In a near instant, the impact of the COVID-19 virus is reverberating across the globe. Companies are scrambling to rethink how they operate in a business climate besieged by the effects of a fast-moving pandemic. Enterprises are turning on a dime to accommodate the needs of a new work-from-home workplace. And always top of mind is how to fast track resiliency planning to ensure far flung employees are operating responsibly without opening up the enterprise to undue cyber security risks.
It’s tall order. Already there are numerous reports of cyber criminals trying to capitalize on growing fears and general anxiety surrounding the new normal. The latest report points to a group affiliated with China as being behind some of the early malicious online activity, which includes phishing emails as well as planting malware. Much of the activity kicked off in Asia, where the virus first originated, following its path through Europe and likely heading to the United States.
The takeaway: U.S. security experts are already warning of a new wave of cyber attacks that will explicitly target Americans working from home during the period when there aren’t sufficient safeguards in place on par with secure office environments. The Cyber Security and Infrastructure Security Agency (CISA), the cyber arm of the Department of Homeland Security, issued a recent alert that called out specific cyber vulnerabilities related to working at home. Of particular concern were attacks on virtual private networks (VPNs) and suspicious emails that prey on employees’ Coronavirus fears to get them to click and download dangerous computer viruses.
The Cyber Security and Infrastructure Security Agency (CISA), the cyber arm of the Department of Homeland Security, issued a recent alert that called out specific cyber vulnerabilities related to working at home.
Even the government was not immune to cyber security infections caused by COVID-19. There were reports that the U.S. Health and Human Services Department suffered an attack on its computer system intended to invoke disruption and disinformation that would undermine response to the pandemic. While the HHS network wasn’t penetrated, reporting indicates it was subjected to a distributed denial-of-service (DDoS) attack intended to slow the agency’s response. HHS officials said the attack was not successful and that networks are running normally.
The latest: There’s a lot to take in and everyone is on overload. This link provides a round-up on current COVID-19-related cyber security news and challenges.
* * *
The 2020 election is another mounting source of cyber security-related frustration and concern. In February, 57% of a 100-plus cyber security expert panel said Americans shouldn’t be confident about the security of the 2020 election. Experts asked said every part of the voting process is vulnerable, including voter registration, voting itself, vote tabulation, and the results reporting system.
Public fears about COVID-19 are also fanning the flames, initially with the spread of disinformation to discourage voters from turning out and more recently, with government-mandated restrictions that could serve as a reason to stay home and skip a primary vote. In addition, several states, including Georgia, Kentucky, Louisiana, and Ohio, have pushed back primaries due to fears of further virus spread.
The Government response: The independent Election Assistance Commission, which certifies the voting systems, recently published a list of resources and best practices to help state election officials deal with impact of COVID-19, everything from guidance on cleaning machines to how to handle mail-in ballots.
At the same time, officials from U.S. Cyber Command recently testified that election security is a “top priority.” General Paul Nakasone told a House Armed Services sub-committee that the capabilities to defend the U.S. voting infrastructure have improved significantly since the 2016 presidential election. As reported in The Hill, a senior official at the Cyber Security and Infrastructure Security Agency (CISA) said there was no “malicious cyber activity” observed during Super Tuesday’s primary voting in 14 states.
* * *
How about a Cyber Space Force: In another example of ill-preparedness, a year-long effort by a bipartisan group of lawmakers found the U.S. government is not prepared to act with the speed and agility necessary to defend the country in cyber space against the likes of attacks from Russia, North Korea, and Iran. The 122-page report calls for more military personnel trained for cyber operations, more Congressional committees dedicated to the cause, and the need for both the public and private sectors to improve their safeguards with a layered approach to cyber security.
“We must get faster and smarter, improving the government’s ability to organize concurrent, continuous, and collaborative efforts to build resilience, respond to cyber threats, and preserve military options that signal a capability and willingness to impose costs on adversaries,” the report concluded.
A recent study classified the United States as one of six countries that have failed to improve its cyber security stance from last year. In fact, the study found the United States dropped from its previous ranking of 5th to the 17th most cyber-secure country.
A recent study classified the United States as one of six countries that have failed to improve its cyber security stance from last year.
FBI Director Christopher Wray reiterated that the pace of cyber intrusions and attacks are unrelenting. At a recent Cyber Security Conference at Boston College, Wray said cyber tools are capable of paralyzing entire hospitals and police departments, and cautioned that the defense industry is not the only target of bad actors. He said American adversaries have also taken aim at companies with such products as proprietary rice seeds, software for wind turbines, and high-end medical devices. In response, the FBI’s Cyber Action Team, in collaboration with various task forces, are working to establish coalitions with like-minded countries as well as set up alliances with universities and the business sector to deal with the mounting problem.
Symantec | Broadcom: Innovation and Strategy for Your Success
Join this webinar to learn: - How Symantec’s Enterprise Division is addressing key customer challenges across advanced threats, privacy and compliance, and digital transformation - Symantec’s vision, strategy, and customer-driven innovations - Answers to common questions we have received since becoming part of Broadcom
We encourage you to share your thoughts on your favorite social platform.