Since the COVID-19 outbreak, businesses are living in a changed world where one of the most used strategies is improvised business continuity through remote working, ramping up cloud footprint to align quickly to the emerging requirements and quick BCP fixes. This has created the perfect storm for cyber criminals to leverage, leading to an unprecedented rise in number of cyberattacks.
According to PwC, the number of cyberattacks on Indian organizations doubled between January 2020 to March 2020 (Refer to Figure 1). The report states that the critical indicators for cyber threats – increased volume of attacks, higher number of brute force attempts, theme-based phishing campaigns and increased Endpoint Detection and Response (EDR) detections – are all being triggered simultaneously and are causes of concern for organizations and their customers.
Figure 1: Volume of Attacks Experienced
PwC recommends implementing robust preventive and detective technical measures for organizations that have implemented remote working policies. Listing below the recommendations that PwC made in its report recently to help businesses strengthen their cybersecurity posture amid the COVID-19 threat landscape.
Protection:
- Utilize only secure access mechanisms for remote access – SSL VPN, secure remote desktop protocol (RDP) gateway, thin client access, etc.
- Implement strong password policies and two-factor authentication for all remote access, including those for administrative purposes.
- Review any exceptions to password policies, policy bypass and non-standard access.
- Review BYOD policies and enforce compliance around patches, malware signatures and BYOD devices.
- Implement geo-restrictions and login velocity restrictions, if possible.
- Prevent multiple sessions and reuse of tokens wherever possible.
- Enforce privilege identity management solutions for remote administrative access.
Detection & Response:
- Implement specific monitoring rules to detect attacks on remote access infrastructure.
- Utilise specific threat intelligence to detect threat actors targeting COVID-19 and related themes.
- Use EDR solutions, antivirus or authentication policies to isolate any infected or compromised endpoint.
- Enable response teams to securely access compromised devices for analysis and eradication.
- Identify mechanisms to re-flash operating systems where eradication is not possible.
In the long term, it suggests organizations to focus on:
- Developing a robust business continuity plan (BCP).
- Developing strategies and the required infrastructure for implementing secure remote access.
- Training technology staff and crisis management teams to enable smooth functioning of the BCP.
- Conducting tabletop drills and testing of crisis management plans.
- Communicating with various business teams and enabling them to continue with their functions in a secure manner.
(Image courtesy: www.uoguelph.ca)