This blog was written by Simon Minton of Cisco. Cisco are a Strategic Partner at SCDI Forum 2020.
The Covid-19 outbreak has seen an uptick in cyberattacks against individuals and businesses. Small businesses have been particularly targeted; by May 2020, 13% had experienced a cyberattack.
Cybercriminals are out to exploit human interest, as well as the surge of remote working during the pandemic.
Understanding how employees and businesses are being targeted – and the new risks of working from home – can enable IT teams to take practical steps to defend the business.
This time, it’s personal
Cybercriminals have been working hard to take advantage of the Covid-19 outbreak, and particularly people’s interest and concerns about current events.
There has been a significant rise in attacks taking advantage of specific news stories. For example, when UK Prime Minister Boris Johnson was hospitalized, there was an almost immediate peak of ransomware and phishing attacks, with lures relating to the story.
Malicious software might be downloaded when a link is clicked, or the user might be encouraged to enter their personal information, including username and passwords.
Interestingly, rather than creating bespoke tools, most attackers have been leveraging off-the-shelf ransomware or software – targeting individuals, rather than organizations.
These largely automated attacks might exploit well-known vulnerabilities in software or operating systems, looking for individuals that are using software which is unpatched and has exploitable vulnerabilities, or aren’t using multi-factor authentication to access their applications.
Small businesses might not be the initial target, but once an employee has been compromised, attackers can quickly target the company they work for, moving laterally to scope out and attack high value systems.
Once cybercriminals find the weakest point, be it the people, processes or systems in place, the business itself becomes the victim.
The risks of working remotely
Unfortunately, the rise in remote working has also made many small businesses more vulnerable to attack.
Previously, your business might have been relying on a VPN or a firewall to protect access to key applications.
But many employees have been prioritizing getting operational as quickly as possible – by accessing cloud-based applications directly to get the tools and data they need, rather than going through the network.
Many small businesses have not adapted their security controls to prevent attacks on cloud-based applications (such as SaaS software).
This has given attackers a wider cyberattack surface to target, according to RiskIQ.
But importantly, it also means many employees may be circumventing key security practices and leaving the business exposed in new ways.
In fact, half of remote workers admit to cutting corners on their IT security during the pandemic.
The security needs of small businesses have changed. And now, it’s vital to work with your employees – and as an organization – to adapt.
How to prevent attacks…with your employees
Individuals are the most common entry point for cyberattacks right now. Arming staff with knowledge about criminal tactics will help prevent successful attacks, especially with employees working from afar.
1) Promote a healthy cynicism
Attackers by their nature exploit human interest, whether it’s a juicy story or an apparently urgent spreadsheet from a boss. Employees should be encouraged to adopt a healthy cynicism about communications.
Think carefully before you click a link; banking and other websites can be easily spoofed, and these fake websites will steal your log-in credentials as you type them in. It’s better to go to banking websites directly via your browser. Checking the authenticity of emails and their attachments can also prevent attacks before they begin – even if sometimes it means an extra email to a colleague.
2) Find training that works
Security awareness training has historically been very dull, and it’s unsurprising that employees don’t recall the training. In fact, before the pandemic less than half of small business owners provided training for employees to stay secure when working from home.
But there are interesting new approaches out there. One company puts attendees into a virtual environment that sends haptic feedback (similar to your phone’s haptic technology) whenever they click on a malicious link or engage in other risky behaviour.
Memorable training can help employees to understand why security practices exist and follow them each day.
3) Make it easy
Employees tend to turn to workarounds when it’s too hard to follow a secure process. Ensure that new technologies are both secure and easy to use – and people won’t be tempted to circumvent them for easier alternatives.
How to prevent attacks… as a business
Small businesses have adapted incredibly quickly to the challenges of the pandemic, often creating new working methods in the process. But now, it’s up to IT teams to ensure their security processes reflect this next normal.
1) Consider a zero-trust network
In the “old world”, once a user had passed the firewall onto the network, they could effectively move around as they wanted. If a user’s account then got compromised, the attacker could also move around in a way that’s hard to detect. But now applications and data are moving to the cloud – where employees access them directly – deploying a zero-trust network makes more sense.
Essentially, that means a process of continual authentication: identifying and authenticating the user, checking their permissions, ensuring that their device is secure, securing their connection directly, and monitoring applications for misuse.
Importantly, the zero-trust network can actually make life easier for the user, who can access systems anywhere, without going through the network. The business also benefits because it doesn’t have to pay for expensive network connections to connect users to applications. Win-win!
2) Add multifactor authentication
Passwords aren’t the strongest line of defence for an individual or a business. Multifactor authentication (MFA) can help employees to protect their identities – and reduce the likelihood and the impact of attacks.
MFA works by prompting employees to verify their identity through a second form of evidence (in addition to their password). This can often be done through an app, perhaps on their mobile device.
3) Work with your MSSP if you have one
Many small businesses work with Managed Service Security Providers (MSSPs) to support their security. In the past, this has often entailed firewalls or VPNs to protect the network.
What’s important today is ensuring your partner understands how the business’ attack surface has changed – and can provide tools to protect your data where it actually resides..
The new security environment
Small businesses – and especially their IT teams – have done an incredible job in adapting to the Covid-19 outbreak. But there will always be criminals looking to take advantage of vulnerabilities, to exploit individuals and businesses.
By working closely with employees, and adapting your security infrastructure for the new environment, you can keep your business safe.
Read more from Tech Connection about keeping your employees safe during unprecedented remote working. You can also learn more about small business security solutions that can limit threats, not your business and how Cisco is helping to support small businesses to recover from the economic impact of the global pandemic.