Good cyber security practices to be observed in the wake of COVID-19

Barry Hensley, Secureworks’ Counter Threat Unit™ (CTU) and Cyber Threat Analysis Center (CTAC), explains how to balance speed of delivery with security vigilance in a mission-critical situation.


It is a sad reality, but both hostile state actors and opportunistic cybercriminals are already leveraging COVID-19 themed campaigns to conduct phishing and deliver malware. Secureworks Counter Threat Unit researchers have observed that, as is common with all topical news stories, criminal actors making cynical use of the current crisis to promote misinformation and products with the intent to harm organizations and individuals.

By following key good cybersecurity hygiene practices, organizations can protect themselves and their employees against these attacks.

At Secureworks, we exist to secure the human progress that technology enables. In this new COVID-19 corporate landscape, our customers are dealing with the competing challenges of protecting employees and business systems, while also rapidly making business and technology changes, including adopting new temporary remote working practices.

If you are one of the many companies rapidly adopting these new working practices, including encouraging remote work from home, I want to give you our best advice for maintaining business continuity while not increasing your organization’s cybersecurity risk:

Remote access services are now business-critical. Services that facilitate communication, collaboration and delivery of core business services for a remote workforce will now become vital systems, where previously they were a flexible convenience. Organizations may need to open up additional access and reconfigure services in order to enable full remote functionality. There will be pressure to do this rapidly and bypass normal change control processes. I want to challenge you to balance the need for speed of delivery with diligence in ensuring that proper controls and security practices are maintained to keep data and systems safe. You don’t want to be left vulnerable in what is now a mission-critical situation.

Multi-Factor Authentication (MFA) is a must-have. Credentials abuse is at the root of most intrusions involving remote access services. Where possible, make sure your organization is making use of proper Multi-Factor Authentication (MFA), Virtual Private Networking (VPN) technology, and secure cloud web services like webmail, collaboration portals and enterprise business applications. Exceptions to this will be your Achilles Heel, as the adversary only has to find one hole in your defences, and multiple threat groups actively target these services on a near-continuous basis.

Organizations currently in the midst of responding to a cyber intrusion may encounter the additional challenge of being unable to respond with the implementation of new controls such as MFA because the potential for disrupting remote workers is deemed too high. There may also be a reluctance to patch Internet-facing systems and remote access services that the business is now even more reliant on, even when those are the very systems that may be most at risk from attack. The answer is to enhance your visibility to spot threats early.

Increase your monitoring and visibility across this new environment including endpoint, network, and cloud services and task cyber defenders with actively hunting for threats and re-entry attempts. In combination, this can provide a temporary mitigating control while the enterprise works through the challenge of responding to the incident.

Contingency Planning in the New Virtual World

You are undoubtedly talking about contingency planning as part of your business continuity plans right now. I want to encourage you to also include cybersecurity contingencies in that discussion.
• Do you have a cybersecurity crisis communication, management and response plan?
• Do changes to working practices stemming from the COVID-19 pandemic alter that plan?
• Can you correlate multiple stages of an attack that could lead to a catastrophic event (e.g. ransomware) and neutralize the problem early, before it becomes a disaster?
• Are you prepared to rapidly respond and recover based on various degrees of business impact?

We know our Secureworks customers depend on us. Our teams around the world are committed to being your cybersecurity partner in this digitally connected world—the larger WE simply cannot allow threat actors to exploit this crisis. Our communities are already fragile, so we cannot tolerate anything that results in additional financial burden, business disruption or patient care risk.

Good cybersecurity practices will carry you through. We will be alongside you every step of the way, protecting the progress of our customers so you can stay focused on being there for your employees and customers.