The current global coronavirus (Covid-19) crisis has exposed many flaws and gaps in the way businesses operate, but what has become glaringly apparent is how many organisations are simply not adequately prepared to handle the cybersecurity requirements of a remote workforce.
By Pankaj Bhula, Check Point regional director: Africa
A paradigm shift in the working environment
With a global and African workforce now largely working from home, the door has been swung wide open for cybercriminals to capitalise on security weaknesses created by the increasing number of devices accessing company networks for the first time.
While a move towards digitally enabled workplaces and the resultant digital process has been ongoing for organisations over the past few years, many have been caught flat-footed and ill-prepared in the face of increased security threats. A Check Point survey conducted by Dimensional Research shows that 71% of IT and security professionals reported an increase in security threats related to remote working.
Both Interpol and Europol have warned of a huge spike in Covid-19 fraud. In fact, according to Check Point’s Threat Prevention technologies, since the last week of April, there have been 192,000 coronavirus-related cyber-attacks per week – a 30% increase when compared with previous weeks.
This includes websites with corona or covid in the domain, files with ‘Corona’-related file names, and files that have been distributed with coronavirus-related subjects in their email.
Cybercriminals will always exploit a crisis
Like death and taxes, you can rely on cybercriminals to always capitalise on the latest trends to increase their success of attacks. The infodemic that the Covid-19 crisis has unleashed is a prime example – the massive consumption of data and stories related to coronavirus information is a gateway for cybercrime.
Information can be a powerful weapon, but cybercriminals are taking advantage of the appetite for knowledge to launch massive campaigns that aim to benefit from fear and hyper-consumption of information related to the virus, predominantly using phishing and malicious domains.
New phishing campaigns are using reputable organisations like the World Health Organisation as a front to lure victims. Phishing attacks are also moving beyond email, as cybercriminals use a variety of other attack vectors to trick their intended victims into giving up personal information, login credentials, or even sending money. Increasingly, phishing involves SMS texting attacks against mobiles, or use of messaging on social media and gaming platforms.
Cybercriminals are preying on the obsessive worldwide interest in coronavirus themes, using them to lure people to download malicious applications and files, or click on malicious links in the name of obtaining information.
Almost 20 000 new coronavirus-related domains were registered since the end of April – and 17% of those are malicious or suspicious. Impersonating popular video conferencing apps like Zoom and Microsoft Teams is a popular choice for cybercriminals, often using phishing to get the victim to click on a link that either delivers malware or that trick the user into revealing sensitive information.
Attacks are increasingly sophisticated
There’s a perception that African organisations are somehow less vulnerable to attacks than those in other continents,, but this belief is misplaced. Looking at a breakdown of impacted organisations according to malware type, Africa scores above the global average consistently. For example, 22% of African organisations are impacted by mobile malware each week, while the global average is around 6.5%.
On average, our research shows that over the past six months African organisations were attacked 1 310 times a week – a rate that’s far higher than the global average of 502 attacks a week. April alone saw a peak of 20 000 daily coronavirus-related cyberattacks.
Globally, we are in the midst of a 5th Generation (Gen V) cyber-threat landscape, with Gen VI attacks already starting to pop up. Gen V attacks are large-scale across countries and industries, and they are multi-vector, targeting networks, clouds and endpoint devices. Everyone is a target, and no one is immune. We also need to be ready for Gen VI attacks that exploit advanced 5G mobile networks and the always-on connectivity between smart devices, IoT devices, networks and cloud.
The reality is that most organisations are protected only against Gen I to III threats, which use only anti-virus software, firewalls and intrusion prevention for protection – not enough for the challenges ahead.
There’s a lack of security for mobile devices, and a lack of understanding of cloud solutions and the security responses required to secure cloud-based sensitive data. Typically, organisations rely on multiple clouds, both public and private. Each has its own set of features and security measures, and it is challenging to ensure that these are aligned with the organisation’s own security stance and risk appetite, not forgetting the multiple endpoint devices involved.
Attacks are happening across a range of channels – cloud, mobile and the e-commerce ecosystem. Organisations need a security solution that is robust and operates across channels if they hope to create the most secure possible experience for their staff, customers and sensitive data. They must implement a security strategy to secure all devices and ensure the highest level of protection for corporate data. This is especially the case now with so many people working remotely.
There are no second chances in cybersecurity
The best protection is based on prevention. Blocking threats before they can cause damage is paramount, using automatic and immediate threat intelligence through new techniques that analyse behaviour at the OS and CPU levels to prevent malware at the exploit phase before it has an opportunity to deploy.
Three steps can help organisations to secure their cyber environments. The first is to step up the security level to Gen V. Organisations need Gen V and Gen VI cybersecurity that delivers advanced, real-time threat prevention across all networks, virtual, cloud, remote office, mobile and IoT operations. Check Point’s Gen V and Gen VI protection is focused on attack prevention, to stop attacks from even entering networks, and speed of response.
The second is to simplify and consolidate their security. Reduce the number of security vendors and make sure that all security falls under a single, common architecture. Thirdly, invest in the ability to prevent attacks, rather than detect them.
The unvarnished truth is that cyberattacks will continue to grow, and organisations will have to look at radically strengthening their cyber defences around critical infrastructure. The good news, however, is that implementing these controls and measures will go a long way to helping businesses keep their remote workforce safe.