Industry Thought Leadership

Cyber Threats Are Surging due to the Pandemic

August, 2020
Sameh Sobhy
Managing Director META region

PCCW Global

Critical Post-COVID Cybersecurity Considerations

For most SAMENA businesses, one of the most noteworthy aspects of the current pandemic has been its impact on digital transformation. Businesses across all sectors have been forced to pivot and embrace digital operations. For some companies, digital transformation has merely involved a shift to remote offices, with employees moving to virtual desktops, video conferencing platforms, and cloud services. Yet, for many SAMENA companies, COVID-19 has required an even bolder leap into digital markets. For example, MGM Resorts International is now making a pivot into online sports gambling, as they look to recoup lost profits and cater to customers who can’t make it into physical casinos. “As digital transformation continues to pick up steam, companies need to be aware of the significant security implications at hand,” says Sameh Sobhy, Managing Director META region for communications provider PCCW Global. “Digital transformation is permanently changing the way that companies communicate with workers, partners, and customers,” he adds. Mr. Sobhy identifies three critical security issues that are emerging as the pandemic slowly chips away at our lives. “Across the globe, we’re seeing an increased reliance on virtual interactions; more vulnerable end users; and outdated network architectures,” he stresses.

1. Increased Reliance on Virtual Interactions
The pandemic has led to widespread brick and mortar closures, forcing non tech companies to digitize to survive. For example, many regional retailers have all been forced to update and expand their online shopping strategies, to protect their market share and compete. Unfortunately, many smaller organizations — like small restaurant owners and retailers — are now in over their heads. One issue that businesses are facing is that customers are increasingly moving to virtual hubs to make transactions. As a result, companies are at increased risk for threats like distributed denial of service (DDos) attacks, which can lead to lengthy bouts of downtime. Sustained DDoS attacks, after all, can sometimes last up to 24 hours. “It’s one thing for a large enterprise to be knocked offline for this long,” adds Mr. Sobhy. “It’s quite another for a small to medium-sized business to go 24 hours without internet, especially during busy times.”

It should be noted that DDoS attacks remain a top cybersecurity threat heading into 2H20. By the end of 2019, as many as 167k DDoS attacks were detected, for a total of 437k TB of traffic. This was a 30% YoY increase. And about 170k IoT devices were found in DDoS attacks last year.

SAMENA companies can protect against large-scale DDoS attacks by "scrubbing" or cleaning IP traffic before it reaches the network. This typically involves routing incoming network traffic to multiple data centers, so that DDoS attacks can be filtered and eliminated. Filtering separates legitimate traffic from false traffic, and is done as close to the attack sources as early as possible — shielding the organization from getting overwhelmed by malicious data packets.

However, it’s important to keep in mind that routing traffic to thwart a DDoS attack can add extra time for data to transit the network, which can also negatively impact business operations. As such, it’s important to use local scrubbing centers located at key peering hubs around the world where large volumes of traffic are exchanged.

2. Vulnerable End Users
One of the top reasons why many SAMENA companies have been nervous about allowing remote workers is because end-user behavior tends to change on home networks. Staff members tend to become more relaxed about security when working from home, using insecure devices, running programs, and downloading files that may otherwise be avoided in a private office environment. “In fact, many home workers don’t even run network security assessments, and use networks that are insecure — increasing the attack surface exponentially for the business that’s using the network to transmit sensitive data,” says Mr. Sobhy.

PCCW Global’s European-based security operations center (SOC) manages customers’ security services 24x7, and helps them pro-actively address security issues.

Cybercriminals are aware of this vulnerability, and are actively targeting users over insecure networks via email. Google alone, for instance, has discovered hundreds of millions of daily spam messages related to COVID-19. The industry has seen a major uptick in phishing attempts, which mimic a “Trojan horse” approach to luring unsuspecting victims into opening emails that they think are safe, but in fact carry malicious payloads. Businesses need to try and minimize the chance of data loss from targeted email attacks, and are strongly encouraged to use cloud email protection services, which leverage advanced threat intelligence data and machine learning engines, as well as URL protection, and forged email detection services.

3. Outdated Network Architectures
Organizations also need to update their remote network infrastructure, and migrate away from the traditional combination of leased lines, and VPN-based structures to flexible software-defined wide area networking (SD-WAN) setups that can provide dynamic security management. SD-WAN can reduce infrastructure costs and provide the required flexibility to build or tear down sites in a short period of time — making it faster and easier to provision network services to remote users.

One of the most important things to consider when deploying SD-WAN is that it can be much riskier running traffic over the public internet, versus a private carrier MPLS network. The public internet poses much greater levels of exposure to bad actors and malware. Allowing SD-WAN devices to access the internet directly with its limited onboard security protection is not adequate to protect enterprise assets behind it, so extra protection is needed. The best way to fortify SD-WAN outside of a private MPLS environment is to leverage an advanced managed firewall or cloud security solution, which incorporates a variety of advanced security functions, such as sandboxing, application control, intrusion detection and prevention (IDS/ IPS), quarantining, and web filtering.

Summary
“Of course, these are just a few of the many factors that companies need to consider when enabling remote work,” Mr. Sobhy adds. The above suggestions should be used in conjunction with services such as real-time security information and event monitoring (SIEM), and advanced identity management and access control. “By incorporating these strategies, SAMENA companies can drastically reduce their attack surface.”