No single event to date, other than the very advent of the internet, has changed the cybersecurity landscape more than COVID-19. Along with the severe long-term health and economic consequences, the coronavirus outbreak has increased a variety of security risks to private businesses and the public sector, primarily due to the rapid shift to remote working.
The move to working remotely creates increased risk for local governments, as criminals are exploiting the chinks in cybersecurity armour. This threat is so severe that the UK’s National Cyber Security Centre (NCSC) and US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) published a joint advisory notice warning that cybercriminals are targeting organisations with a range of ransomware and malware.
Councils were already under threat, having been hit by more than 263 million cyber-attacks in the first half of 2019 alone according to figures gathered by insurance broker Gallagher using the Freedom of Information (FoI) Act, so it’s clear that urgent action is needed to prevent the further threat. To begin with, local governments must understand what the threats are, and what can be done.
First, the use of online channels and heightened activity on customer-facing networks has increased tremendously as local government employees work from home, and activities ranging from services and collaboration platforms to document storage are moving online. The transfer of more services to the internet as a result of the coronavirus has increased public sector risk exposure to systems penetration and data theft. This is particularly concerning as local governments are often dealing with sensitive/confidential information.
Secondly, remote working has required organisations to widen access rights on personal mobile devices and tools. Off-site devices are not centrally controlled (for network access control or end-point data protection) and are connected to a typically less secure open home WiFi network. Usually, local government offices complement WiFi networks with advanced computer networks such as intranets, VPNs or private clouds - none of which local government employees’ homes are likely to be equipped with. In addition, some users may not have strong multi-factor authentication on personal devices and may transmit data over non-secure and noncontrolled channels which dramatically increases cybersecurity vulnerabilities.
Thirdly, with the creation of new websites to disseminate information for the public and resources to combat the coronavirus, attackers are exploiting the weak security controls on many of these sites and devices to spread malware via drive-by downloads. Once installed, a malicious application can steal a user’s confidential data or gain access to protected systems by tricking legitimate users.
Click through rates for phishing emails and success rates of fake caller agents can also increase if employees bypass asking co-workers about suspicious emails or calls, which they could be liable to do now that this requires a dedicated email or phone call as opposed to an informal chat with the person next to them. In fact, Mimecast Threat Intelligence reports that the company’s email security systems prevented delivery of nearly 24 million suspected coronavirus phishing emails in the week leading up to (and including) March 23rd 2020, equating to 16% of approximately 150 million emails scanned by Mimecast during the period.
As the coronavirus outbreak progresses, cyber attackers will continue their efforts to exploit local government vulnerabilities. To remain vigilant and effective, local authorities should work with their security teams to identify likely cyberattack vectors as a result of more employees working from home and prioritise the protection of their most sensitive information and business-critical applications.
To maintain secure operations, and mitigate risks of remote access to sensitive data, local authorities should ensure all corporately owned or managed devices are equipped with essential security capabilities, extending the same network security best practice to the home. It is essential to implement multifactor authentication, use strong password protection and enforce endpoint protection on devices, including VPN tools with encryption. This is particularly important when there is an increase in virtual meetings and confidential information being shared online.
Eliminating risk events during crises is difficult, but local governments can reduce the risk associated with incident response. The importance of crisis response lies in dedicated crisis management platforms for encrypted communications. Local governments should reiterate to employees their safe remote-working protocols and their procedures for threat identification and escalation. They must ensure that remote-working policies are clear and include easy-to-follow steps that help make employees' remote environments secure.
It is essential that during a crisis, local government leaders play critical roles in securing their organisation and ensuring that they respond to cyber threats by balancing employee protection with business continuity. We should also recognise that our threat environment is not static, which means it's important to keep a close eye on evolving cyberthreats to avoid unnecessary disruptions in a time when we can least afford them.
Richard Stephenson is CEO of YUDU Sentinel