[Latest Case Study] tiket.com & Its Compliance Journey To ISO 27001 and PCI-DSS Certification
logo
Cybersecurity Strategy

Cybersecurity In The Time Of COVID-19: Is It Really Different?

In the COVID-19-stricken world, what exactly has changed? What is still the same? We venture into the New Normal of remote work to understand what it means for cybersecurity.

You wake up one day, and everything has changed.

Streets are empty. Hallways are silent. Restaurants and shops — shuttered.

What a difference a pandemic makes.

The rise of COVID-19 and the overwhelming wave of panic that it has brought with it has managed to plunge the world into a quagmire of fear, fake news, and uncertainty. One thing is for sure — things have changed.

But what exactly has changed? What is still the same? How is one to make heads or tails of this situation and how do we get to the other side of it?

Remote Work As The “New Normal”

As the world works to stamp out the spread of COVID-19, an unprecedented number of workers find themselves working from home more than ever before. Before this crisis struck, there were concerns over the average worker’s ability to work from home and whether or not that worker could be as productive as one in the office.

Teleconferencing software like Zoom, collaboration software like Slack, and cloud software like GSuite and Office 365 are the building blocks of working from home, connecting us like never before. With these building blocks, we have inadvertently proven for many jobs that working from home is just as feasible as working from the office.

Furthermore, with the time saved by eliminating the daily commute, we are starting to see that productivity is not as big a problem as was previously thought. The reverse is proving to be a problem, with many having a hard time unplugging from office work at the end of the day.

With many work-from-home naysayers converted, many are referring to this situation where a larger subset of the workforce is working from home as The New Normal. This dialogue has led people to believe that working from home (WFH) is a new frontier.

It is not.

This working situation that we find ourselves in has been creeping up on us for some time now.  It just so happens that COVID-19 has fast-forwarded the inevitable. Many workplaces have been using these WFH technologies for a while now, with varying success.

The Same Cyber Threats Haunt Us In This “New Normal”

As WFH neophytes venture into this New Normal, concerns arise about what new horrors they can expect in cyber threats and hackers. Surely, this brave new world comes with new threats, right?

Not quite, actually.

WFH did not just pop on the scene with the arrival of COVID-19. WFH has been creeping up on us for many years as a prominent part of doing business. For some, the sudden shift to WFH was almost no different from work arrangements in the past.

Because the nature of work has not changed, the nature of the threats is also the same. Phishing, Ransomware, Malicious Attachments, Email Scams — these are still the most effective attack vectors used by hackers. 

So What Has Changed?

Make no mistake, although much is still the same, COVID-19 has introduced a considerable amount of uncertainty and panic to the general population. Hackers are nothing if not opportunists. And where there is chaos, there is opportunity. The old attack vectors are being redesigned to prey on this uncertainty and panic.

According to KnowBe4, COVID-19 and Coronavirus-related emails went from almost zero a day at the beginning of January 2020 to half a million a day in April 2020.

As everyday people thirst for information about how to live in a COVID-19 world, malicious actors are crafting phishing emails and ransomware that offers the promise of information to trick users into clicking malicious links, opening malicious attachments, and giving up confidential information.

Scammers are finding a lot of success by playing on the upheaval and desperation that COVID-19 has wrought. In a particularly despicable example, an international team of scammers set up an elaborate online scam taking advantage of the current need for healthcare equipment to fight COVID-19. Pretending to be a Spanish company selling Personal Protective Equipment (PPE), they responded to an order from German health authorities for 1.5 million Euros in facemasks. To add insult to injury, they took it a step further with some social engineering to get an additional 880,000 Euros the day before the supposed delivery of the facemasks.

What we are observing is that for malicious actors, there is no need to change tactics or techniques. If it ain’t broke, don’t fix it.

What Does It All Mean?

The world has changed. It was changing before COVID-19 and it will continue to change.

Although we need to adapt to these changes, our adjustments will be much more painful if we give in to panic and chaos. To combat cyber threats in this new normal, we need only focus on what we should have been focusing on all along. That is to:

  • Pay close attention to emails that claim to be information about COVID-19 or Coronavirus.
  • Check the sender’s email domain, link URLs, and be wary of any downloads.
  • Make sure our computers are up to date on patches and updates.
  • Surf the web securely (use HTTPS where possible, not HTTP)
  • Take care of your passwords.
  • Use Multi-Factor Authentication (MFA) where possible.

If this all sounds familiar, it’s because these safeguards are the same ones we have been prescribing in terms of cybersecurity strategy for years.

If one were to speculate on what would sustain the greatest impact, coming out of COVID-19, a really good bet is that businesses may be re-thinking how much money they spend on office space. (so watch out, real estate!)

The great paradigm shift that we may see coming out of this crisis is higher WFH numbers than before, but regardless of your work location, we need to be aware of what we click, where we surf, and what files we open. Cybersecurity awareness was always something that we needed to be vigilant about.

Today it is more vital than ever.

Photo Credits: Beeple

Mark Anthony Fuentes

Mark Fuentes has over a decade of experience in the cyber security field highlighted by roles in organizations such as Verizon, The International Monetary Fund, and The United States Department of Homeland Security. Mark is an avid consumer of technology trends and threat intelligence and seeks out new applications of tech and research to combat cyber crime.

Subscribe to the Horangi Newsletter.

Hear from our Horangi tech experts as we go deep into up-and-coming cyber threats, new solutions, and talk about the future of cybersecurity.