COVID-19 security tips: Ensure you sack your staff without leaving their IT access enabled, says Secureworks
Infosec biz issues mildly off-the-wall guidance for incident responders
The global switch to remote working in early 2020 gave hackers a whole new set of juicy ransomware targets.
Or so says Secureworks, which throughout 2020 has, perhaps counterintuitively, insisted there has been minimal uptick in cyber activity from malicious people, stating in its research The Effect of COVID-19 on Incident Response that "data on confirmed security incidents and genuine threats to customers showed the threat level largely unchanged from before the pandemic."
Rather, reckons the company, the near-overnight shift to remote working triggered by the pandemic has created a whole set of poorly understood IT infrastructures lashed together in a hurry and therefore containing large numbers of hidden vulnerabilities – vulns that infosec bods ought to be hunting down, in Secureworks' view.
Barry Hensley, Secureworks' chief threat intelligence officer, said in a canned statement: "Against a continuing threat of enterprise-wide disruption from ransomware, business email compromise and nation-state intrusions, security teams have faced growing challenges including increasingly dispersed workforces, issues arising from the rapid implementation of remote working with insufficient consideration to security implications, and the inevitable reduced focus on security from businesses adjusting to a changing world."
Secureworks especially highlighted the use of personal devices on corporate networks, hasty adoption of cloud-based enterprise productivity suites such as Microsoft Office 365 359 and the inevitable rise of COVID-19 themed phishing lures.
"Adversaries exploit natural and man-made disasters to target people’s emotions," stated the report. "Fear, sympathy, and anger are often heightened in these situations, and the COVID-19 pandemic is no exception.
"Educate employees at every level about the heightened risk of COVID-19-themed phishing attacks, show them how to identify potential phishing, and tell them where to go with any security concerns" – with the latter meaning set up an internal reporting function for suspicious emails and messages, rather than the traditional non-IT management response to suggestions of spending money on good things.
Secureworks' recommendations for securing a remote IT estate will sound wearily familiar: enable MFA; secure remote access methods; and enforce secure access controls to cloud services.
More offbeat are its other suggestions, which include strengthening "remote termination processes" to ensure emotional ex-staffers can't go on the rampage after you sack them over Zoom, and making thorough plans for remote incident response – including how to quickly kill shared folder synchronisation and identifying key process or personnel bottlenecks that will need bypassing in case of ransomware, or worse.
"The pandemic has changed the way the world works, but cybersecurity threats are largely the same," noted the firm. ®