Cyber Tips for Managing New Attack Surface in Age of COVID

Posted: May 6th, 2020

By Eric Hipkins

Eric Hipkins is the founder and Chief Executive Officer of R9B, a global leader in cybersecurity products, services and training for the U.S. Department of Defense, Fortune 500, financial markets, critical infrastructure and the international community. Since founding R9B in 2011, Eric’s vision has been to introduce military-grade cyber defense concepts to private enterprises. As a pioneer in cybersecurity, Eric first introduced the concept of threat hunting to commercial markets as early as 2013 with the development of the Edison award-winning ORION HUNT platform. Today, he leads a team of more than 100 professionals dedicated to continuous innovation for the protection of information and automated physical systems. A military veteran, Eric is an accomplished cybersecurity, threat intelligence, linguistics and cryptology professional with more than 25 years of specialization in advanced cybersecurity and technical intelligence operations. Eric founded the firm after a career that spanned more than two decades of intelligence service for the Defense, Intelligence and Special Operations community. A graduate of the National Security Agency’s premier internship, Eric led the combined joint/multi-agency task force responsible for the technical prosecution of the WMD search for the President of the United States George W. Bush and Congress. Responsible for standing up the United States Army’s most sensitive cyber operations unit, Eric was instrumental in the recruiting, training and development of the Army’s cyber mission force. A recipient of the Knowlton Award for significant intelligence contributions to the United States of America, Eric has served across numerous forward deployed, denied and contested regions supporting the most critical intelligence operations. Eric serves the academic and philanthropic community as both a mentor and instructor. He routinely provides commentary and analysis on cybersecurity issues for national print and media including Wired, Fast Company, CBS, National Defense, Forbes, and Bloomberg among others. Eric is professionalized by the National Security Agency (NSA) as an Intelligence Analyst and adjunct faculty. He is a member of the Homeland Security Advisory Council’s Cybersecurity subcommittee, Cyber Initiatives Group, and Forbes Technology Council, among other cybersecurity and business organizations. Eric holds a master’s degree and maintains numerous professional cybersecurity certifications.

This column is part of our new series, ‘From the C-Suite’, focused on bringing you perspectives on threats as they see them from leaders in the private sector.

Eric Hipkins is the founder and CEO of R9B, a provider of cybersecurity training, products and services for the U.S. Department of Defense, Fortune 500 companies, financial markets, critical infrastructure and the international community. He is a former Intelligence Analyst and adjunct faculty for the NSA and has worked in direct support to the President of the United States of America and members of Congress.

R9B owes much of its roots to the military and intelligence communities, where mission success is imperative. Overnight, we have seen COVID-19 upend all aspects of cybersecurity operations and introduce new vulnerabilities across the enterprise.

The fact that over 80% of employees have shifted to remote network access due to COVID-19 is not lost on cyber adversaries who eye this period of rapid transformation as an opportunity to exploit an expanded attack surface. They know IT and cybersecurity teams had little to no time to prepare for the dangers this crisis presented and will not hesitate to act if organizations fail to remain vigilant.

Times like these require a renewed commitment to the fundamentals of cybersecurity. It’s not just about having the right tools, but also the right knowledge and experience to protect your organization and employees from new tactics and entry points. With that in mind, there are 8 Key Security Threats and Insights to consider with today’s expanded remote workforce:

VPN Is Not Absolute Security for Remote Work. Having a “VPN solution in place” does not address the security requirements of operating on untrusted or unknown networks. Tip: Require employees to apply security updates, update anti-malware applications, protect system credentials and be vigilant against COVID-19 social engineering activities.
Spear Phishing. Malicious actors use email campaigns to exploit fear and uncertainty. Tip #1: Train your teams to be extra vigilant regarding suspicious emails about COVID-19 cures, tele-health, medical supplies, or stimulus money and to avoid clicking on suspicious links or attachments — just to name a few! Tip #2: Utilize trusted resources, anti-virus software, and secure DNS servers that automatically drop phishing domains.
Watering Holes are a Threat. Adversaries use fake websites to steal Personally Identifiable Information (PII) or introduce malware. Tip: Proceed with caution and utilize free browser extensions for Adblock software and website security inspection tools.
Credential and Access Management. The WFH paradigm has scaled credential and access management, introducing major security issues and possible unauthorized access to networks.
Telework Security Processes. IT teams must make firewall and Remote Desktop Protocol (RDP) decisions to ensure business continuity, which might weaken network security. Tip: Require passwords that are strong and secure, use Multi-Factor Authentication (MFA) when possible and conduct security assessments against newly configured services.
Database Security. As with Network Hygiene, IT teams may be forced to ensure business continuity by weakening database access control security. This may result in misconfigurations as teams rush to make corporate resources available. Tip: Understand methods of implementing proper security, especially if you are forcing deployment to cloud services, such as AWS, Google, or Azure.
Supply chain vulnerabilities. “Shelter-in-place” mandates have created a massive demand on the supply chain where normal supply lines could be adversely affected. Deviations from typical procedures to maintain productivity and business continuity may unintentionally provide an attacker access to the network. Tip: IT teams must be mindful of potential attack vectors used to modify normal network software or hardware (i.e., firmware modifications to routers, firewalls, computers) with backdoors or malicious capabilities.
Teleconference and other software vulnerabilities. As WFH demands increase, reliance on teleconferencing software has increased and exposed vulnerabilities in some of these tools. Tip: Stay up-to-date on the security posture of the software you are using and avoid making meetings, teleconferencing links, and screen sharing public. Also ensure software is up-to-date.