While companies are fighting current economic and social issues related to the Coronavirus pandemic, another threat must be taken into consideration – cyber threat. In Sii Security Operations Center (SOC), that works for our customers, we have already noted that the number of incidents and attempted hacker attacks is much higher.
The incidents may be caused by groups that have tried to infiltrate a certain company for months and now “gaps” are easier to find. There are also new attacks directly connected to the pandemic. Recently, we have witnessed this kind of activity hidden under a map to track COVID-19 infections, which is actually a ransomware. It encrypts the phone or computer and demands payment for unlocking. Another case is emails and SMSes with links to subscriptions for the Coronavirus vaccines, nutritional support or the requisition of funds on the account by the National Bank of Poland. All the links lead to fresh domains with Coronavirus in their name, founded only for a given attack.
Why is that happening?
The answer is quite obvious: every bit of chaos is an advantage for a hacker. The current situation in the world is a challenge for many companies. This is related to, among others, mass transitions to remote work, even for positions not adapted to it. Sometimes, chaotic and sudden solutions cause many oversights and potential issues. Security policies are bent to only provide remote work to an employee or improve the company’s operation in the absence of some personnel. An example would be access to confidential data for people who should not have such access. This is a serious security flaw.
How to stay safe?
There is a golden rule for most cyberattacks. The earlier breach is discovered the less damage it will inflict. Keeping this in mind, the existence of a security cell that will monitor systems and handle security incidents is crucial for the safety of the entire company. Such a team prevents attacks or minimizes the impact of successful attack. What makes a SOC unique is the ability to monitor all systems on an ongoing basis, as employees work in shifts, rotating and logging activity around the clock.
And here we find another challenge that companies currently face. In order to be successful, a team must be fully operational. It is hard to imagine that the company for several days or weeks is completely prone to attack from outside, and users and customers are left without support, just because the team members are absent due to sick leave or office quarantine. One of the options to mitigate this risk is to use third party support. The Sii SOC Team supports its customers in daily incidents, ensuring the possibility to fast scale and keeping business continuity, whenever the internal team is not able to perform.