How agencies can defend against pandemic-fueled cyber threats
- By Shawn Henry
- May 13, 2020
As the world struggles to curb the spread of COVID-19, seemingly every facet of “normal” has changed. What hasn’t slowed, however, are the myriad bad actors targeting the government for gain – whether that’s harvesting sensitive information or targeting local governments with ransomware. In fact, some agencies are already detecting an uptick in cyber adversary activity as these bad actors take advantage of perceived vulnerability amid the panic surrounding the pandemic.
To minimize the virus spreading by human contact, government workers are home and logging in remotely, often with less-secure connections. For that reason, heightened vigilance for cyber threats is critical. CrowdStrike’s 2020 Global Threat Report found that in 2019 municipalities and local governments were at the top of the target list for cyber criminals who were big game hunting -- a trend of targeted, low-volume/high-return ransomware deployments.
However, today’s cybersecurity threat environment is unprecedented. Cyber criminals and nation-states are more active than ever, the pandemic has become an easy way for bad actors to ensnare victims and many agencies have remote workforces for the very first time. This perfect storm has created a ripe opportunity for threat actors.
In fact, CrowdStrike has observed a recent rise in fraud schemes related to the pandemic, most often executed by social engineering techniques. Adversaries use malicious websites and apps that appear to share the latest COVID-19 information, but then deliver malware or lock a device and demand payment. People living in fear want the latest information quickly, so they’re more susceptible to mistakes.
These uncertain times call for government employees, who are tasked with protecting the nation’s most sensitive data, to exercise tried and true best practices for thwarting cyberattacks.
To ensure that organizations can defend against these imminent threats, these four steps will help government agencies with a largely remote workforce better protect against highly motivated threat actors:
- Ensure clear remote work policies: Enforce rules that are understandable and easily followed. Ensure security policies cover remote working access management, the use of personal devices and updated data privacy considerations for employee access to documents.
- Anticipate personal devices on the network: It is not unusual for personal devices to have poor cybersecurity hygiene, and remote workers will be tempted to turn to their day-to-day cell phone for work purposes, especially if they cannot get access to a government-furnished device. Continuously preach cyber hygiene and ensure any connected device follows the same strict security requirements.
- Don’t stop educating: Arm the workforce with intelligence on the latest adversarial tactics, particularly those that leverage the panic created by the pandemic. Reiterate the basics (thinking before clicking, being wary of attachments, never providing credentials to an untrusted source, etc.). Agencies may also consider more stringent email security measures.
- Plan for the worst: Ensure all crisis management and incident response plans can be executed by a remote workforce. A cyber incident that occurs when an organization is already operating outside of normal conditions has a greater potential to spiral out of control. Create a “virtual war room” with effective remote collaboration tools.
A geographically dispersed workforce does not mean operations should slow down. Rather, remote IT and security workers should be expected to monitor and respond in the time it would normally take them, if not quicker. The 1-10-60 rule (detect intrusions in under one minute, investigate and understand threats in under 10 minutes and contain and eliminate the adversary from the environment in under 60 minutes) should always be the goal.
In this unique time of uncertainty, the importance of implementing cybersecurity measures remains critical to protecting and defending the nation’s data. Adversaries are increasingly motivated to take advantage, and a remote workforce provides an easy target. Now more than ever, government agencies should work to enforce strict and clear guidance across all potential access points so that educated employees will be more diligent on the frontlines and quicker to detect potential threats. Smart and assiduous agencies that execute these crucial defense measures will reinforce an ecosystem of protection that is desperately needed to safeguard data in this time of crisis.
Shawn Henry is president of CrowdStrike Services and CSO of CrowdStrike.