Cyber Security in the Pandemic-Driven Remote Work Environment

Specific Threats are Growing From Remote Work

Ransomware attacks—in particular–have been growing dramatically during the pandemic. There has been a 900 percent increase in ransomware attacks this year as the virus has spread. For example, a new strain was recently detected that exploited a contact-tracing mobile app meant to monitor the spread of the coronavirus in Canada. It was reported that the ransomware emerged when Health Canada was set to test the app in Ontario before a wider release. Cybercriminals released their own Android package (marketed as the official Health Canada app) on bogus websites that downloaded the CryCryptor ransomware on Android devices when accessed.

The massive remote work environment has also given rise to other threats that targeted popular video conferencing platforms like Zoom. Cyber security researchers recently identified a flaw in the Zoom app that enables hackers to inject malware code into the Zoom app and record Zoom sessions (including chat text) without anyone knowing, even when the recording functionality had been disabled. Bad actors are even harvesting Zoom user credentials and selling as many as 500,000 accounts on the “dark web.” Many organizations, like Google and NASA, recently banned employees from using Zoom to conduct video meetings. 

Where are Attacks Coming From?

Cyber attacks come from all over, but in this new remote work environment, there has been a spike from traditional adversaries abroad. For example, Symantec’s Critical Attack Discovery and Intelligence Team found that a Russian cybercriminal group known as “Evil Corp” has been targeting Fortune 500 companies and was sanctioned by the US Treasury Department for allegedly stealing more than $100 million from banks and financial institutions in over 40 countries. 

Along with Russia, China, North Korea, and Iran pose the greatest danger in cyberspace, according to officials and cyber security experts. Because of the generally weakened security posture caused by remote work, companies in America, in particular, are under siege. 

“Zero Trust” Framework Gaining Momentum

To respond, companies are adopting a variety of distributed security measures, including what’s known as the “zero trust” framework. Zero trust treats every component of the IT infrastructure as a potential compromise. That includes every user, device, service, and the element of data. Perimeter defenses worked well when most assets existed within the firewall, but when most employees are now working remotely, the rules of the game changed accordingly. As a result, more than 70 percent of companies that are now in the reality of remote work is considering the zero-trust model. 

Approach and Skills Will Make the Difference

With so many people working from home and other remote work locations, companies will need to lay out clear cyber security policies for all to follow. Employees will need to change their approach and become more sensitive to security protocols when they work remotely. But skills training for cyber security teams can also make a big difference. 

Forbes recently reported that there will be 3.5 million cyber security jobs left unfilled by companies in 2020. That leaves a lot of room for the upskilling of your cyber security teams. Key certifications include:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM) 
• Certified Information Systems Auditor (CISA)
• Certified Ethical Hackers (CEH)

Any and all of these cyber security certification india  will ensure that the people that try to stay ahead of the “black hats” will always have the education and best practices on their side to secure the “new normal” of remote work environments.