Adapt Security Processes in Response to COVID-19

Adapt Security Processes in Response to COVID-19

[NOTE: Dr. Vigna shared similar thoughts as part of our Lastline Speaks video series.]

The coronavirus pandemic has changed the way in which we relate to other people, carry out our work, and interact with various components of our business and security processes. There are a few ways in which this new work at home, social distancing, quarantine situation has affected the security of our work environment.

Three things come to mind. First of all, since everything happened at such a fast pace without time for preparation, many workers find themselves using their home computer for security-critical tasks.

This has two drawbacks. On the one hand, it is difficult to secure those platforms as tightly as the platforms that were used within the enterprise. At the same time, a compromise of those computers would not only disclose enterprise-related information, but also very personal information, opening employees up to new forms of exploitation by cyber criminals. This is one of the challenges that has definitely affected many companies and many employees of those companies.

The second thing is that the coronavirus brought a general sense of anxiety. Everybody wants to know the latest news about the situation, the infection, the response. What are the possible cures? Is the infection rate tapering off? Therefore, there is a tendency of reacting very promptly to emails that contain references to this kind of information or topics.

We have seen an enormous flare of COVID-related spam campaigns, mostly targeted to distribute info stealers, which are malware programs that will steal your personal information for later scams, such as identity theft, and similar types of attacks. The criminals saw and are actively pursuing an opportunity to exploit COVID‑19 to create new waves of attacks that are themed after this pandemic.

The third thing is that we have moved many processes that were usually human‑centric to the virtual world. There are many situations in which the checks and balances for security relevant processes were carried out by somebody walking to someone else’s office and asking permission. These processes have been disrupted by the virtualization of the work environment.

Now that the requirement of having physical presence in the same place at the same time is gone, this virtualization creates new opportunities for business email compromise scams that feature the impersonation of a senior executive of a company.

We don’t know what the future has in store, and it’s certainly possible that these conditions will persist even after the pandemic has abated. Therefore, we, as security professionals, need to do several things.

First of all, we need to have renewed attention to the security of our employees’ working environments. For example, using virtualization can improve the security of your environment. Having one virtual machine for work-related data and activities that is separate from the virtual machine that is used for entertainment and personal activities will create at least some protection. It’s important that these two worlds do not collide and bleed into each other.

Second, we all need to be very diligent about emails that come to us and resist the temptation to click on documents, attachments, and links, especially when they’re related to any COVID‑19 news.

Finally, we need to rethink our business processes to take into account the virtual nature of today’s workplace. We need to create new checks and balances in our virtual environment, so that important security-critical decisions are made with the right level of protection and consideration.

It’s a little bit of work that we have to do to make our workplace secure again, but a little bit of effort can go a long way to make our processes, our companies, and our personal life a lot more secure.

Giovanni Vigna

Giovanni Vigna

Giovanni Vigna is one of the founders and CTO of Lastline as well as a Professor in the Department of Computer Science at the University of California in Santa Barbara. His current research interests include malware analysis, web security, vulnerability assessment, and mobile phone security. He also edited a book on Security and Mobile Agents and authored one on Intrusion Correlation. He has been the Program Chair of the International Symposium on Recent Advances in Intrusion Detection (RAID 2003), of the ISOC Symposium on Network and Distributed Systems Security (NDSS 2009), and of the IEEE Symposium on Security and Privacy in 2011. He is known for organizing and running an inter-university Capture The Flag hacking contest, called iCTF, that every year involves dozens of institutions around the world. Giovanni Vigna received his M.S. with honors and Ph.D. from Politecnico di Milano, Italy, in 1994 and 1998, respectively. He is a member of IEEE and ACM.
Giovanni Vigna