There is no business, regardless of size or industry, that has not been impacted in some way by the COVID-19 pandemic. Retailers struggle with store closures, inventory challenges, and eCommerce. Educators struggle with online learning and how best to address the digital divide. Healthcare providers struggle to secure enough beds and supplies to care for the influx of patients.

As the primary threat of the COVID virus now subsides in some countries, businesses struggle with adjusting to the ‘new normal’ – how to get back to some sense of normalcy, while ensuring the health and safety of their employees and customers.

Cyber-Security Risk

Adding to these struggles is the increased frequency of cyber-attacks. Since the COVID-19 pandemic began, the World Health Organization has reported an increase in cyberattacks, going so far as to issue a warning that hackers and cyber scammers are taking advantage of the pandemic to send fraudulent email and messages.

Any change in routine creates new opportunities for hackers and cybercriminals have been capitalizing on the vastly different world we all live in:

• In Healthcare, cybercriminals are targeting hospitals with an increased number of phishing campaigns, ransomware, and other types of attacks. In one case, a Czech hospital was hit by a cyberattack while in the midst of a COVID-19 outbreak, forcing it to shut down its entire IT network, postpone surgeries and re-route patients to alternate hospitals.

• In Education, where increasingly teachers turn to video collaboration solutions to facilitate online learning, there have been numerous reports of breaches. A common one is  ‘Zoombombing’, where an unwanted guest joins a video call with the intention to disrupt and harass. Students in universities, high schools,  even those in kindergarten have all been exposed to such attacks, and while the name may originate from the popular Zoom Video solution, these types of attacks can happen on any video conferencing site.

• Governments have seen an increased number of phishing scams taking advantage of COVID-19, where attackers send fraudulent texts and emails that attempt to trick users into believing they have received a government benefit.  The FCC in the U.S. has received reports of scam and hoax text message campaigns and scam robocalls offering free home testing kits, promoting bogus cures, selling health insurance, and preying on virus-related fears.

• Supply Chain scams involving the healthcare system are increasing, with ‘gray-marketers’ targeting personal protective equipment, capitalizing on the shortages of critical supplies that healthcare professionals face around the globe.

Good Cyber-Security Practices

Since the pandemic became, much attention has been placed on good personal hygiene to prevent the spread of the virus.  Also important is maintaining good cyber-security hygiene and practices.  It is essential that businesses protect themselves, their employees, and their customers from cyber-attacks during this time.

Even before the new security risks of COVID-19 appeared, businesses already needed to do more to enhance their cybersecurity processes, as illustrated by a recently published Global Survey from Extreme Networks that revealed that businesses security precautions are falling flat. Survey results are summarized in the infographic below.

Manage the Risk

What does good cyber-security hygiene involve? Implementing network security best practices, while concurrently addressing the emerging threats that COVID-19 brings.

While the world may have changed, security principles and fundamentals have not. The State of Network Security in 2020 webinar highlighted four simple steps organizations can take to bolster network security.

1. Get the Basics Right

Getting the basics right includes security training, patch management, password controls, and off-line back-ups – ‘table-stake’ measures all organizations should take to reduce exposure.

The challenge in the current COVID environment is that IT departments are stretched.  They are now tasked with enabling remote access to hundreds or thousands of employees; or extending network infrastructure to accommodate student learning or pop-up care facilities; and unfortunately, the basics can fall by the wayside.

This is the time where ‘getting the basics right’ is more important than ever. Given the increased number of cyber-attacks, organizations need to ramp up education and phishing awareness campaigns; and ensure that patches and security updates are done as soon as possible.  Many organizations, such as Zoom, are working around the clock to address new vulnerabilities as they arise and introduce patches. The onus is on all of us to ensure we remain current.

2. Enforce Proper Security Practices

While there is no one-size-fits-all strategy when it comes to network security, organizations need to enforce the appropriate network security best practices that are appropriate for their business. This may include policy-based access control, network segmentation, regulatory compliance, IoT security, and more.

During COVID-19, extra attention needs to be directed to areas such as remote access, IoT, network access control, and user privacy. For example, remote employees may use personal devices to connect to their corporate network – devices that lack the security controls of company-provided hardware.  Adding to the risk, is users are increasingly turning to cloud-services and bypassing corporate VPNs. Organizations need to ramp up endpoint inspection, traffic inspection, segmentation, and remediation/isolation. Data privacy also needs to be top of mind as contact tracing is introduced, to ensure user’s personal data is protected.

3. Leverage Industry Resources

In addition to the wealth of cyber-security industry resources that previously existed (e.g. CISecurity Controls, Mitre Atta&ck, the Cloud Security Alliance), there are now many COVID-19 specific resources, including  CISA Covid-19 resources, World Economic Forum blogs, and the Federal Trade Commission Coronavirus resources.

4. Continued Vigilance

Lastly, every business must pay extra vigilance over their environment during this time. Now, more than ever, is not the time to ignore suspicious behavior or decide you will “get to it tomorrow”.  Don’t wait when you see anomalies – early detection and intervention are key to addressing security issues and preventing propagation and more widespread damage.

Learn more

To learn more about the impact of COVID-19 on Cyber-Security, register now for Extreme’s Security Threats & Privacy Considerations for COVID-19 and the New Normal webinar.

Ed Koehler, a distinguished principal Engineer and Cybersecurity expert at Extreme Networks, and Phil Swain, the Chief Information Security Officer at Extreme Networks, will share their insights on the changes taking place in the cybersecurity industry and what organizations need to look out for.

• As a member of the InfraGard  COVID-19 Response ​team in the U.S.,  Ed brings a valuable industry perspective on the challenges being faced
• As a CISO, Phil brings first-hand knowledge into Extreme Network’s experience during the pandemic – the type of cybersecurity attacks experienced, and the steps taken to address them