Coronavirus Cybersecurity Advice From Ilia Kolochenko of ImmuniWeb
Wednesday, March 18, 2020
Today, we present some coronavirus cybersecurity advice for employees working from home. With the coronavirus driving workplaces to embrace social distancing, the normal channels of cybersecurity policies are now disrupted. Therefore, we reached out to Ilia Kolochenko of ImmuniWeb for advice on how employees can work with enterprise cybersecurity remotely.
The coronavirus, also known as COVID-19, creates an atmosphere of increased risk, both physical and in terms of cybersecurity. With so many employees currently working from home, there comes a need for coronavirus cybersecurity.
After all, increased online activity increases the risk of risky behavior. Moreover, social distance stretches the lines of communication between IT security and employees thin. Hackers take advantage of this atmosphere of fear and confusion, exploiting the lack of rational thinking for social engineering attacks.
For coronavirus cybersecurity advice for enterprises with work-for-home employees, we asked Ilia Kolochenko. Kolochenko is the Founder & CEO of ImmuniWeb, a web security company. He offers coronavirus cybersecurity advice in the form of Frequently Asked Questions.
Frequently Asked Questions About Coronavirus Cybersecurity
How are cybercriminals exploiting people working from home?
It is a convoluted mix of infrastructural unreadiness and overly susceptible human physiology during the spiraling crisis. Some cybercriminals mostly exploit uncertainty and aptly forge emails or SMSs from state authorities, imposing or demanding certain actions such as sharing confidential data or clicking on a malicious link to infect victims with malware. Others, merely exploit overall lack of security hardening of home, or home-placed computers, and deploy various well-known attacks, ranging from large-scale spear-phishing campaigns to sophisticated BEC targeting C-level executives. Sadly, all these vectors are highly efficient, while breach investigation is hindered by suddenly disorganized IT and security teams trying to adapt themselves to the new reality.
Will video conferencing calls make individuals more vulnerable?
Conference calls do not create additional cybersecurity risk per se. However, they expand a wide spectrum of the existing attack scenarios, for example, by sending fake Zoom or WebEx invites.
Will we see new types of phishing and attacks?
From a technical standpoint, there are no substantially new phishing techniques imputable to Covid-19, but merely new vectors such as new reasons to lure victims into clicking on a malicious link for example.
Should the cybersecurity of workers be their own responsibility or that of their employers?
In light of the spiraling panic, partial shortage of food and medication in some European and US cities, it would be somewhat unreasonable to shift this burden to already overburdened and stressed employees.
What will be the effect on cyber insurance from the current climate?
For the moment, it is virtually impossible to give a long-term forecast, though it would be reasonable to expect a spike in demand for insurance and a subsequent price increase. Insurance companies will also likely gradually scrutinize incoming claims for coverage, imposing higher standards of requisite cybersecurity. Otherwise, careless or simply unprepared home-based workers will empty their pockets within a few weeks.
What are the best “quick cybersecurity wins” for home workers to implement?
Remaining vigilant is probably the best action the would-be victims can undertake. Corporations should rapidly develop and promulgate a clear, coherent, and efficient cybersecurity communication strategy, reminding teams about basic precautions and security policies, including how to report an incident or suspicious activity.
What are the cybersecurity practical tips for anyone working from home?
Double-check authenticity of any incoming messages, emails, or phone calls. In case of any doubt, report to your internal security team or police. Be particularly prudent when someone is trying to extract any data from you in an emergency, pretending there is no time to convincingly explain the context.
How can businesses improve cybersecurity measures organization-wide?
Consistent, threat-aware, and risk-based cybersecurity policy shall be relentlessly promulgated to employees in an easily-consumable and friendly manner.
How might the current climate affect businesses long term?
Rather than it being a unique opportunity for businesses to tighten up their defenses for the long term, it is a challenge that may kill weak and unprepared companies. Read Full Article
EU-Startups: 10 promising cybersecurity startups to watch in 2020
SC Media: COVID-19 firefighting, Czech and US health services under cyber-attack