Harnessing the power of threat intelligence to navigate cybersecurity amidst COVID-19

By Mary Jo Schrade, Assistant General Counsel, Regional Lead, Microsoft Digital Crimes Unit Asia

MJ phootoEach year Microsoft releases its Security Endpoint Threat Report, which offers critical insights into cyber threat vectors identified by analyzing the more than eight trillion signals that pass through the Microsoft Cloud every day.

In Asia Pacific, we leverage this data to analyze local trends in the ever-evolving threat landscape. The latest report, which covered a 12-month period from January to December 2019, revealed that developing markets in the region were most challenged by ransomware and malware encounters. In contrast, the developed markets struggled with an increased volume of drive-by download attacks. Within the region, the difference between developing and developed countries can largely be attributed to the varying levels of technological development and cyber hygiene practices, including the extent of the usage of genuine software across the region.

In 2020, however, like almost everything else, the global COVID-19 pandemic has upended the playing field,  accounting for new risks and trends impacting the volume and nature of the attack vectors.

According to the Microsoft Threat Intelligence Protection team, every country in the world has seen at least one COVID-19 themed cyber attack, and, of the millions of targeted messages we see each day, roughly 60,000 involve COVID-19 related malicious attachments or malicious URLs, including attackers impersonating  established entities like the World Health Organization (WHO) and other health related oragnizations to leverage these organizations’ credibility to trick people into clicking on links in unsolicited emails. Cybersecurity awareness is particularly crucial at this time, as cyber criminals have taken advantage of the global situation.

What COVID-19 means for Cybersecurity in Asia

woman looking at computer

With business continuity and operational resilience at stake, awareness of key cybersecurity considerations is crucial, as many organizations look at a long-term shift towards work from home.

We believe the security implications of COVID-19 will continue to remain important for a long time to come:

  • Digital Empathy – Security has proven to be the foundation for digital empowerment in a remote workforce. Cloud-based endpoint protection technology enables employees to work when, where, and how they need to work and can allow them to use the devices and apps they find most useful to get their work done.  After all, security technology is fundamentally about improving productivity and collaboration through inclusive end-user experiences.
  • Zero Trust – Over the past two years, Zero Trust has emerged as a key security philosophy for businesses. COVID-19 has allowed for a real-life demonstration of why it’s important. Companies relying on traditional ideas of securing workers through “walls and moats” at the perimeter (aka firewalls) were both more susceptible to COVID-19 themed threats and were less able to meet the demands of a newly remote workforce. (Zero Trust shifted from an option to a business imperative in the first 10 days of the pandemic. The Zero Trust architecture will eventually become the industry standard, which means everyone is on a Zero Trust journey whether they know it or not.)
  • Diverse data for better threat intelligence – A blend of automated tools and human based insights are needed to identify new COVID-19 themed threats. With adversaries adding new pandemic themed lures to their phishing attacks, organizations need to bolster their security foundation with strong threat intelligence, which is derived from analyzing a diverse set of products, services and feeds from around the globe.
  • Building Cyber Resilience – It is human nature to plan for the last crisis. Global events like COVID-19 highlight the need to have a response plan that expects the unexpected.  A strategic combination of planning, response, and recovery helps establish a comprehensive Cyber Resilience strategy to enable secure remote work options, whether in the short or longer term.
  • Integrated security – People often thought about security as a solution to deploy on top of an existing infrastructure, but events like COVID-19 showcase the need for truly integrated security for companies of all sizes. As a result, integrated security solutions are now seen as imperative.

As organizations adapt to the new reality and its cybersecurity implications, there is an equally critical, if not higher, need to educate employees so they don’t become the weakest link in the security chain. This can be accomplished through:

  • Educating employees on the importance of Multi-Factor Authorization (MFA) solutions and setting up MFA for digital tools is an important way that organizations can reduce the risk of identity compromise.
  • Communicating employee guidelines clearly, including sharing information on how to identify phishing attempts, distinguishing between official communications and suspicious messages that violate company policy, and the procedure of reporting suspicious email.
  • Selecting a trusted application which ensures end-to-end encryption for enabling remote working audio/video calling. With the barrage of news and ongoing discussions, many users are in crisis mode, making them more vulnerable than ever to deception.

While we can’t always predict what new cyber threats may lie in the future, it should be the goal of every organization to keep the data of its users and customers secure and private — more so in these challenging times.

Related Posts