In March 2020, UK IT Distributors reported an increase of 31.8% in sales of endpoint equipment (particularly laptops), which created a shortage of stock for every reseller and distributor in the country. This problem was compounded by existing Intel shortages, reduced supply from China and shipping constrictions.

 

This scramble, as we are calling it, was directly attributed to COVID-19 and the lockdown, meaning a lot of people needed to get working from home… fast. Almost overnight large workforces needed to be equipped to work remotely, whether it be a desktop, laptop or tablet and many also requiring webcams and headsets. Despite constriction, and to the credit of IT teams across the country, this big change happened and for some it was a surprisingly smooth transition.

 

What wasn’t smooth, in some cases, was the security configuration of devices issued in the limited time available and in the scramble to enable a remote workforce, many organisations bought every laptop, tablet and device they could get their hands on and deployed them hurriedly. Some rollouts have undoubtedly been well-executed, but many haven’t, and thereby lies the risk.

 

IT Security has been a priority for many years. However, we now have devices dispersed over a wide geography containing sensitive data, but with inadequate security. Whilst we know it, and you know it, the other people that definitely know it… are criminals.

 

Crime moves fast to exploit situations and in just the last few weeks, exploitation has increased significantly, both in terms of low-tech scams and cyber-crime.

 

The UK National Fraud & Cyber Security Centre has reported that Coronavirus-related fraud reports increased by 400% in March and have released advisories related to home-working – see https://www.ncsc.gov.uk/news/covid-19-exploited-by-cyber-actors-advisory - phishing, malware and ransomware are all increasing at a time when organisations are most vulnerable.

 

Since March Barracuda has blocked 600% more ransomware and phishing attacks on end-user email accounts and BitDefender has seen a 16-fold increase in the number of known viruses in the wild.

 

*Source = https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/

 

Many threats observed play to the situation: phishing designed to mimic COVID-19 health information, which triggers the download of malware. These phishing attempts purport to come from government or the World Health Organisation directing precautionary measures, but really embedding malware. COVID-19 tax rebate and Coronavirus Business Interruption Loan Scheme (CBILS) phishing lures, directing recipients to a fake website that collects financial, tax and personal information.

 

This isn’t just a Dickensian Fagin’s gang opportunism - this is strategic, tactical and highly organised crime, and it’s incredibly lucrative. It’s increasingly sophisticated and increasingly people are falling for it. It’s happening to companies of all sizes too, Easyjet recently announced a data breach of c9 million personal data records, including customer credit card data.

 

Marriott Hotels are another high profile and well documented attack, more so because it’s not the first time it has happened, in fact it’s the second time in 2 years this has happened. The new incident has affected 5.2 million of its guests, compromising a range of their personal information, including names, email and mailing addresses, and the names of their employers. Considering that the previous breach affected over half a billion people and exposed a wide range of personal data, some might view the new breach as less damaging.

 

Another attack which has raised particular interest, however not massively documented is one aimed at the agent facing portal for Norwegian Cruise Lines. Data exposed in the incident included c30,000 clear text passwords and email addresses used to log in to the Norwegian Cruise Line travel agent portal by agents working for companies including Virgin Holidays and TUI.

 

Analysts at the cyber security analysts DynaRisk are quoted as saying “They are now exposed to account takeovers on numerous platforms, sophisticated phishing emails and fraud, which could put further pressure on large travel agents or worse still, put smaller agents out of business.”

 

Travelex and BA are also other high-profile targets whereby the ICO is investigation and issuing large fines accordingly for security breaches.

 

From the above we could determine that travel and hospitality is a sector targeted for attack, possibly because it’s one sector most stressed by COVID-19 but cyber-crime doesn’t completely discriminate and is opportunistic by nature.

 

In the current situation, typical security risks are elevated by home network vulnerabilities, untrusted devices, lack of encryption, lack of data loss prevention (DLP) controls, lack of mobile device management (MDM), lack of multi-factor authentication (MFA), lack of media controls and inadequate security controls.  This is compounded by staff being remote and not immediately in contact with colleagues, often working to new scenarios and sometimes without sufficient security awareness or training.

 

*Source = https://www.mimecast.com/resources/infographics/dates/2020/4/email-protection-and-recovery-for-remote-workers/

 

 

Tiered security or tired security?

 

Threats range in complexity from ransomware emails with fake invoices to replica websites of brands such as Facebook, Google, or UK GOV and HMRC. It is difficult to be 100% protected but mitigating risks is vital.

 

Our proven tiered security model puts the necessary control measures in place to help secure your organisation and negate attacks, including zero-day threats.

 

Protecting data, documents and devices...

 

Protect your devices and business-critical data with pure security tiered options, plus Microsoft EM&S (Enterprise Mobility and Security). Encrypt, manage and monitor the device, enable multi-factor authentication (MFA), control and protect data and documents; all from one powerful suite of security solutions. Applying the right data protection policies using MIP (Microsoft Information Protection) ensures data cannot be accessed, removed or leaked by non-authorised people.

 

Whilst it is important to protect assets you own, BYOD and users taking advantage of their own equipment is even more popular now. The need for a mobile device management (MDM) solution is needed - Microsoft offers InTune, which readily fits with other Microsoft solutions, however there are several options dependent on requirements. A key feature of MDM other than being able to track assets is ensuring that devices are suitably patched. 

 

Mobile device management common features include:

  • Device inventory/tracking
  • Mobile support/management
  • Application blacklisting/whitelisting
  • Remote service management
  • Passcode enforcement
  • Automatic Patching of Security Vulnerabilities

 

Another area typically overlooked with remote working, BYOD and ‘Shadow IT’ is the data on the devices itself. Typically, these devices are not protected using the same software as your servers whether it be on-premise or in the cloud.

 

There are a number of ways you can protect yourself; you can use thin client technology, whether it be RDS, Citrix or VMware and manage data backup centrally. Or you can use products by Veeam or Barracuda designed to backup endpoint devices.

 

Either way, it is crucial you manage the data on the endpoint utilising the same processes as you would with your internal systems. If anything, data at the edge is more at risk due to not being immediately visible to IT staff, this is the same with running security updates. If you don’t know it’s happening, it’s quite easy for people to click the ‘Remind me in 24 hours’ option which allows some margin for the updates not to happen. All of this is controllable within Microsoft InTune.

 

 

Controls are not enough for IT security

 

Independent, objective, expert tests and assurance is essential. You can’t mark your own work, and neither can we, which is why we use specialist partners for security testing. We believe that most risks can be significantly reduced by acting upon the advice of dedicated, highly skilled experts., following empirical testing and isolating vulnerabilities.

 

If you've done ALL of that, closed all the holes and tested it thoroughly, well done.  If you haven't here are the risks:

 

- Risk #1 – Ransomware – infects your whole virtual network and hijacks your systems;

- Risk #2 – Phishing – financial compromise and loss;

- Risk #3 – Breach - an inadvertent or malicious data breach.

  

All of the above can be mitigated.  So, we’ll help you do that, in some cases for free where it’s simply advice on how to configure what you have, or for minimal cost subscriptions where you need something more substantial.

 

Talk to us.

 

Sources:

https://www.contextworld.com/research-updates

https://www.theregister.co.uk/

https://www.barracuda.com

https://labs.bitdefender.com

https://www.ncsc.gov.uk

https://www.infosecurity-magazine.com/

https://welivesecurity.com