Like many other aspects of life in 2020, the cyberthreat landscape changed drastically in response to COVID-19. The pandemic proved to be a breeding ground for new and more targeted attacks on businesses that were already struggling to support employees, customers, and business operations in a highly volatile and unpredictable environment.
The fallout from COVID-19 broadened the attack surface for businesses of every size—from two-person startups to multinational corporations—because, as it turned out, few businesses were prepared to gracefully handle a crisis of this magnitude.
One catalyst for the increase in cyberattacks was the mass adoption of remote work with little time to deploy effective security infrastructure. With millions of workers accessing sensitive company files and applications over poorly secured home Wi-Fi networks using whatever device was available, it didn’t take long for hackers to put remote workers in their crosshairs.
One popular and highly successful tactic was launching pandemic-themed phishing campaigns. These attacks took advantage of the widespread panic and uncertainty many people felt in the early days of the pandemic by delivering emails containing malicious links and corrupt files promising answers and reassurance.
Ransomware attacks on healthcare providers and research facilities also increased throughout the health crisis, adding even more stress on an already maxed-out industry. Not content with disrupting just one essential service industry, hackers are now setting their sights on other critical infrastructure sectors, such as fuel, food production, and utilities—and they are having plenty of success.
The Big Cybersecurity Takeaways from COVID-19
The events of 2020 were hopefully a wake-up call for many CIOs and IT security teams. Whether the pandemic uncovered new vulnerabilities or made it painfully obvious that your current cybersecurity strategy is subpar, it is time to take a long, hard look at how you protect critical company data, systems, and applications and adjust.
We’ve compiled a list of seven common lessons learned during the pandemic to help you remediate some of the most frequently exploited vulnerabilities.
Lesson #1: Your RDP needs better security.
Remote Desktop Protocol (RDP) has long been a favorite attack vector for hackers. However, the abrupt pivot to remote work provided several new entry points for malware.
Following a few best practices can reduce the chance that your RDP will be compromised:
- White-list authorized IP addresses: Not every IP need RDP access. Be selective and reduce your attack surface.
- Never expose ports to the public internet: Hide RDP ports from malicious port scanners to make it harder for hackers to find yours.
- Limit users to only those who need RDP access: This will require policy updates but controlling who has RDP access and restricting the actions users can perform will limit damage potential.
Lesson #2: Employee education plays an essential role in cybersecurity.
Human error consistently tops the list of prominent threats to company security. However, with the right strategy in place, these same weak points can become your first line of defense:
- Schedule security awareness training: Regularly scheduled and customized security awareness training will help your team identify and avoid phishing attempts, malicious links, and corrupt files.
- Create crisis response plans: Educating employees on what to do in the event of a breach will minimize damage and reduce the potential for data exfiltration or encryption.
Lesson #3: Business continuity strategies need a plan for unlikely scenarios.
Although most businesses had a rudimentary continuity plan in place, COVID-19 uncovered contingencies many had overlooked when drafting their plans.
Keeping the events of 2020 in mind, review and update your business continuity plan to include steps to:
- Train backups for key staff: COVID-19 made it very clear that entire departments—and even entire companies—could be severely impacted by illness. Assign and train alternates for all critical functions within the business.
- Plan for a fast shift to 100 percent virtual operations: Before 2020, few companies had the infrastructure to support running their business entirely virtually. Today, we know that it’s necessary. Create and secure your virtual environment now to prepare for any eventuality.
Lesson #4: It’s time to do away with usernames and passwords.
People are terrible at choosing usernames and passwords (think: password123). With so much data on the line, it is essential to adopt secure access management policies to ensure it stays out of reach:
Multi-factor authentication requires users to provide more than one piece of evidence (factors) to prove their identity and that they are authorized to complete an action. For example, the user may need to provide credentials in the form of:
- Something they know (password or PIN).
- Something they have (smartphone or token).
- Something they are (biometrics).
Lesson #5: You can’t protect what you don’t know exists.
Endpoint protection became much more difficult during the pandemic because many employees had to use personal devices for work out of necessity. With many companies opting to continue remote or hybrid work environments, IT teams must:
- Keep track of employee devices: Create an inventory of every device employees use to conduct company business, including business-issued computers, personal laptop and desktop computers, tablets, and any other connected device with access to the company network.
- Install anti-malware software: Every device with access to the network should have current cybersecurity protection installed. Be sure to update the solutions regularly to fix vulnerabilities and add known threats.
Lesson #6: Remote work requires updated and reinforced security policies.
Before the pandemic, only a small segment of the workforce worked remotely. As a result, when millions of businesses rapidly adopted a remote work environment, few had appropriate policies in place to secure and protect company data.
Now that working from home is a widely accepted practice, IT, HR, and operations will need to collaborate to create and enforce policies that meet the needs of the new workplace model, which isn’t always a straightforward undertaking. Here are aspects to consider:
- IT policies and considerations: Who is responsible for keeping software up to date? Can employees’ home IT environment support a virtual private network (VPN) and other network and storage-intensive operations?
- Acceptable device usage: If employees must use personal devices for work, how can IT ensure responsible usage and good cyber hygiene when the device is not being used for work-related functions?
- Legal implications: Without face-to-face contact with employees, will HR need to explore electronic signature technology? How about remote contract review and approval?
Lesson #7: Cloud services are essential.
Cloud services saved the day when businesses sent their employees home to work. From team collaboration to file sharing, many businesses would have come to a screeching halt if it weren’t for cloud-based productivity tools.
Post-COVID, many companies have adopted cloud-based services and applications permanently, making it crucial to ensure data generated and shared within these applications is secured as well as it would be on-site:
- Software as a service (SaaS): Office 365 and other SaaS solutions take a shared-responsibility approach to data protection. Although who is responsible for what varies among service providers, generally the provider is responsible for protecting its infrastructure, the data and applications that run on that infrastructure, and the software stack. The customer oversees long-term storage, disaster recovery, and secure backup.
- Data protection as a service (DPaaS): DPaaS is a cloud-hosted, subscription-based service that provides data protection, network security, and disaster recovery capabilities. DPaaS comprises three services—backup as a service, disaster recovery as a service, and storage as a service—that together create a comprehensive data protection strategy.
The Best Cybersecurity Defense Is a Holistic Offense
Given the myriad ways cyberattacks occur, taking a holistic approach to security provides the most robust and effective defense against constantly changing tactics. Implementing multi-layer cybersecurity, immutable backup, and a rock-solid cyber resilience and disaster recovery plan will help prevent breaches and facilitate response and recovery should an attack succeed.
Download The 2020 Data Attack Surface Report to learn more about identifying and neutralizing cyberthreats to protect your organization’s most valuable asset—its data.