Working from home: Cybersecurity in the time of COVID-19
CRC

By ITU News

Today, billions of people around the world have been ordered to stay at home to help curb the COVID-19 pandemic. As a result, the number of people working from home has skyrocketed, raising alarm bells for cybersecurity experts who warn that this has created an ideal environment for cybercriminals to thrive.

In fact, COVID-19 related cyberattacks began in January and have only proliferated since. Now, questions are also being raised over the security and privacy of video conferencing tools used by millions of people around the world.

“Companies are urgently balancing the need to get everyone connected and maintain productivity versus the risk that this creates,” Jacques Francoeur, Chief Scientist and Founder at Security Inclusion Now USA, told ITU News.

Global outlook

Generally, cybercrime is on the rise and businesses face a wide range of growing threats; Evolution Equity Partners estimates that there will be over four million threat types by 2025.

Meanwhile, over half of global businesses are not confident they are ready for, or would respond well to, a cyberattack according to a recent report by California-based cybersecurity firm FireEye. In addition, roughly 30 per cent said they have a cyber response plan in place which has not been tested or updated within the last 12 months.

An uncontrolled environment

This leaves employees who are now working away from the office environment, often operating on less secure WiFi networks and using devices that are not aligned with or setup per their companies’ policy controls, in a uniquely vulnerable position to cyberattack.

“The attacker has time, resources, and a committed intent. It’s tough to beat.” – Jacques Francoeur

“Working from home means having less control over the end user security and secure connections,” said Josephine Ajuoga, a Senior Information Systems Analyst at African Banking Corporation Limited. “Many organizations… will highly rely on employees to use their own devices for work, which are most likely not securely set up, have secure connection or updated to handle cyber attacks.”

All of this can make the employee an easier target for cyber criminals. “In the home environment, a lot of the policy controls that created a safe environment, in a safe wireless network to connect to and so on, are kind of now relegated to a remote endpoint in an uncontrolled environment,” said Jacques Francoeur.

Common threat types

Employees working from home are most likely to be faced with social engineering and phishing attacks which capitalize on these times of ongoing uncertainty.

“Working from home does not necessarily bring more risks since organizations just need to adjust accordingly.” – Kary Chan

“What the attackers will be doing is taking advantage of the fact that you’re very anxious and frightened and you’re looking for solutions,” Jacques Francoeur told ITU News

Indeed, there has been a drastic increase in new domains containing terms like coronavirus, Covid, pandemic and vaccine in the last few months. While some sites are legitimate, a vast majority are domains used for fraud and to distribute malware.

“The attacker has time, resources, and a committed intent. It’s tough to beat,” Jacques Francoeur said.

While companies can act to prevent and mitigate these kinds of attacks through a variety of technical and procedural controls – which could include restricting the size of file downloads, making sensitive documents ‘read only’ and using secure connection channels that protect data in transit – preparation is key.

“Working from home does not necessarily bring more risks since organizations just need to adjust accordingly, for example having the network capacity enabled, having sufficient support for equipment and IT,” Kary Chan, Corporate Information Risk management at ING Bank, told ITU News. “But before the organization can execute or switch a business continuity and disaster recovery plan completely to make everyone ‘up and running’ at home, cyber criminals might have already made use of the ‘vulnerable moment’ and conducted crimes which have had a huge impact.”

Reducing exposure to cyber crime

As worldwide stay-at-home recommendations look likely to continue for some time, how can companies help reduce their employee’s exposure to cybercrime?

“Top on the list is to sensitize their employees on the risk exposure, making them aware of how to identify cybersecurity risks and measures to take to respond, prevent, detect and report incidents when they happen,” said Josephine Ajuoga.

For Jacques Francoeur, the advice may be as simple as “think before you click.”

And while this may seem like an anomalous event, businesses should prepare for the long-term.

“The way organizations should look at this event and the response to it, is that investment of the response is the beginning of a trend towards all employees being mobile,” Jacques Francoeur said. “This is not just a one-time thing; the investments that [organizations] make today are investments that will sustain [them] going forward in a demand for remote work that will only increase.”

Dashbalbar
LAST UPDATE: 2020/05/06
News
COVID-19: How mobile phone contact tracing can save lives – and preserve privacy
By ITU News Contact tracing is a key public health response to limit infectious disease outbreaks such as the global COVID-19 pandemic.
05.21
COVID-19: How tech is helping nurses
By ITU News Now more than ever, hospitals are under great stress, and the people bearing the brunt of this pandemic are the nurses and clinicians at the frontlines of patient care.
05.20
How can AI impact security? Key takeaways from an ITU Workshop.
By ITU News Artificial intelligence (AI) and machine learning have come a long way and are already being deployed by many of the world’s biggest information and telecommunication (ICT) companies to help combat the growing range of cyberattacks.
05.19
As cyber threats evolve, so does investment in new security responses
By ITU News Cyber threats are growing exponentially.
05.18
How are governments staying safe? ITU releases its third Global Cybersecurity Index.
By ITU News More than half the world is now online for the first time ever.
05.15
COVID-19: 7 key ways to keep children safe online
COVID-19: 7 key ways to keep children safe online
05.13
COVID 19: Strategies to Reduce Cyber Risk While Working from Home (OPINION)
COVID 19: Strategies to Reduce Cyber Risk While Working from Home (OPINION)
05.12
Working from home: Cybersecurity in the time of COVID-19
Working from home: Cybersecurity in the time of COVID-19
05.11
How are governments staying safe? ITU releases its third Global Cybersecurity Index
How are governments staying safe? ITU releases its third Global Cybersecurity Index
04.24
COVID-19: 7 key ways to keep children safe online
COVID-19: 7 key ways to keep children safe online
04.22