The global pandemic has disrupted many industries and organizations around the world, forcing them to pivot their perception of business as usual. This “new normal” has catalyzed the adoption rate of digital technology in both India and globally.
Work from home (WFH) and prolonged lockdowns have taken almost every interaction, engagement and transaction online, and increased the vulnerability of businesses to cyber attacks. Despite the advancement of security systems today, phishing continues to be one of the most common threats experienced by enterprises. While the scenario continues to change, hackers and threat actors continue to stay busy too.
For attackers, this is an opportunity. They continue to seek and take advantage of the disruptions – whether it is a natural disaster, major business adversities, government unrest or as in this case, a global health crisis. Over the past several weeks, organizations around the world have instituted WFH policies. There has also been a spike in the percentage of cyber attacks and breaches, particularly after the lockdowns were imposed.
A significant percentage of employees working from home were not necessarily in a secure environment. The risk is higher as a huge amount of data is vulnerable to external servers. The cyberspace in India needs to always be on high alert, and organizations need to be on the look-out for two escalating risks brought about by this evolving event.
First, the large increase of phishing and social engineering campaigns that use public fear to enhance their effectiveness. Second, the increased risks due to WFH employees and an increase in online transactions.
From healthcare to logistics, every industry is impacted by the threat to their data. In this current situation, when there is a pool of information that is passed through emails and the cloud, healthcare operations, related manufacturing, logistics, and administration organizations, as well as government offices involved in responding to the crisis are increasingly critical and vulnerable to disruptive attacks such as ransomware.
The threat is induced as cyber espionage actors are seeking to collect intelligence and to deliver malware in an effort to establish a foothold into the corporate network through phishing tactics. This could lead to affecting an entire security system with just a click. According to WHO, there has been a dramatic increase in the number of cyber attacks directed at its staff, and email scams targeting the public.
Scammers impersonating WHO in emails have also increasingly targeted the general public in order to channel donations to a fictitious fund.
Covid-19 is being adopted broadly among social engineering themes because it has generic appeal, and there is a genuine thirst for information on the subject that encourages users to take actions. Any user on the Internet is prone to an attack if he engages with an unknown source on social media or through email even with the mere intention to support a cause or create a discussion.
The same applies to any staff working in an organization, who may or may not be aware of the threat.
As the email is a primary attack vector, organizations must continue to focus on both building user security awareness and hardening their technical mitigation and detective controls.
Below are the tools for email security that organizations should consider implementing:
Enforce Multi-factor Authentication (MFA): Simply setting up a process to login to your Microsoft Office 365 on the web by assuring multiple authentication can help in preventing an attack through emails.
Configure Spoof Protection Controls: One can restrict traffic and prevent several Denial of Service attacks (DoS) by configuring spoof intelligence control in your system.
Validate Email Security Gateway Implementation: There are various ways in which an email threat can be detected. One of which is proactively detecting it by implementing an email security gateway that checks the domain of incoming emails, thus detecting a threat and alerting you before it affects your system.
Formalize Phishing Reporting Process: Reporting an attack, even if it is just a scam email is important. Organizations need to invest resources for setting an intel team that always assesses these attacks to ensure being protected from threat at all time.
Develop and Operationalize Phishing Incident Response Playbooks: This helps formalizing an incident response and establishes automated operationalization of threat management. Hence, managing the risk automatically in case of recurrence.
Today, both organizations and individuals need to be well versed with the measures to be taken in order to protect and secure data from external threats which could impact internal systems and operations. In an ever-mutating threat landscape, a robust security awareness program remains a key defense tactic in protecting against email-based phishing threats.
- Shrikant Shitole, VP & Country Head (India & SAARC), FireEye Inc.