As millions of Canadian workers are migrated to remote home work environments amidst the covid-19 outbreak seen the world over, new pressures and strains are pushed onto computer networks, IT teams and organizations of all sizes.
With the pressure for rapid mobilization of the Canadian workforce, to the home-based office, with the primary goal of business continuity, IT teams find themselves overstretched and unable to keep up with updates to their networks, potentially leaving their companies vital intellectual data and resources vulnerable to an attack.
Industry experts believe that malicious parties will see this as the opportune moment to act, as has been demonstrated already and discussed in previous Packetlabs blogs surrounding the pandemic, carefully crafted phishing campaigns and malware.
Malicious Parties Often Lie Dormant
Unfortunately, this is not the only threat that an organization needs to be aware of. Carefully calculated cyber criminals are also happy to “wait it out”. To be clear, a malicious party may not always seek immediate reward for their efforts. A well-planned attack may involve periods of dormancy, reconnaissance and waiting. The more intellectual data that a hacker can collect, the more they can learn about a less-than-secure-environment, and, eventually, the greater the chances are that they can profit in their objectives.
By now, we’ve all seen the images of overworked nurses and medical staff, with pressure sores on their faces from protective medical gear worn during double shifts. Similar stresses are being felt by many overworked IT staff, and cybercriminals the smell the blood in the network. Mistakes are being made, patching and routine updates are being neglected and, with mass layoffs seen country-wide, the overall reduced state of security in the country, and the rest of globe is no secret. Many non-essential businesses, who may or may not have completely closed shop could find themselves are easy targets. Further, those businesses who do remain open may find their own set of challenges with staff use of personal devices and services which would otherwise be forbidden due to less than ideal security measures. All of these challenges, again, provide attackers with plentiful opportunity to avoid detection, potentially for very long periods of time.
Our previous Packetlabs blog, surrounding the coronavirus pandemic, discussed the immediate uptick in phishing campaigns and malware scams against businesses, however, this is only the very tip of the iceberg. While many attackers may have chosen to use ransomware for an immediate payout, more refined, potentially, organized crime and state-actors are likely more than happy to wait it out.
By slowly infiltrating organizations, these actors could use the current state of turmoil to carefully penetrate networks and unobtrusively search for bank account numbers, personal information, trade-secrets and other details that are invaluable to any organization’s success, in the long and short term. Slowly and steadily, these malicious parties will be siphoning off this precious data as discreetly as possible, or simply wait, in ambush, to hit all vital assets in one carefully calculated attack.
As well, we must also consider that some actors will be more than satisfied to simply utilize this opportunity to lie dormant for months, years or more. Some attackers may even consider simply assuming a fly on the wall position, collecting private information that could see them with valuable details that could see them profit in the stock market. The motives of any malicious party are often diverse and long-reaching.
Cybersecurity Teams Spread Thin
The question, in this scenario, now becomes, can your organization also play the long-game? With the rapid, and widespread office closures we’ve seen, in what seems to have been a matter of days, has overloaded many virtual private networks (VPNs) with remote workers. As expected, one of the most pervasive question on everyone’s mind is how can we scale up VPNs to handle this rapid surge in traffic?
As mentioned, IT teams are overextended and continue to be pulled between supporting security operations, policing for potential breaches, and aiding scrambling employees to maintain productivity working in a home environment when no on-site IT support. This balancing act, alone, may prove as a next to impossible task for businesses to maintain for any business suffering from shrinking budgets resulting from the obvious economic slowdown. The focus on proactive measures, including system updates, patching and maintenance will undoubtedly lack in many organizations, regardless of their size.
The sour cherry on top of this proverbial covid-curdled mess is that many remote workers will rely on their own home computers, email services and file-sharing accounts. Unfortunately, these personal tools greatly increase the surface area for an attacker to launch an attack, making successful breach much more likely, as cybersecurity teams may not have eyes on.
Mitigating the Damage
At Packetlabs, it is our firm belief that we will see a massive uptick in the amount of company data exploited from Canadian businesses, landing in the hands of those with less than good intentions. There will be no escaping it, so with this in mind, what can your organization do? As in any emergency scenario, we can only manage the manageable and prepare for the worst.
The risk of cyberattack impacts vital business functions, partners, stakeholders and customers. Therefore, failure to adequately secure any business’s digital assets can directly damage customer trust, brand value, and ultimately, long-term business continuity.
In anticipation of the dangers our Canadian businesses are facing, Packetlabs can recommend two extremely valuable considerations. The first, a service, and the second a product.
At Packetlabs, we specialize in preventing attackers from successfully breaching client systems. Our team of ethical hackers are skilled in the discovery, identification and exploitation of vulnerabilities in your organization’s networks, web applications and mobile applications. Once identified, your organization can then use this valuable information to remediate vulnerabilities and drastically reduce the attack surface and ultimately mitigate risk.
The Thinkst Canary
While we believe that penetration testing should be the primary focus of any organization looking to protect themselves from a security breach, in consideration of the current state of affairs in relation to Covid-19, we recognize the value in one product in particular; The Thinkst Canary. The Thinkst Canary has the unique ability of identifying intruders, already in your systems, and reducing detection time, all while requiring minimal monitoring, maintenance and configuration require from IT staff, who, as we have mentioned, may already be overstretched.