Cybercriminals love confusion and the COVID-19 outbreak is creating the perfect environment for them. David Higgins from CyberArk explains how online shopping on the clock is feeding cybersecurity concerns
Under lockdown, five-minute trips to the supermarket have become a thing of the past. Local shops across the country have played host to snaking queues that trail off round corners and into the distance. Once inside, some items are nigh on impossible to find.
Shoppers are also instructed to maintain two-metre distancing, which is no small challenge in busy aisles.
For many, online grocery shopping has emerged as an attractive alternative. Research from Nielsen Homescan supports this trend, revealing a marked increase in online FMCG sales.
By itself, an increase in online purchasing naturally leads to an increase in cyber-threats. This should be of concern for businesses, with the prospect of millions of employees logging on to corporate devices from home, posing a significant cybersecurity threat.
Before the pandemic even started, a Neteller survey discovered that 20% of the UK population shops online during working hours. This provides cybercriminals with an opportunity that more often than not cannot be ignored.
The public conversation around the pandemic is beset by uncertainty. Google Trends data shows that the search term “uncertainty” soared to its highest level in the UK in five years between the 15th and 21st of March this year.
Cybercriminals are taking advantage of this confusion. Why? Uncertainty almost always leads to vulnerabilities. And this year it won’t just be personal data and assets at stake, but corporate information too.
The corporate laptops that we use to snap up bargains aren’t isolated devices. They are, potentially, a gateway to more lucrative data and assets. Even the ability to hold a city to ransom or an opportunity to take down critical infrastructure could result from something as basic as a ransomware attack that starts on an end user’s device. And this isn’t just a potential threat at the moment.
Reports of data breaches have been coming in thick and fast since stringent lockdown measures were put in place. The threat is already here.
Businesses’ cybersecurity spending has gone through a period of exponential growth over the past decade. That being said, contemporary threats can fool basic anti-virus and firewall tools that might once have been effective. Ransomware, for example, can be delivered directly to an employee’s inbox and, with some social-engineering sleight of hand, infect a corporate network.
An Accenture study found ransomware to be the fastest growing form of attack affecting businesses in 2019, increasing 21% in 2018. Businesses are dealing with the equally potent issue of malware – a threat that can arise from landing on an infected web page.
Organisations worldwide recognise the problem. Our own Global Advanced Threat Landscape survey found that ransomware and malware were seen as one of the top three threats faced by 59 percent of respondents (all of whom were security professionals). But what is the appropriate remediation when malicious actors are constantly changing tack to elude the latest and greatest detection mechanisms?
In a sense, cyber-attackers progress similarly to rivers; they follow a path of least resistance. An attack penetrates a network from initial foothold on an endpoint to a target asset in the same way that a river meanders around corners and obstacles on its way to the sea. Compromising privileged credentials represents the path of least resistance in many instances, providing access to the most sensitive areas of a network. They are, therefore, almost always what an attacker seeks.
The case is no different when it comes to our current period of inflated online activity. Attackers have already been exploiting cultural trends to support their social engineering techniques, predominantly to seize credentials and exploit a user’s privileges.
The management of privileged credentials is known as privileged access management and involves the implementation of strict access controls over individual accounts within an organisation’s network.
Providing users with unique credentials each they time they require access to data/information means security teams can limit user access to the specific areas of a network staff require in order to fulfil their work obligations. By doing this, attackers are denied freedom of movement and are much less likely to move laterally across a network even after compromising a user’s account. Without these controls, cybercriminals can hop from one account to the next, slowly making their way towards the more critical assets.
Despite its vital nature, securing privileged access has often missed the top spots in corporate cyber-defence strategies.
Two pieces of evidence from CyberArk’s study back up this worrying picture. First is that only 41 percent of security professionals understood that privileged credentials exist on user machines.
The second is that only 27 percent said that their organisations were planning to introduce the principle of ‘least privilege’ security on the infrastructure running their business-critical applications.
One way to look at it is: if you don’t know something is there, it’s hard to protect it. As we experience this ‘new normal’ way of working, locking down least privilege on employee laptops is an extremely effective way of stopping an attack from spreading. It’s not just access to user machines that is at stake here, but to the valuable assets and data held elsewhere in the network.
Diminishing the menace of this new threat is not out an impossible task, however.
By limiting personal online activity on corporate devices, employees can take a massive step towards protecting their organisation’s assets.
Similarly, being sensible about web browsing on a work laptop can provide an extra line of defence. Security teams are ultimately the guards to the citadel. Buttoning down every loose hatch in the network is critical to reducing the chance of an attack seeping through.