Working from home: Cybersecurity in the time of COVID-19
CRC
A63c9f itunews x800

By ITU News

 

Today, billions of people around the world have been ordered to stay at home to help curb the COVID-19 pandemic. As a result, the number of people working from home has skyrocketed, raising alarm bells for cybersecurity experts who warn that this has created an ideal environment for cybercriminals to thrive.

 

In fact, COVID-19 related cyberattacks began in January and have only proliferated since. Now, questions are also being raised over the security and privacy of video conferencing tools used by millions of people around the world.

 

“Companies are urgently balancing the need to get everyone connected and maintain productivity versus the risk that this creates,” Jacques Francoeur, Chief Scientist and Founder at Security Inclusion Now USA, told ITU News.

 

Global outlook

Generally, cybercrime is on the rise and businesses face a wide range of growing threats; Evolution Equity Partners estimates that there will be over four million threat types by 2025.

Meanwhile, over half of global businesses are not confident they are ready for, or would respond well to, a cyberattack according to a recent report by California-based cybersecurity firm FireEye. In addition, roughly 30 per cent said they have a cyber response plan in place which has not been tested or updated within the last 12 months.

 

An uncontrolled environment

This leaves employees who are now working away from the office environment, often operating on less secure WiFi networks and using devices that are not aligned with or setup per their companies’ policy controls, in a uniquely vulnerable position to cyberattack.

 

“The attacker has time, resources, and a committed intent. It’s tough to beat.” – Jacques Francoeur

 

“Working from home means having less control over the end user security and secure connections,” said Josephine Ajuoga, a Senior Information Systems Analyst at African Banking Corporation Limited. “Many organizations… will highly rely on employees to use their own devices for work, which are most likely not securely set up, have secure connection or updated to handle cyber attacks.”

 

All of this can make the employee an easier target for cyber criminals. “In the home environment, a lot of the policy controls that created a safe environment, in a safe wireless network to connect to and so on, are kind of now relegated to a remote endpoint in an uncontrolled environment,” said Jacques Francoeur.

 

Common threat types

Employees working from home are most likely to be faced with social engineering and phishing attacks which capitalize on these times of ongoing uncertainty.

 

“Working from home does not necessarily bring more risks since organizations just need to adjust accordingly.” – Kary Chan

 

“What the attackers will be doing is taking advantage of the fact that you’re very anxious and frightened and you’re looking for solutions,” Jacques Francoeur told ITU News

 

Indeed, there has been a drastic increase in new domains containing terms like coronavirus, Covid, pandemic and vaccine in the last few months. While some sites are legitimate, a vast majority are domains used for fraud and to distribute malware.

 

“The attacker has time, resources, and a committed intent. It’s tough to beat,” Jacques Francoeur said.

 

While companies can act to prevent and mitigate these kinds of attacks through a variety of technical and procedural controls – which could include restricting the size of file downloads, making sensitive documents ‘read only’ and using secure connection channels that protect data in transit – preparation is key.

 

“Working from home does not necessarily bring more risks since organizations just need to adjust accordingly, for example having the network capacity enabled, having sufficient support for equipment and IT,” Kary Chan, Corporate Information Risk management at ING Bank, told ITU News. “But before the organization can execute or switch a business continuity and disaster recovery plan completely to make everyone ‘up and running’ at home, cyber criminals might have already made use of the ‘vulnerable moment’ and conducted crimes which have had a huge impact.”

 

Reducing exposure to cyber crime

As worldwide stay-at-home recommendations look likely to continue for some time, how can companies help reduce their employee’s exposure to cybercrime?

 

“Top on the list is to sensitize their employees on the risk exposure, making them aware of how to identify cybersecurity risks and measures to take to respond, prevent, detect and report incidents when they happen,” said Josephine Ajuoga.

 

For Jacques Francoeur, the advice may be as simple as “think before you click.”

 

And while this may seem like an anomalous event, businesses should prepare for the long-term.

 

“The way organizations should look at this event and the response to it, is that investment of the response is the beginning of a trend towards all employees being mobile,” Jacques Francoeur said. “This is not just a one-time thing; the investments that [organizations] make today are investments that will sustain [them] going forward in a demand for remote work that will only increase.”

Dashbalbar
LAST UPDATE: 2020/05/13
News
Main Indicators of ICT Sector 2019 year
Main Indicators of ICT Sector 2019 year
07.01
POLICIES FOR THE DIGITAL TRANSFORMATION Highlights from key IIC debates of the last 12 months
POLICIES FOR THE DIGITAL TRANSFORMATION Highlights from key IIC debates of the last 12 months
06.30
SUPPORTING SECURE, FLEXIBLE, DATA-CENTRIC APPLICATIONS WITH PRIVATE LTE
SUPPORTING SECURE, FLEXIBLE, DATA-CENTRIC APPLICATIONS WITH PRIVATE LTE
06.29
AI for Good: Paths forward Progress through innovation
AI for Good: Paths forward Progress through innovation
06.22
Building resilience for climate emergencies
by ITU News Australians have been very enthusiastic adopters of cashless payments. In fact, some predict that Australia could become a cashless society by 2022. And then the fires started.
05.28
Telecoms, Coronavirus and keeping the networks running: OPINION
By Tomas Lamanauskas, Partner, Envision Associates Ltd.
05.27
COVID-19: China’s digital health strategies against the global pandemic
By ITU News Digital health technologies are critical tools in the ongoing fight against the global COVID-19 pandemic.
05.26
Reducing the global healthcare shortfall using AI
By ITU News Dr Nick Sireau finally found a way to save his children from decades of disabling pain: weed killer.
05.25
COVID-19: How mobile phone contact tracing can save lives – and preserve privacy
By ITU News Contact tracing is a key public health response to limit infectious disease outbreaks such as the global COVID-19 pandemic.
05.21
COVID-19: How tech is helping nurses
By ITU News Now more than ever, hospitals are under great stress, and the people bearing the brunt of this pandemic are the nurses and clinicians at the frontlines of patient care.
05.20