2020 – what a year has it been so far… The world around has changed so much, so quickly. I wont touch here how serious the economical after effect is going to be, for everyone’s sake, including mine. 2020 and COVID-19 has already marked it’s place in the history.
I still remember reading this article on 3rd of Jan 2020: Company shuts down because of ransomware, leaves 300 without jobs just before holidays. The actual company closure has been announced on 2nd of Jan. To cut the story short – the company has been hit with a ransomware attack and they’ve decided to pay the ransom hoping to get keys to their data back. What has happened next? They got asked for payment again, and again, and they’ve kept paying. And this has resulted in 300 people entering 2020 without a job. It was a very unpleasant read to me personally.
The beginning of 2020 was not all bad news: The new decade has begun relatively well, with a six-month low of only 61 disclosed cyber security incidents. (and only 1.5 billion records breached, source). It will be interesting to see how the 2020 is going to end in terms of cyber security and breaches.
In Nov 2019 I wrote a quick blog post and said: As business guardians, we ought to be ready for the unknown which may come tomorrow. And the unknown has arrived and I believe there is a lot more to come ahead of us…
With all companies moving to working from home model where possible, execution can differ greatly. For example, my close family member has been asked to work from home. This individual has been asked to use a personal computer to access company resources. The remote solution itself is very unreliable and there are pretty much no security controls in place. Businesses are taking so many shortcuts and some seem to be ignoring risks and consequences related to those. And based on the above example, consequences can be life changing for both businesses and employees. I understand that some business are simply not ready for what’s happening right now. But I urge everyone responsible for these businesses, please take a step back, think and do what’s right to secure your business and people. Bad guys are not going to take a break. They know exactly that this is the perfect time to attack vulnerable companies. And they will go after everything they can: private sector, public sector, infrastructure and even health services. We all remember the WannaCry ransomware attack in May 2017 which took NHS offline here in the UK – the estimated cost to the NHS of £92m and over 19,000 appointments cancelled.
SANS has made freely available ‘Work-from-Home Awareness Kit‘ – a great collateral which you can use if you need some guidance on how to quickly train employees to work (and children to learn) from home safely and securely.
I would like to finish this very brief post by quoting Bruce Schneier:
Worrying about network security seems almost quaint in the face of the massive health risks from COVID-19, but attacks on infrastructure can have effects far greater than the infrastructure itself. Stay safe, everyone, and help keep your networks safe as well.