As the world moves to the cloud, there has been a debate that surrounds enterprise to address phishing attacks, and ransomware attacks.
The COVID-19 pandemic has forced enterprises to embrace the new normal, and cyber criminals around the world undoubtedly have been capitalizing on this crisis. In a survey, about 61% of the security and IT leader respondents are concerned about an increase in cyber-attacks targeting their employees who are working from home. They’re right to be concerned; according to the survey, 26% have seen an increase in the volume, severity, and/or scope of cyber-attacks since mid-March.
The Center for Internet Security’s (CIS) Security Operations Center (SOC) has seen a marked increase in remote desktop protocol (RDP) exploitation, likely due to malicious attempts to exploit teleworking capabilities. The Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) Security Operations Center (SOC) has seen an increase in cyberattacks.
Countering Covid-19 and Cyberattacks–
The Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) Security Operations Center (SOC) is seeing an increase in specific types of attacks that revolve around sound cyber hygiene, including increased vigilance from employees. Here are how cyberattacks are so dangerous for the enterprise-.
• Phishing – Enterprises must remind their employees to be cautious when opening emails, especially those from outside the organization. They should exercise caution when keying their credentials into a website, linked from an email, text message, or social media account, or when downloading attachments.
• Securing Passwords– While Covid-19 may have pushed enterprises to make services available to employees remotely, without the time to secure accounts through multi-factor authentication (MFA). Along with securing accounts with MFA, employees should make sure all passwords are secure, and should never reuse passwords on different accounts.
• Remote Desktop Protocol (RDP) Targeting – An increase in the number of employees connecting remotely implies an increase in the number of systems that are potentially being scanned. If an enterprise’s workforce needs to access systems remotely, the C-suite must ensure limited and secure access by VPN to reduce the attack surface.
• Distributed Denial of Service (DDoS) Attacks – Downtime from an attack is critical with remote workforce. A larger remote workforce can even act as an unintentional DDoS attack, when multiple users try to access services at the same time. Enterprises must ensure their employees are protected against DDoS attacks, with an increased bandwidth allocation read. Enterprises must temporarily disable unused services, and discourage their employees from streaming videos, music, or other streaming services through the VPN.
Securing Employee Home Networks
Though conducting business through a VPN can add a layer of security, there are simple steps employees can take to secure their home networks. Employees must know what devices they are using while working from home. Enterprises must practice smart password management and enable two-factor authentication (2FA) wherever possible, besides enabling automatic updates for all routers and modems.
The dust surrounding Covid-19 is still settling. To get back to normal, and issue business has a continuity addressing rapid expansions of digital commerce channels as consumer behaviours shift dramatically.