Cybercriminals lying in waitCybersecurity specialists have been noticing a rise in the number of cyber-attacks and other threat activity over the course of the COVID-19 pandemic. However, it would be wrong to assume that a relatively modest increase in attacks is all that can be expected. “This is only likely to be the tip of the iceberg,” says George Glass, Head of Threat Intelligence at Redscan. “Many more organisations are certain to have been targeted without their knowledge; to maximise returns, cybercriminals will bide their time in order to conduct reconnaissance, avoid detection and strike at the most opportune moment”. According to Ponemon Institute, the average “dwell time” for a company to become aware of a cyber breach in its system is 206 days. However, it may well be the case that this figure has increased over the course of the COVID-19 crisis. This is because many businesses may not have prioritised cybersecurity during this time. Additionally, their IT and security teams may lack the ability to identify the latest endpoint-focused attacks.
A concern for cybersecurity policeIt is not just cybersecurity professionals who are concerned about the number of businesses that may have been infected with malware over the course of COVID-19. Senior cybercrime police officers have been making their feelings known about the dangers that can be on the horizon for companies across the UK. “One of our concerns in the UK is the number of businesses that have been abandoned,” said Peter Goodman, chief constable for the Derbyshire Constabulary and National Lead for Cyber Crime. “Because IT and cyber-specialists have been off, and whole premises have been shut down, we do anticipate that there may be some malware sitting on people’s systems as they get back to work”.
Dormant malware – Understanding the nature of the threatA huge number of employees have been working from home due to government restrictions and recommendations regarding social distancing. However, as restrictions have been gradually lifted, these employees are slowly returning to the office. And whilst this might be seen as positive for business, it could be a problem, too. Employees returning to the office post-lockdown will begin to connect to corporate networks. If cybercriminals have been lying dormant on devices, they will then be able to use this opportunity to move through the network and cause more serious damage such as by deploying ransomware. Over the course of the pandemic, there has been a substantial rise in malspam campaigns distributing malware such as Emotet and Trickbot, among others. These threats can be extremely difficult to detect without strong endpoint visibility across employee devices. These capabilities are simply something that many businesses do not currently possess.
Are businesses too reliant on traditional antivirus software?One of the reasons that organisations remain at risk of the latest cyber threats is due to their current reliance on traditional antivirus solutions. Whilst antivirus software has been – and remains – an important aspect of cybersecurity for companies, it cannot be seen as a silver bullet that will keep an organisation entirely secure. When a business is over-reliant on antivirus software, it can lead to some fileless and polymorphic malware being missed by our defences. Antivirus works by identifying the signatures of known malware. But these forms of malware do not have static signatures and constantly change. As such, they cannot be detected by antivirus solutions. In order to deal with these sorts of threats, businesses must look to identify and respond to them by leveraging next-generation solutions such as Endpoint Detection and Response tools that utilise a behavioural-based approach to detection. This is a proactive form of cybersecurity. By monitoring activity in the system, the cybersecurity solution can determine normal behaviour and also recognise dangers from unusual activity.
What else should businesses do to mitigate return to work security risks?As well as updating antivirus signatures, businesses should review and update firewall rules. (These may have been relaxed during lockdown.) It is also important to conduct daily vulnerability assessments, either themselves or through a vulnerability management service. Doing so will help them to identify vulnerabilities, such as unpatched software and the use of weak credentials, that may not have been identified during the lockdowns.
Final thoughtsAs staff return to the office, it is essential for businesses to prioritise the potential cyber threats that could be waiting for them. It is a great idea to work closely with cybersecurity specialists to ensure that your organisation is as prepared as possible.