There’s a meme making the rounds in the form of a multiple-choice question:
“Who led the digital transformation of your company?
A. CEO, B. CTO, C. COVID-19”
The dark humor in this question underscores the colossal digital shift that has taken place in recent weeks. We are in the midst of an unexpected telework and distance education grand experiment foisted upon many with no time to prepare. It’s quite likely that many of the effects of this shift will remain long after COVID-19 fades to memory.
As if the threat to our physical health by the novel coronavirus SARS-CoV-2 (COVID-19) is not bad enough, the pandemic has created an environment and opportunity for cybercriminals (ever agile and adaptive) to launch some novel attacks as well as increase emphasis on some older ones given the ballooning telework/distance ed population.
Over the next several blog posts, we will share our thoughts on the key cybersecurity challenges and effects of this normalis novum. In this introduction, we’ll share some of the key areas that have increased in attractiveness to the bad actors among us.
The targeted vulnerabilities we’ve seen affect tech offerings across many key businesses supporting the growing legion of remote workers and include Citrix, Fortinet, Microsoft, Palo Alto Networks, and Pulse Secure.
Attackers continually adapt and have shifted focus to vulnerabilities in the following tech as a direct result of the en masse move to remote work. In particular, we have been seeing bad actors concentrate on:
-exploiting vulnerabilities in virtual private network (VPN) software and devices
-proliferating malware using novel exploits that target certain industries (e.g. energy)
-leveraging vulns in video conferencing platforms
-targeting with phishing attacks less IT-savvy workers newly thrust into the online workforce
Over the next few days, we shall cover each of these in turn in a series of blog posts.