Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Monday, 12 October 2020 00:29

Why COVID-19 has been good news for cybercriminals

Jim Cook, Attivo Networks Jim Cook, Attivo Networks

GUEST OPINION by Jim Cook, Attivo Networks: The COVID-19 pandemic has been a rough and costly period for many organisations, yet for one group, it has opened up a raft of potentially lucrative new targets.

The rush to have staff working remotely has created numerous opportunities for cybercriminals to infiltrate corporate networks. These opportunities are due to people no longer working within a protected infrastructure, using insecure networks, and connecting through client devices that lack vital security patches.

It’s tempting for organisations to think that, because they have managed to navigate the initial lockdowns without any sign of a cyberattack, they are now in the clear. Unfortunately, this may not be the case.

There could well be attackers who have gained access to corporate infrastructures but have opted to lie low as they prepare their next steps. It’s quite likely that a new wave of attacks will emerge as these criminals make their presence known.

Interestingly, industry studies show that the dwell time - the period that attackers spend inside the network before detection - is now just under 60 days. However, it can extend into months or even years for more advanced attacks. It may currently be the calm before the storm.

New opportunities
The security problems tend to stem from the fact that most businesses were simply not prepared for the volume of employees who would have to work from home. They had a matter of days to equip their workforce to continue operations and not impact customer service.

This lack of time to prepare means that, when it comes to security, they inevitably took shortcuts. As a result, both technology-based and human-based issues have arisen.

For example, network endpoints are more exposed. The staff is pulling data out of the company that may never have been off-premises before, thus creating fresh opportunities for attackers to target less-secure devices.

Phishing and other human-focused scams have also been on the rise during the lockdowns. Through these, cybercriminals prey on employees who are distracted or flustered by the sudden shift in routine.

Also, the number of BYOD devices (laptops, routers, access points, etc.) on the network has increased, making it is much harder to verify that employees are doing things like installing security updates promptly, thus creating potential vulnerabilities. Even employee turnover can create openings for attackers, as it can be harder to verify the full removal of stored credentials and other access from all applications and systems.

While there are tools designed to help protect against these new threats, they require effective security controls at multiple levels of the network. Traditional Endpoint Protection Platforms (EPPs) and Endpoint Detection and Response (EDR) tools try to stop attacks at the initial compromise of the system. Now, in a remote working world, attackers may have an easier time bypassing those tools, highlighting the importance of overlapping security controls and building a safety net to boost in-network detection capabilities.

Addressing new risks
A balance of security controls is necessary to cover everything from initial compromise and lateral movement to privilege escalation and data loss prevention. If cybercriminals have already compromised an internal system, technology like cyber deception plays a valuable role in detecting lateral movement and protecting applications. Additionally, data loss prevention capabilities can stop employees (or attackers) from saving sensitive information to personal devices.

Therefore, it is vital to have visibility into in-network attack paths to essential assets and network activity, including seeing devices joining or leaving the network. This sort of credential tracking is more important than ever, as is having the correct tools in place to stop a successful breach. Decoys can also record and replay attacks to correlate attack activities better and gather company-specific threat intelligence.

The spike in remote employees also means there is likely to be a need to boost VPN security. New traffic patterns amid remote work have shattered traditional activity baselines and made suspicious behaviour much harder to identify. Attention also should be given to cloud security, since much of the remote work uses PaaS, SaaS, and IaaS accounts for various tasks.

Just because one’s organisation has navigated the first few months in this new COVID reality without any significant security problems, it doesn’t mean that one can now take one’s eye off the ball.

Ensure that one’s organisation conducts a thorough review of the new remote-working infrastructure and plug any identified holes in security protection as quickly as possible. The cybercriminals haven’t disappeared, and they could be much closer than one thinks.

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Staff Writers

Our Staff Writers and Guest Writers contribute content to iTWire each day and they are available asset to the team. If you want to be a staff writer please contacts us.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News