Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.
“The current pandemic is not only a serious health issue, but potentially a major cybersecurity risk,” said Ajay Bhalla, president of cyber and intelligence for Mastercard.
Fear and stress are on the rise amidst the COVID-19 pandemic. New research from Microsoft indicates that every country in the world has seen at least one COVID-19-themed attack – these attacks, including the increase of phishing lures, are capitalizing on fear. What can defenders and protectors of information do? According to Microsoft, “defenders require visibility across each of these domains and automated correlation across emails, identities, endpoints, and cloud applications to see the full scope of compromise.” Many solutions are found in the products, software, and services organizations use every day, including anti-malware software and multi-factor authentication.
The newest COVID-19 phishing attack is based on emails coming from the White House. As a Security Boulevard article reports, INKY CEO Dave Baggett said these phishing attacks appear to be coming from Russia. He said, “These COVID-19 phishing attacks represent a new low for cybercriminals in that they prey on the anxieties of individuals working at home to compromise credentials and spread malware.”
Two agencies, the U.S. Cybersecurity and Infrastructure Agency and Britain’s National Cyber Security Centre reinforced that hackers of all varieties are leveraging anxiety around the outbreak to push people into clicking links and downloading attachments, according to the article in Venture Beat. “The cybersecurity industry has been sounding the alarm for weeks over the threat of coronavirus-themed malicious software and booby-trapped emails.”
“Bad actors are using these difficult times to exploit and take advantage of the public and business,” Bryan Ware, CISA’s assistant director for cybersecurity, said in a statement.
Industries with critical infrastructure are at greater risk during the pandemic
Critical infrastructure industries, such as oil and gas, manufacturing, and utilities, are at a bigger risk, according to a TechRepublic article. Dave Weinstein, chief security officer at Claroty, reinforces that IT security teams need to make sure there is an identity management solution in place, especially as employees have to access systems remotely. He recommends:
- Amp up remote access management security protocols, such as not sharing passwords in plain text and unique IDs
- Use VPN technology and ensuring you have the latest patches
- Have secure passwords on wireless routers
- Run up-to-date equipment
Don’t cut cybersecurity spending
Now is the time for companies of all sizes to pause and look at the security of their network, and take inventory and assess tools and vendors. A new study by Ponemon Institute, The Economic Value of Prevention in the Cybersecurity Lifecycle, shows that preventing cyberattacks strengthens organizations’ security posture, yet the majority of organizations are focused on detection and containment. “This study shows that the majority of companies are more effective at containing cyberattacks after they happen because it is perceived to be more accountable,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “This explains why cybersecurity budgets focus on containing attacks rather than preventing them, as well as the increased rate of breaches despite investments in cybersecurity solutions.”
Best practices for a remote workforce
Chief human resources officer at Verizon, Christy Pambianchi, is working from home with 134,000 colleagues due to the pandemic and has these best practices to share, according to an article by Larry Dignan in ZD Net:
- It’s hard to plan for a pandemic and moving 135,000 people remote so you have to just leap. Verizon moved telesales, customer care, solutions specialists and staff functions remote. IT also went remote as did a lot of retail associates.
- Remote work means remote training. In the last week, Verizon put 25,000 workers through virtual training on how to perform their roles.
- Be patient and flexible. There will be distractions, there will be barking dogs and there will be kids on your video calls. Move on.
- Gear has to get to the front lines. Pambianchi said Verizon allowed front line folks to “home garage” instead of coming to a central office to batch tickets, tools, and equipment for the day. Verizon also had to get laptops and cameras to folks to enable online work and support from home.
- Hold office hours and take questions. Pambianchi has an “Ask Christy” inbox and executives film a video for employees on key topics.
- This move to remote work can speed up digital transformation. “I’m kind of excited about looking at this as an innovation opportunity, versus just a disruption,” said Pambianchi. “We’re learning a lot of new things.”
- Video is “not as bad of a substitute” for face-to-face meetings. That said, Pambianchi expects a premium to be placed on in-person connections once the pandemic is over.
- Orthodox rules will be rethought. These orthodoxies are all over the place within corporations, but the move to remote work will likely enable a more decentralized Verizon and create more of an internal skills market for expertise, she said.
- Be patient. “People are scared right now,” said Pambianchi. “We’re just encouraging our coworkers to be patient with each other because stress and anxiety come out in different ways. And as everybody’s flipping to this new normal, while also facing what may be some personal risks, we’re trying to make sure we just all exercise patience with each other.”
Partner blog of interest: Crowdstrike: Communication Is Key to Keeping Remote Workers Safe and Secure