COVID-19 Demonstrates Need for Human Error-Proof Security

It’s an understatement to say that the COVID-19 pandemic is significantly disrupting business operations on a global scale. Many organizations that once relied on a uniform physical presence have moved to virtual operations and remote lines of communication.

These adjustments are, in turn, forcing business leaders to become more nimble and resourceful with cybersecurity while emphasizing the necessity of knowing one’s defense systems and investing in strong and agile security postures.

According to a Sophos report, more than half (51%) of organizations were hit by ransomware within the last year, with attackers successfully encrypting data in 73% of respective attacks. Clearly, the threat landscape prior to this pandemic was already significant.

Since the onset of COVID-19 and shelter in place, companies have been struggling even more with how to best maintain enterprise security—especially with their employees working remotely and the increased security vulnerabilities that stemming from this shift. 

Cyber-criminals are increasingly driving malicious traffic to vulnerable enterprises, unloading a whole new wave of ransomware attacks. Just last month, Microsoft formally warned organizations all over the world that they must deploy protections against PonyFinal, a new ransomware strain that attacks a company’s systems management servers by taking advantage of vulnerable passwords.

As evidenced, the COVID-19 pandemic is continuously providing ripe opportunities for malicious actors looking to profit off the newly remote workforce—specifically, the millions of users logging on from a variety of insecure devices and locations—and this is unlikely to change anytime soon. Nowhere is this concern more apparent than what ConvergeOne faced in March. The IT service management company reported receiving 80,000 phishing emails related to COVID-19 in one week alone aimed at their employees.

These threats sparked fear and uncertainty by promising “cheap” N-95 masks and using political messaging aimed at right and left-leaning ideologies. This wholly new and unique activity preyed on the real fears and insecurities of people plunged into a pandemic with global public health ramifications, opening ConvergeOne up to massive security risks as a result. 

As Collin Buechler, ConvergeOne CISO, puts it: “[What] if we don’t know what the bad guys are doing? There are ultimately more things going on right now. More phishing emails globally, everybody’s trying to take advantage of COVID-19, we’ve seen a 14% increase in malicious traffic against our perimeter just since this all started.” 

The company quickly came to terms with this new reality and the fact that blind trust is no longer an option within their security environment and architecture. Instead, they realized that the path forward must entail human-error proof security that takes the very real, human factors and emotions like uncertainty, fear and confusion out of the equation in order to safeguard sensitive enterprise information and, most importantly, the safety and privacy of employees.

The most advantageous methodology for implementing human-error proof security tactics is a Zero Trust environment. Zero Trust is the catch-all solution for executing sufficient security postures by ensuring that all devices, applications and users interacting within a network are not automatically trusted, but that all exchanges are repeatedly tested.

By utilizing Zero Trust, today’s enterprises can measure the risk of exchanges between devices, applications and their users. In a world that’s currently going through a mass crisis, Zero Trust provides organizations with peace of mind so that IT security teams can focus on alleviating other pain points and preventing known threats.

It’s likely that more attackers will continue to prey on “human nature” in the coming months as we work to overcome this pandemic. Their goal will be to override even the most robust security training and instincts by capitalizing on heightened emotions and concerns in order to manipulate users into making poor, unsafe choices. 

The clear takeaway is that rigid security protocols and training are not enough; rather, we must remove human error from the equation wherever and whenever possible and move to a Zero Trust environment. 

Effective cybersecurity posture requires learning from both the present and the past, as well as proactively predicting tomorrow’s threats. ConvergeOne is not just a singular case study, but a warning and learning opportunity for all.

Today’s enterprises must evaluate what’s transpiring during COVID-19 and invest resources into how they can best protect users, employees, critical infrastructure and data both now and in the future. This is where investing in human-error proof security is no longer just an option, but a requirement for working, smarter, safer and closer together.

What’s Hot on Infosecurity Magazine?