas of potential weakness such as points that can lead to exposure of key business systems. These “soft spots” will surely see the greatest threats of penetration by cybercriminals. By actively overseeing these, you’ll become aware of intrusion attempts before they transform into one.

Finally, assess or balance your response based on your needs across the business. Overreacting to every access request or help ticket—with a kneejerk reaction of denial to increase security—won’t achieve the desired results for the business, even if it slightly increases protections. In the end, a well-protected but completely shut down business is an unsuccessful business. Don’t be that business.