The global pandemic situation has brought many changes at several levels. Just think of all the security measures put in place to meet the new standards of social distancing. For organizations, it has played more than one role, including a trigger for transformation. As a result, the sequence of events related to COVID-19 has resulted in a phase of adaptation and change. This situation, which we are still living, involves cyber risks that can be reduced considerably.
This is a topic that security company Mimecast addressed in its May 5th report, which examines the first 100 days of the COVID-19 crisis and the cyber-scams that followed. This analysis shows that between January and the end of March, spam and phishing increased by 26.3%, while impersonation increased by 30.3% (e.g., the fraudster borrows your identity to hijack the $2,000/month for Canada Emergency Response Benefit), malware detections increased by 35.16% and blocking of URL clicks by 55.8%. On average, this is a 33% increase in all cyber-fraud attempts actually detected!
At a time when the world was plunged into a period of unprecedented crisis, some malicious individuals and organizations were taking advantage of the delay to respond to it. Charities have been the most affected, followed by manufacturing and retail companies, and more recently companies working to find a vaccine. Criminals associate their scams with news and information circulating on social networks. For example, in the week of March 24th, when the UK and Australia closed their borders, a spoofed email from the World Health Organization invited potential victims to click on an infected link. In addition, the Emonet trojan continues to steal our banking data.
Although the crisis surprised us, many organizations don’t know how to reduce cyber risk or which best practices to implement in terms of cyber security. Since we are not in a normal context, it’s not the right time to think of a long-term strategy, we must act now.
So how do we adapt to the emergency situation, exploited by criminals who rely on the fact that employees are far from the core of the company? Here are some of our recommendations to avoid being among the victims of cyber-fraud:
1) Review cyber security practices and policies and quickly train staff to have good cyber habits
- Update and inform staff about the dangers of phishing. This will allow them to acquire a minimum of reflexes to avoid the main phishing attempts.
- Because everyone is working remotely, you need to start with a mandatory awareness session to present and provide access to an online cyber resilience training tool. Some examples are KnowBe4, ProofPoint, Terranova, etc. The goal is to train the entire organization in a week.
- Finally, this same tool should be used to launch a phishing test campaign (email and voice) in order to reinforce the adoption of the right reflexes.
2) Increase vigilance on indirect means of communication with staff, via telephone or social networks.
3) Prepare for Emonet’s resurgence:
- By educating all users and employees about the importance of using highly complex passwords;
- By updating and strengthening network passwords that have not been changed for at least 3 months.
We must be aware that with the effects of the crisis on economic activity, many enterprises are likely going out of business in the coming months. Therefore, at the supplier level, customer or employee data shared with confidence may be compromised and out of your control. It will not be possible to audit a supplier that is no longer in business!
4) This is why we need to regain control of the information shared with external suppliers. Here are some practical tips on how to do this:
- Invok the right to audit (if not already in the contract);
- Recuperate all the data on you, on your customers and users that was accumulated by the supplier;
- Strengthen the security management process with suppliers, as well as any communications/data exchanges with them;
- Finally, add a clause to the contract stating that in the event of bankruptcy, the supplier must give you the latest update of your data and proceed with the destruction of your information assets, with a certificate of destruction to be submitted as proof.
5) Vulnerabilities will need to be addressed by:
- Patching Windows 2007 servers;
- Updating VPNs (Apache Tomcat/Ghostcat, Pulse VPN servers), Citrix servers, Exchange servers of which 805 are still vulnerable to CVE-2020-0688 operation.
6) Protect the IT security team members working from home because:
- They are the preferred targets of piggy-back via their home network;
- It’s necessary to insist on the importance of changing passwords and proceeding to the segmentation of the family router. Don’t forget to request a confirmation;
- Make sure they have two-factor authentication when accessing the organization’s network.
In short, the above tips will help you reduce the risk to the organization, staff and users in the short term. There are several cyber security/cyber-resilience tools and methodologies available. Don’t hesitate to contact IT Chapter if you want more details!