BENGALURU: Cyber criminals and the defenders are always in a cat and mouse game, with one trying to get ahead of the other. As the world’s focus has shifted to the covid-19 outbreak, hackers are finding ways to launch different forms of cyber attacks. With most people working from home, outside of the office network on their personal devices, cybercriminals are maximising on the vulnerabilities and organisations must gear up to combat them.
“Cybercriminals have actually jumped into the covid-19 bandwagon," said Ashwin Pal, security services director, Asia Pacific, Unisys. “They are sending various types of phishing emails which have doubled in the past few days."
It is in fact estimated that 91% of cyber attacks start with an email. Phishing, a form of cybercrime which uses disguised email as the weapon, has emerged in the form of two broad categories during the covid-19 scenario.
“First, it is the standard charity-based scams enticing people to donate money to a charitable organisation. Second, it is the bulk standard phishing where you are asked to click on a link. This could be a ransomware that will either encrypt your hardware and you have to pay money to get it decrypted. Or, you could mistakenly download some malware which can be used to steal your personal data," said Pal.
In the past few weeks, over 100,000 domains have been registered containing terms like “covid," “virus", and “corona", according to Palo Alto Networks. “Not all of these will be malicious, but all of them should be treated as suspect. Whether they claim to have information, a testing kit, or a cure, the fact that the website didn’t exist until the pandemic became news should make you very sceptical of their validity," said Ryan Olson, vice president, Threat Intelligence (Unit 42) at Palo Alto Networks.
So what can organisations do to stay ahead of the race? As a first step, it is important to prepare employees who are unaccustomed to remote working to navigate the challenges involved.
“This can be done by training staff on how to identify and avoid risks such as not clicking on links or opening attachments found in suspicious-looking emails or messages relating to the covid-19 outbreak. Personal electronic devices should have the same rigorous security measures and should be equipped with up-to-date security and anti-virus software, together with the necessary privacy and encryption tools," said Anil Bhasin, regional vice president, India & SAARC, Palo Alto Networks.
“Companies must ask their employees to get a secure VPN (virtual private network) to connect securely to the corporate network. Also, advise the employees to restrict the access rights of people connecting to the corporate network," said Anton Ivanov, malware analyst at Kaspersky.
Companies must look at integration of multi-factor authentication protocols, implementing screen locks, encryption of devices that transmit data to and from the servers, and enforcing tighter controls over home network security through use of VPNs, said Murtaza Bhatia, head of vertical solutions, NTT India. “Adaptability of these solutions deployed in the cloud makes them apt for large scale implementation at a rapid rate."
Most experts unanimously agreed that getting the basics right is the key to combating many of the cyber threats. Keeping systems updated with the latest patches, creating backups, and having proper business continuity plans (BCPs) are hygiene factors that must be followed.