During yesterday’s COVID-19 briefing, Foreign Minister Dominic Raab announced that the UK’s National Security Centre and the US Cyber Security and Infrastructure Security Agency have published a joint warning to organisations and the public over cyber scams.
Over the years, organisations have built layers of security controls and processes to a point where many were well-protected against most threats, excluding maybe the most sophisticated APT attacks. COVID-19 has sent a shock wave through these same organizations, undermining their “hard-fought” security posture in a very rapid form.
The mass shift to work-from-home, business continuity initiatives, heavier reliance on cloud, hastily launched services and improper vetting of product security (e.g., Zoombombing) have caused massive disruption to security programs. These disruptions have greatly expanded the network perimeter, created many new exposures and expanded the attack surface. Adding fuel to the fire, attackers are also taking advantage of distraction and concern via social engineering.
All in all, these changes have undone in a matter of weeks what security teams spent years building. And they aren’t going away. In order to deal with the increased cyberthreat and rebuild their security posture, organizations need to reduce cyber disruption by quickly validating that their old and new controls have been properly adapted to the new business-continuity initiatives; reexamine how changes in the perimeter may have revived old attack vectors that had been shielded until recently; exposure analysis should be conducted for every vulnerability in the network; and reeducate employees on how to recognize, avoid and deal with social engineering campaigns.