As organizations divert resources to other parts of their business, they may be leaving their infrastructure exposed. Even though other concerns may seem more important right now, the truth is that protecting your company’s assets has never been more important. The risk to digital assets during a time of crisis is greater than ever.

Attackers often target the most vulnerable industries whose attentions are elsewhere, making healthcare an obvious target in the current environment. The U.S. Health and Human Services Department recently suffered a cyberattack where a suspected foreign actor attempted to overload their servers with millions of hits over a short span of time. Thankfully, it did not succeed in slowing the agency’s systems, in part because extra precautions had been put in place prior to the attack. Security operations centers (SOCs) have proven critical to everything from global monitoring of the crisis to operations at local emergency rooms, as no part of the healthcare industry can afford to suffer a cyberattack right now.

You may also see focused security solutions like Managed Detection and Response (MDR or XDR), Managed Security Services Providers (MSSPs), or Incident Response services (IR) supporting in house security and network teams. These services bring increased agility in the security space so the teams are integrated and focused on their respective tower. IT extension is very helpful in the security arena to “widen the net,” so to speak, and mitigate risk.

Newly remote employees present a challenge to network security, as they are the most likely way a cybercriminal could access a company’s files. It increases the difficulty in identifying unusual remote logins and detecting credential theft. User behavior and access patterns that have never been seen before are the “new normal.” Security Agents have been challenged to not only address risks associated with a mass move to remote work seemingly overnight, but also to function as a cohesive unit despite many SOCs moving to remote work or limiting onsite staff as well. A disproportionately high number of workers are working remotely outside enterprise security with only single-factor authentication as protection. This vulnerability, paired with increased social media usage and interest in COVID-19 information, creates a perfect storm for cyberattacks.

Most cybersecurity incidents begin as phishing because threat actors take great care to appear authentic. Using trusted organization names (such as the WHO or CDC) or topical events (such as coronavirus) to their advantage are what make them so dangerous and so easy to fall for. Google reported last month that it saw more than 18 million daily malware and phishing emails related to COVID-19 scams just in the prior week—on top of the more than 240 million daily spam messages it sees related to coronavirus. Microsoft also recently warned of a malware campaign disguised as emails purportedly from Johns Hopkins Center with a subject line similar to “WHO COVID-19 SITUATION REPORT.” It comes with an attachment that, if allowed to run, downloads a malicious Excel 4.0 macro and runs NetSupport Manager RAT, which then downloads even more files before connecting to Control Center to await further instructions.

Keeping up your cyber hygiene is as important as remembering to wash your hands frequently and correctly. Security teams should model their approach to keeping users and networks secure on the response of countries and organizations that proved successful in limiting coronavirus exposure. Here’s how:

• The old adage “an ounce of prevention is worth a pound of cure” is true. Identifying vulnerabilities (e.g., employees with limited security training, reduced onsite SOC staff, etc.) and putting additional protections in place is key to preventing issues instead of recovering from them.
• Lack of visibility does not equal lack of security vulnerability. Account for new data sources and new ways of working, and protect new key business enablers, such as remote working platforms or VPNs.
• Stop the spread by finding and quarantining infected hosts early to keep other users safe. Malware is as contagious as the physical virus.
• Combine comprehensive threat intelligence with advanced tools for automation and analytics for maximum effectiveness. AI, such as natural language processing, can automate incident investigations, reducing the burden on stretched-thin security teams.
• Event correlation between all event sources, security tools, ITSM systems, end point management software, etc. needs to be a top priority. Without aggregated logging of the event source landscape and even correlation powering the magnifying glass, the unknowns are too high.
• Now is the time to distribute information or remind employees how to keep their devices “healthy” so that human error doesn’t lead to increased risk.

Has this crisis made your organization consider seeking out a partner that offers complete, end-to-end network and security monitoring, management, and maintenance? GDT’s highly tenured and certified solutions architects, engineers, and security analysts manage the networks and security for some of the most noteworthy enterprises, service providers, and government agencies in the world from our state-of-the-art, 24x7x365 Network and Security Operations Centers in Dallas, Texas. We manage their IT operations through a host of managed services solutions, including service desk support, incident management, vendor management, alerting and reporting, product and lifecycle management, and digital labor and autonomics, so that our customers can move beyond low-value, time-consuming tasks to focus on forward-thinking initiatives that will shape their organization for years to come. Perhaps that’s why CRN recently named GDT to their 2020 MSP 500 list in the MSP Elite 150 category.