Coronavirus and Cyber Attacks Share a Common Weakness: Good Hygiene
The coronavirus – also known as COVID-19 – has been inescapable lately. What you may not know, however, is that global human health pandemics can also infect the cybersecurity world. For instance, coronavirus-related phishing attempts are on the rise, as hackers seek to exploit the ambient anxiety circulating through society for their own nefarious ends.
Fortunately, the prescription for health in both cases is identical: Vigorous and consistent hygiene.
What Personal Hygiene, IT Hygiene and Cyber Hygiene Have in Common
Personal hygiene is key for staying healthy. By keeping your hands and face clean, you help close off the “attack paths” the coronavirus (or any other virus) will use to invade your body.
Computer systems need the same type of regular hygienic care, except instead of hand washing, they require constant monitoring and maintenance. Such tasks fall under the broad umbrella of IT hygiene. In both cases, it’s a matter of performing routine care to ensure the whole system runs smoothly.
While basic IT hygiene helps ensure systemic health, cyber hygiene extends this concept to security processes such as virus scans, security patches and password management, helping to keep IT free of malware and other digital pathogens.
Most security countermeasures are associated with commonly known cyber hygiene practice. Patching, for example, should be done early and often, just like hand washing. Endpoint protection policies need to be supported by consistent enforcement of those policies.
Security controls, in this sense, resemble an immune system. Without vitamins and regular sleep, your immune system cannot effectively defend against pathogens. Without frequent checks to see if they are performing their designated tasks, security controls cannot be expected to effectively defend against outside attackers.
A Different Kind of Opportunistic Infection
While the emergence of the coronavirus has mobilized people to work together to slow the spread of the disease, hackers have also done their homework and seized the moment to launch opportunistic attacks.
A recent Recode report showed that 4,000 coronavirus-related Web domains have been registered in 2020. Three percent are considered malicious, and another five percent are considered suspicious.
That makes these sites more than twice as likely to be malicious than any other domain type registered over the same period. Hackers have also been caught sending out phishing emails falsely claiming to represent the World Health Organization and the Centers for Disease Control. The idea is simple, yet devious: People are worried about falling ill, and thus are more likely to click an email from a medical authority without thinking twice.
To defeat these attempts, it’s imperative to be extra vigilant. Phishing emails have become almost indistinguishable from the real thing, with phony email addresses and embedded website links that appear valid (such as using “cdc-gov.org” rather than the legitimate “cdc.gov”). Yet instead of taking you to the CDC’s website, they often refer you to a fake Outlook page where they attempt to harvest your log-in credentials.
In addition to closely scanning email and web domains, recipients should also practice good hygiene by looking for poor grammar or stilted language – eternal hallmarks of the phisher – as well as several other measures.
Due to COVID-19 concerns, many organizations have decided that working from home is now mandatory for some or even all employees. Others have been strongly encouraging it. In both cases, this can become a big issue if not done properly.
For instance, it leads to easier breach points into their network, as the employee’s personal environment is not managed security-wise. Another risk is that the security team, responsible for monitoring the network, will be short-staffed or forced to work remotely, potentially missing security incidents.
A Course of Digital Prophylaxis
So what’s the equivalent of an economy-size bottle of Purell hand sanitizer and an N95 mask in the world of IT and cyber hygiene? We suggest you start by doing the following:
- Make good use of robust permission management methodologies and password management systems. Limit users as much as possible in a managed domain network and reduce your administrative accounts to a minimum. Good examples of implementing a good authentication policy are multi-factor authentication, password rotation and monitoring and alerting for failed login attempts.
- Help employees learn the basics of good IT hygiene. Training is not only one of the most impactful tools we have against cyber-attacks, it is also one of the most cost effective. Unfortunately, it’s also one of the most overlooked. Good security practices are much like personal hygiene routines; it’s not enough to simply know what to do. These practices must be reinforced until they become a habit.
- Create a security policy specifically designed for remote workers. Among the essential security clauses that should be included in your remote work policy, you must clearly define which positions are eligible for remote work, list the tools and platforms they should be using, and provide employees with steps to follow at the first signs of account compromise.
- Deploy cutting edge security tools. Imagine if we had the ability to view our own immune system through the perspective of a virus, allowing us to identify the areas where our bodies are most susceptible to infection. It sounds like a great way to protect ourselves, right? In the realm of enterprise cyber hygiene, a tool exists that offers something much like this: Breach and attack simulation platforms. These advanced security tools allow organizations to see their defenses through the eyes of a hacker by launching the simulated attacks on the real live environment, and not on some “controlled environment” made of synthetic simulators that fail to mimic the actions of daily usage. By simulating attacks on an ongoing basis, organizations discover where they are most vulnerable — and can then take their medicine (otherwise known as prioritized remediation steps).
Purple Team Automation
XM Cyber provides the first breach and attack simulation (BAS) platform to simulate, validate and remediate attackers’ paths to your critical assets 24×7. XM Cyber’s automated purple teaming aligns red and blue teams to provide the full realistic advanced persistent threat (APT) experience on one hand while delivering vital prioritized remediation on the other.
Addressing real-user behavior, poor IT hygiene and exploits, the full spectrum of scenarios is aligned to your organization’s own network to expose blind spots and is executed using the most up-to-date attack techniques safely, without affecting network availability and user experience.
Coronavirus may be dominating discussions, but don’t allow it to overshadow the need for smart security practices. The risk to organizations is even higher in times of uncertainty, as hackers will leverage anxiety to further their malicious ends – as we’ve seen with the WHO/CDC phishing attacks.
Ultimately, the prescription for a healthy body and healthy IT system remains the same: Vigilance and diligence in all matters pertaining to hygiene.
Marcus Gilban is Head of Marketing Communication, XM Cyber