网络安全 Challenges Due to Increased Remote Workforce

As personnel related mandates in response to mitigating the spread of coronavirus (COVID-19) continue to progress, businesses from virtually every industry and vertical have drastically pivoted to fully remote working environments for the foreseeable future. Safeguarding workforce health remains at the forefront of the widespread initiative, while stakeholders are also now categorizing telework as an essential practice for maintaining standard operational procedures and profitability amid the public health crisis.

Though the benefits of remote working capabilities remain undisputed, organizations currently operating in wholly remote environments due to COVID-19 unfortunately should now consider preparing new defenses. 最近开发的, highly sophisticated cyber threats unique to the outbreak, have been presenting unexpected challenges for organizations that have shifted to a fully remote workforce.

COVID-19目标网络钓鱼

While remote employees presumably possess a fundamental grasp on basic phishing techniques, it is imperative they heighten vigilance for COVID-19 themed malicious attacks as employees begin to navigate new remote working environments. Such attacks have surged by the thousands over the course of the last few months as more information about the virus continues to surface. COVID-19 targeted phishing is the latest extortion scam that cyber criminals deploy as some have begun threatening targets with exposure to the virus if their lofty demands are not met in a timely fashion. These threat actors sadly are notorious for exploiting the timeliness of current events, hot topics and notable occasions in their social engineering strategies.

During a recent malicious COVID-19 targeted phishing campaign, scammers crafted a Ministry of Health branded email communication with a relevant subject line that read: “Coronavirus Latest Updates,这句话在收件人看来是合法的. The information within the email was deemed valuable as it went on to list recommendations on how to prevent the infection. 用户不知道的, the attachment on the fabricated email communication carried harmful malware.

从安全协议中分心

作为业务推动者, technology has quickly been thrust into the forefront as companies scramble to maintain standard operating procedures and abruptly move to a full remote environment. It is critical that operational distraction from security protocols does not occur. Many organizations have foundational cybersecurity controls in place, 然而, may need to re-prioritize them considering new COVID-19 related threats.

另外, it is not uncommon for executive management to push IT to ensure the workforce can be productive, rather than focusing on potential security risks. 一个合乎逻辑的方法, organizations must focus on creating a strong set of protections on the edge of their networks. In order to adapt to a fully remote and distributed workforce, the focus should be primarily on protecting end-user devices and applications and how they access corporate assets and data. 通过关注网络边缘, organizations can reduce the likelihood of a security compromise during this new reality of a fully remote workforce.

影子IT -未经批准的远程访问方法

随着远程访问需求的急剧变化, organizations will likely be faced with employees attempting to stand up third-party services in an unapproved manner. Often, this will not be a nefarious action as employees are doing their best in this “new normal”. 然而, 这就把责任推给了安全团队, who should continue to monitor for unauthorized vendor connections and services through regular vulnerability scanning and proactively engaging business units.

Designed to exploit a distracted and fearful user base, these recently developed COVID-19 cyberattack strategies and campaigns possess the ability to compromise the integrity of a business’ networks, 程序和数据. Organizations placing precedent on the protection of their cybersecurity framework will likely prohibit such attacks. 

For more information on mitigating the likelihood of a cyber related attack, contact 凯时k66登录’s 导演 of IT 风险 Services, 亚伦克尔在 akerr@www.piitasdrums.com.