As the coronavirus pandemic continues to sweep the globe, all the countries have requested from the general public to strictly adhere to social-distancing measures; and the businesses have requested their employees to work from home. This unexpected situation has resulted in an unprecedented shift in a whole new set of cybersecurity challenges.
Think very carefully before clicking on a tempting link purporting to be from the World Health Organization (WHO), or similar, with positive information about the cure for COVID-19.
The lack of IT resources can worry many companies as they move to enable remote strategies. And when majority of employees are operating outside the company perimeter, managing device sprawl, and patching and securing many endpoints, becomes a much a bigger challenge for the CEOs and CIOs. According to Global Threat Index of a leading security solutions provider, cyber-criminals are exploiting the global epidemic by spreading malicious activity and launching spam campaigns relating to the outbreak of the virus.
It is visible that companies are rushing to update their policies to reflect the current landscape and ramp up contingency plans. During this Covid-19 pandemic, it’s vital that companies do not overlook the importance of cybersecurity when determining business continuity measures.
Cybercriminals will continue to use Covid-19/Coronavirus as an opportunity for malicious cyber activities. Since many employees are working from home, the IT/Security Team must be advocates for good cyber hygiene. The Cyber Criminals have also started to increase the HR email traffic regarding the pandemic to imitate the employee communications.
Companies are under the impression that the following basics shall keep them secure.
1. Remote workers access the company network through a virtual private network (VPN).
2. Multifactor Authentication should be enabled for all devices and accounts.
3. Advise Employees to Secure the Internet Connection at Home.
4. Alert employees to possible email scams.
5. Update Security Systems
As the reality of enterprise-wide remote work potentially looms, organizations must be proactive since the above-mentioned basics are not sufficient against the Advanced Attacks.
Let us think for a moment as to how we would define an advanced attack? Would an attack that utilized a zero-day be deemed advanced? and would an attack that utilized four zero-days be considered even more advanced? how about malware that is not detected by any antivirus solution? or could the definition of an advanced attack be based on something completely different like the goals of the adversary and their agenda?
Infopercept Consulting having established its footprint across the globe, has a Team of experienced Cybersecurity experts who works around the clock to ensure that the Digital Assets of all the clients are secure from security breaches. The Core Team of Cybersecurity Experts which include Jaydeep Ruparelia, Jiten Bhalgama, Deepak Bhavsar and Satykam Acharya has been able to come out with an Antidote to fight the current WFH2020 malwares.
The Team of Cybersecurity Experts from Infopercept commented that; the truth of the matter is that an advanced attack is a subjective term that depends on the perspective of the beholder. In essence, what qualifies as an advanced attack changes for every individual out there and in practice and thus it also changes for every organization (and that includes security vendors too!). Subjective matters can often be described as matters that are influenced by relationships – an advanced attack is the relationship between the investment of the adversary in the attack and the investment of the organization in security. When an adversary makes an investment to break security and they manage to infiltrate a specific network then this means they conducted an advanced attack against that specific organization’s network, does this mean that same attack would manage to compromise a different organization in the same manner? we can’t be 100% sure, but we do know it impacted that organization, so for that organization this was an advanced attack – an attack that is more advanced than the security measures the organization implemented.
Supun Rajapaksa the Country Director of Client Engagement at Infopercept Lanka commented that; Infopercept can provide an additional layer of security for the clients using a patented solution that’ll ensure the focus of the hackers is diverted to a decoy. Using Deception Technology, we can provide Actionable Intelligence to the Executive Management, Strategic Decision Makers, Tactical Teams and GRC Teams; so that the teams can protect their Digital Assets without any harm.
It is in the best interest of all parties that overcome the pandemic of the Physical and Digital worlds.