A guide to protecting your business in the digital universe

Impact of COVID-19 on Cybersecurity

By Nicholas Ruwan Dias, PhD, and Niresh Eliatamby, MBA

Commonwealth states are among those most targeted by cyberattacks, especially India, Pakistan, Bangladesh, Kenya, Tanzania and Sri Lanka. Five of the top ten states affected by ransomware in the first half of 2019 and three of the top ten states affected by Malware in 2017-18 were members of the Commonwealth.

A single cyberattack can destroy your business. You need to do more than just fix a virus guard and hire an IT manager. Neither do you need huge investments. Simple activities such as vulnerability testing, patching and correct configurations can prevent 80 percent of data breaches.

Global Highlights

• Worldwide spending on cybersecurity is going to reach $133.7 billion in 2022 (Gartner).
• 68% of business leaders feel their cybersecurity risks are increasing.
• Data breaches exposed 4.1 billion records in the first half of 2019. (RiskBased)
• 71% of breaches were financially motivated and 25% were motivated by espionage. (Verizon)
• 52% of breaches featured hacking, 28% involved malware and 32–33% included phishing or social engineering (Verizon).
• Common causes of data breaches are Weak and Stolen Credentials, a.k.a. Passwords, Back Doors, Application Vulnerabilities, Malware, Social Engineering, Too Many Permissions, Insider Threats, Improper Configuration and User Error.
• 69% of organizations don’t believe the threats they’re seeing can be blocked by their anti-virus software (Ponemon Institute).
• The banking industry incurred the most cybercrime costs in 2018 at $18.3 million (Ponemon Institute).
• 92% of malware is delivered by email (CSO Online).

Cyber Security Challenge

Cyber threats are continuously evolving. The COVID-19 is no exception and poses a major challenge for cybersecurity.

It is important that each business leader takes measures to ensure that their organisation continues to run securely and that remote employees have a seamless home working experience. Security experts can help organizations with the most urgent challenges associated with smartphones, tablets, laptops and other remote infrastructures when they require the right strategy or a comprehensive security team.

Banking Sector

One of the most targeted sectors is the Banking Sector due to the change of human behaviour, for example the increase in purchasing online versus physical purchases; and the need for banking staff to work from home; and when they are accessing the systems from within the banks. 

Two types of banking threats were identified by researchers- External and Internal.

External threats

• Bad actors’ goals
  • Access your system
  • Steal personal information
  • Lockdown computer with ransomware

Countries with highest share of users attacked with ransomware from 2017 to 2018

Source: Statistica Jan. 2020

• Malicious Transactions
  • Imposter scam-advantage on negative situation, e.g. sending emails pretending to be from WHO to share new information about Coronavirus; sending emails as though are from government agencies  or officials to collect personal information
  • Product scams – fake shops and websites, coronavirus vaccines, surgical masks (trying to steal personal information)
    
    
• Cybercriminal attacks
  • Phishing attack – coronavirus advisory issue
  • Spread malware
  • Steal login credentials – Fake calls from banks
  • Engage in financial fraud

Top 10 countries by share of users attacked by mobile malware Q2 2019 (source: Kaspersky)

Actions for outsider threats

• Deploy or reinforce protective measures to address vulnerabilities
  • Identify vulnerabilities on your current environment
• Leverage available resources to monitor and identified threats
  • Endpoint protection, sensitive information (backup)
• Review/ revise/ test incident response plan
  • Can you execute remotely?
    • Internet response plan (Hybrid protection Plan)
    • Contact details (In case technical staff are unavailable) / practicing simulation exercise
    • Backup strategies
    • Personal PC / Office PC
    • VPN Connection
    • Wireless / Router protection
    • PC endpoint protection (Virus update)
    • OS patch updates
    • Deal with third party – Role-based Management controls

Internal Threats

Company employees are consistently identified as one of the main vulnerabilities that compromise company and client financial data.

This threat increases given the number of employers working from home (WFH).

• Using personal devices lacking same security as company issued device
• Forwarding sensitive business and client information to personal accounts
• Failure of Conference calls – ZOOMBombing
  Eavesdropping attacks on private conversations or secret contact with people without their permission.
  • Do not use the same security codes to access the conference call.
  • One time pincode creation.
  • Meeting identification code (its adding additional layer of security)
  • MFA conference call (to make sure that all appropriate members in )
  • New Attendees join – Notification or set a tone.
  • Turn off third party home devices (e.g.: Alexa/ or Google home)

Recommended Actions

• Review policies and procedures and revise as necessary
  • Using personal devices for corporate use
  • Storing personal credentials in websites
• Assess infrastructure necessary for work from home
  • VPN- The banking virtual private network services provide a wide range of  protection and enhanced bank network security services.
  • MFA- Multi Factor authentication
  • MDM- Mobile device management (mobile wipe data in case you lost the device.
  • BYOD- Bring your own device (when will you have to use it)
  • Temporary vendor access/ resign employee (access disable)
• Educate / train employees
  • Recognise outside threats (periodically tech upgrade/ newsletter)
  • Communication with IT teams (awareness programme)
  • Established Secure connection

People Vulnerabilities & Action

• Unknown assets on the Network – asset registers (security update & OS patches, security device ports are open, activate firewall)
• Abuse of User Account Privileges (intentional leaks and misuse of account privileges, sharing of super passwords/ hardcode super passwords), policy of least privilege
• Unpatched Security Vulnerabilities (Application is not updated/ vendor systems not updated)
• A Lack of defense in depth (network is structured with strong segmentation)
  • Separate your most important system data separately
• Insufficient IT Security Management
  • Internal IT security team to manage all of an organisation’s needs can be expensive.
  • It’s a time-consuming process.
  • Qualified professionals are in demand

Application and Networking Attacks

• Inbound attack is a first move towards traditional defeats in depth, such as firewalls of the next generation, antivirus (AV), network gateways and even modern sandbox technologies.
• Advanced cyber-attacks are planned to bypass the conventional protections of the network.
• Next-generation cyber-attacks target specific individuals and organizations to steal data.
• Bad actors used various channels such as the internet, e-mail, and malicious files, and responded quickly to zero day vulnerabilities and others.

Advanced Cyber Attacks

Advanced cyber-attacks succeed because they are carefully planned, methodical and patient. Malware used in such attacks:

• Settles into a system
• Tries to hide
• Searches out network vulnerabilities
• Disables network security measures
• Infects more endpoints and other devices
• Calls back to command-and-control (CnC) servers
• Wait for instructions to begin network data extraction
• By the time most organizations realize they’ve suffered a data breach, they have actually been under attack for weeks, months, or even years.
• Most traditional defense-in-depth cybersecurity measures, such as AV or next-generation firewalls, fail to use signature and pattern-based techniques to detect threats, and don’t monitor malware callbacks to CnC servers.
• Advanced cyber attacks take many forms, including virus, Trojan, spyware, rootkit, spear phishing, malicious email attachment and drive-by download
• To properly protect against these attacks, defenses must monitor the entire life cycle of the attack, from delivery to call backs and reconnaissance, to data exfiltration.
• Adaptive defense monitors the entire life cycle of advanced attacks to help organizations detect, analyze, and respond to cyber attacks. Proposed tools are the Security information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR).

Email Protection

• Scanning and Configuration
  • For protecting mailboxes against SPAM and malware
    • Proper Domain name system (DNS) configurations for Sender Policy Framework (SPF)
    • DomainKeys Identified Mail (DKIM)
    • Domain-based Message Authentication
  • This technique helps to protect against phishing attacks.
• Use Strong Authentication
  • Password complexity requirements, multi-factor authentication (MFA), and conditional access policies are all required
  • MFA helps restrict malicious use and limit the damage (phishing attack).
• Data Protection, Encryption and Leakage
  • Outbound emails are leaving the end user environment on a daily basis. 
  • Data Loss Prevention (DLP), Rights Management, and Email Encryption serves to provide protection and management awareness, while helping to better manage associated risks.
• Response, Monitoring, and Auditing
  •  Automating response tactics combined with mailbox auditing help to ensure that when an infected email hits the organisation network, users are able to automatically prioritize remediation.
• Network Analytics and Visibility
  • its ability to continuously analyze threats and monitor traffic trends are important to your email security strategy.
  • URL-based threats should automatically be analyzed to protect against malicious content.
  • Real time analytics help to block infected emails that have been received.

• Comprehensive protection from BEC threats
  • Threats from Business Email Commitment (BEC) use social engineering to make end users act. It is a threat to phishing, where cyber criminals are forcing workers or consumers to reveal or move confidential data.
  • IT surveillance, user education, understanding and testing help users to become more intelligent.
    

Cybersecurity End-User Model

The authors have devised the following model by which businesses could strengthen their cybersecurity.

International Conventions on Cybersecurity

While legislation on cybercrime differs from state to state, a number of international conventions have been set in place over the past several decades with regard to global cybersecurity. Many of these have been incorporated into the domestic legal regimes of member states of the Commonwealth.

• United Nations Electronic Communications Convention (UNECC)

Based on the UNCITRAL Model Law on Electronic Commerce of 1996, this was designed to be more relevant to cybersecurity.

• Budapest Convention on Cybercrime 2001

Authored by the Council of Europe with assistance from several states including the USA and Japan, it has been ratified by 63 nations but has not been ratified by India, Russia and China.

There are also several international conventions set up by regional bodies including the African Union, Arab League and Commonwealth of Independent States.

Conclusion

The dynamic nature of the digital universe must be taken into account. Every new protection technique spawns a new hacking technique designed to get through it. Countries and businesses must always be a step ahead of them in order to beat cyber criminals.

(Copyright Nicholas Ruwan Dias and Niresh Eliatamby)