Pandemics, Phishing, Remote Workers, and VPNs

CYRIN Newsletter

Who Will Survive, Who Will Thrive:
Pandemics, Remote Workers, and VPNs

Employees working from home and depending on third-party tools for day-to-day operations have rendered businesses and their networks more vulnerable to attacks. Cybercriminals are always adjusting their methodologies; they’re experts at exploiting any possible opening. And the current pandemic has only increased our exposure to cyberattacks.

According to CSO and security firm RiskIQ, the pandemic has increased the cybersecurity work organizations must do. Not only must businesses protect their digital assets on the internet, they must also “manage threats to their customers and employees, especially as many of their workers now do their jobs from personal devices running inside unsecure home networks.” Because employees and customers are often operating outside corporate firewalls and web security gateways, they are especially vulnerable to phishing and additional online threats.

Phishing? CYRIN can help with that.

Even before the pandemic, we lived in a world of ever-growing digital engagement; the current health crisis has only increased this trend. As Lucian Constantin reports in “Enterprise Internet Attack Surface is Growing,” malicious actors are taking advantage of more people working from home, additional users sitting outside the perimeter, and a growing number of exposed corporate digital assets. Constantin writes, “Attackers now have far more access points to probe or exploit, with little-to-no security oversight."

CYRIN has exercise attack/defend scenarios which help you determine what vulnerabilities you might have.

In “A New Decade of Threats” on Digital Shadows, Ivan Righi highlights how the “ongoing COVID-19 pandemic has impacted nearly every aspect of social and business interactions across the globe.” For some companies already accustomed to remote work culture, the shift to work from home policies and the use of third-party tools like video conferencing apps has been a smooth one. But for others—schools, for example, or health care providers—the change has been more challenging, leaving the door even more open to cyber threats.

The increase in remote workers has led to an increase in the use of virtual private networks—or VPNs, “a series of virtual connections routed over the internet which encrypts your data as it travels back and forth between your client machine and the Internet resources you’re using, such as web servers.” A lot of sensitive data is on those networks. And a man-in-the-middle attack on the remote connection from a home can grant an attacker a dangerous amount of access. There are several types—so it’s important that you pick the VPN that meets your security needs and is configured properly.

CYRIN has a lab called "VPN Server Configuration with OpenVPN" that teaches how VPNs work and how to set up a VPN server.

According to Ran Shahor, in a recent edition of Dark Reading, COVID-19 is changing both the ways we do business and the ways we live our lives, affecting how we interact with the environment and with each other. Shahor points to how we have seen “cash transactions disappear while online deliveries are booming.” He notes that even when shops open, “they are set to be little more than window dressing,” and restaurants that used to specialize in providing dining experiences “have become well-appointed delivery kitchens.” You name it, we now consume it digitally—entertainment, sports, birthdays, classes, celebrations, meetings, even memorials. Everything is happening online.

“From a business perspective,” Shahor writes, “this means some industries are struggling and may even disappear, while entire new sectors are being created from scratch.” But from a cybersecurity perspective, our current crisis presents a unique opportunity to transform the way people view security. Rather than the stigma of “security-as-a-blocker,” security can become the very thing that makes business possible again. Shahor puts it this way: “it is no longer survival of the fittest, but survival of those who can adapt the fastest—and also the most securely.” Will we, as an industry, rise to the occasion and its cybersecurity demands?

What can you do?

According to Threatpost, to remain viable in the long-term, organizations must remain secure. Here are three essential steps in the battle to keep remote workers—and your network—safe:

  1. Training and Continuous Education: With more and more people working remotely, cybersecurity education is more important—and urgent—than ever. Train your employees (and their families!) about cybersecurity, about what malicious actors are doing, about security principles and technology. Your company is only as secure as its weakest link.
  2. Endpoint Protection: “Adding an EDR solution to end-user devices can go a long way toward protecting your network,” Threatpost reports. A good EDR solution keeps endpoints and your network free from malicious malware by providing pre-infection and post-infection defenses.
  3. Using AI and Automation: Cybersecurity teams are already overworked and struggling to meet the demands of their jobs. Automation and artificial intelligence can help by supplementing the work human teams are already doing. For example, “with an advanced AI-based solution in place, files and URLs can be rapidly analyzed and labeled as clean or malicious—which helps security teams then quickly determine where they need to put their focus.”

It’s a challenge for companies to detect new techniques employed by bad actors and hackers and cybercriminals looking to exploit possible vulnerabilities in your defenses—especially when the work landscape is changing quickly in response to a global pandemic. CYRIN can help you size up your vulnerabilities, and our tools will allow you to learn with hands-on training, proven as one of the most effective ways to teach a number of different skills.

CYRIN provides students with virtualized instances of exercises, accessed using a standard web browser, to provide a realistic and safe environment so that attacks can be simulated without compromising the integrity of the system. The only way to protect against bad actors is to deal with those weaknesses before they do.

The pandemic is changing everything, and if you are involved with cyber security this crisis will affect you directly in subtle and not so subtle ways. The world may never return to pre-pandemic “normal,” but we can certainly be more prepared for the new realities we’re confronting.

< Read other CYRIN Newsletters

Contact Us for details to Set Up a CYRIN Demo

Watch CYRIN: The Next-Generation Cyber Range

Learn More About How CYRIN Online Training Can Benefit You