Security Analysis: Reopening in the Wake of COVID-19
As shelter-in-place restrictions relax and employees gradually return to work, it has become clear that operations during the COVID-19 epidemic will be anything but a return to normalcy. Virtually no sector of the economy will be unaffected in these trying times, and the challenges each vertical will face will prove new and unique.
Areas like Finance, Retail, Construction, and naturally Healthcare are all forced to alter business procedures to meet new safe-distancing requirements. Some companies brace for greatly increased foot traffic, others for close to none. In this new world economy, businesses must adapt to survive. But they must do so carefully; many are underprepared for the security risks that come with operating a digital business.
This article will break down and analyze the strain being placed on some of our most vulnerable sectors, and the unique challenges each face in surviving this pandemic.
Industries in Focus
Banking & Financial Institutions
Telemedicine is on the rise in accordance with safe-distancing guidelines
New sensor technology allows for treatment at home or in a temporary clinic
Difficult but necessary adherence to HIPAA in all communication
Certainly the industry struck most directly by the spread of COVID-19, the healthcare industry’s response has been the topic of extensive debate and scrutiny. As clinics fill up with infected patients and supplies of critical medical equipment dwindle, healthcare companies are turning to new technology solutions to keep up with the ever-growing number of cases.
Unlike other industries that can make a straightforward transition to operating remotely, hospitals and other health care organizations require physical space for face-to-face interaction with patients. Unfortunately, space is finite and sometimes inadequate to quarter the exponentially growing number of patients. To mitigate this issue, some clinics are opening up remote monitoring facilities. While medicine can’t be practiced completely remotely, doctors can use connected devices in order to monitor patients’ vitals from a distance. That way, even if a facility isn’t nearby, patients can expect to be monitored and cared for while freeing up hospital space for the most critical cases.
Data pipelines here therefore are not equipped with the same level of protection as permanent installations in conventional hospitals. However, during a time where cyberattacks on healthcare facilities have roughly doubled, organizations can’t afford to expose sensitive data.
Any vulnerability could be deadly; cybersecurity thus be made a priority--especially in clinics offering remote monitoring.
Next school year will begin with new safe distancing and sanitation guidelines
Online learning alternatives will require careful handling of student data
Text and video communications with parents must be kept confidential
As the season for virtual graduations comes and goes, faculty and administrators turn their thoughts toward the coming school year. September is approaching much more rapidly than a functional COVID vaccine. Teachers, staff, and security personnel will need to work together to adapt to new safety regulations as a result.
The previous semester serves as a case study for the rise of alternative learning technologies replacing a classroom environment. While not fit to fully replace the traditional classroom, remote learning via a Learning Management System and video conferencing has proven to be an effective stopgap in the event of secondary outbreak and quarantine. However, the transmission of private student records introduces a new vector of risk. To combat this, schools are required to maintain best-practice data encryption standards.
Food and Essential Retail
Businesses should prepare for an uncharacteristically large influx of shoppers
Managers will be expected to enforce local guidelines around distancing and PPE
Many businesses will transition to a full or partial e-commerce model
While many have remained open during the lockdown, brick-and-mortar businesses are unilaterally bracing for a drastic increase in both in-person and online orders. Many companies that previously had little online presence now have no choice but to offer online order and delivery services. In making this transition, they expose themselves to new and unfamiliar risks. Opening one’s doors to the digital public means doing so to hackers as well. With the rapid and unorganized transition to digital business, the incidence of Corona-related retail scam sites has skyrocketed.
Online retail ranks among the most popular targets for scammers and thieves. In the US alone, nearly a trillion dollars are exchanged between internet users and vendors every year; COVID-19 will only increase that amount. Businesses must prioritize the security of their payment systems during these unpredictable times. Insecure payment systems are susceptible to attacks like e-skimming, where bad actors infect an online shop with malware that intercepts payments and steals sensitive user data like credit card numbers. Similar to real-world skimming, these attacks are difficult to detect in many cases because they don’t impact the normal operations of the target website. However, through careful monitoring of antivirus tools, IT professionals can immediately respond to or even prevent attacks like these.
Banking & Financial Institutions
Many branches will reopen to meet increased demand as stimulus checks are distributed
Frequent sanitization will be necessary for public-facing ATMs and cash
Financial institutions are facing a higher incidence of attempted fraud during the crisis
Compared to retail, businesses in the technology and financial sector are less directly affected by the looming threat of infection. Outside of a few key operations, most employee responsibilities can be accomplished from home with little issue. Many firms offered the opportunity to work from home even before shelter-in-place orders were issued. However, no matter how accustomed businesses are to remote work, they are still vulnerable to the increased cybersecurity risk brought on by this global pandemic. This risk is only increased by the fact that nearly all functions are handled remotely. Now more than ever, businesses and banks must ensure that their internal networks are secured using best practices.
Criminals have increasingly been using Coronavirus related fears to lure in unsuspecting victims. Finance, technology, and enterprise businesses have all been the target of a massive surge of spam emails related to COVID-19. These emails promise recent updates or official statements regarding the virus, hoping to capitalize on fear or uncertainty to lure otherwise careful employees. Attacks like spearphishing and cryptojacking can result in credential theft or malware infection, both of which have lasting consequences for a business. A single infection can quickly propagate across a network and result in disruption of service or even data breach.
Supply Chain & Manufacturing
An uneven shift in demand is inevitable between essential and non-essential goods
Reliance on human-free automation will greatly increase due to its safety
Emerging technologies will enable remote monitoring of operations
When COVID struck the manufacturing supply chain, it did so completely unevenly. Demand for certain goods has all but shut down, while the need for other sectors like PPE manufacturing has exploded exponentially. In the midst of all this chaos, supply chain managers and IT professionals must maintain a watchful eye that their predominantly digital equipment isn’t compromised.
The Cybersecurity and Infrastructure Security Agency (CISA) has identified manufacturing and other areas of the Supply Chain as a Critical Infrastructure Sector. This means that their maintenance and production is key to the continued functioning of our consumer economy. Noting this group to be among the most vulnerable sectors, CISA has issued a checklist to help executives and employees prepare for infrastructure protection, supply chain, and cybersecurity issues in light of the COVID-19 coronavirus.
Notorious hacker group TA505 has been noted as one of the major sources of Coronavirus-themed phishing and malware attacks launched at the pharmaceutical and healthcare manufacturing spaces. Malicious agents like these aim to remotely sabotage these incredibly vital suppliers, then extort a massive payoff in exchange for their repair.
Empty offices and changing headcount will prove a security liability
Many will continue to work from home, increasing the incidence of cyber attacks
Cybercriminals will continue to employ COVID-related phishing and spam attacks
While much of the populace returns to work amid relaxing shelter-in-place orders, many large enterprise and technology companies are extending the duration of their work-from-home policy. For some organizations, these arrangements will continue only for another month, whereas others have offered employees the chance to go remote “forever.” In either case, operations will be greatly altered to adhere to meet safe distancing standards.
Many open-floor plan offices simply do not have the square footage to allow employees to maintain the recommended 6 foot radius of isolation. In these cases employers must either acquire additional real estate or selectively prioritize which employees to bring back first. In addition, offices with open floor plans are extremely susceptible to airborne infection when compared with the traditional closed-office model. Some experts go as far to say that COVID will completely obsolete the open-office as we know it.
To learn more about security risks faced by all organizations, check out our latest cybersecurity guide, Protecting Your IoT Platform from Cyberattacks. Inside, you’ll find a detailed breakdown of the top threats facing modern digital enterprise.