If you think the current COVID-19 pandemic is a dire one for business and society, then you should walk a mile in Rola Dagher’s shoes. Dagher, the President of Cisco Canada, grew up in Lebanon and routinely dealt with life in a bomb shelter because of the 15-year civil war in that country.
Her perceptions of the current state of business under COVID-19 is that technology has never played a more critical role as the Internet and networks are keeping people connected, productive and secure. Technology has turned what could have been a dire situation into a watershed moment in how we work and what this means for Canadians.
“There is a silver lining here. While the world has paused, we can work from home, and we are truly blessed to have what we have. At Cisco, we were lucky enough to have the technology in place for remote work, which made our transition to remote work pretty seamless. It allowed us to focus on helping our employees, customers, partners and communities,” said Dagher. “We’re donating networking equipment to help hospitals, senior’s homes and other organizations in need manage through the pandemic. We also have free offers on our WebEx and Cisco security products to help business continuity.”
Next month will mark Dagher’s third year at the helm of Cisco Canada. And, while she has orchestrated many successful moves under her direction, the COVID-19 pandemic has brought about a unique challenge.
And Cisco has tried to meet this challenge head-on by donating more than $225 million in products and services worldwide. This corporate-led endeavour also includes a significant cash outlay on top of the products and services. Additionally, Cisco has encouraged all of its employees to give back to their local communities through Cisco’s matching contribution program or by virtually volunteering their time with Cisco’s community partners.
In Canada, Cisco has provided extended financing options for partners, provided a regular “Ask The Experts” webinars and offered flexible payment terms for small and commercial businesses. They also are ensuring Cisco Canada’s field personnel are protected at all times for any onsite work in cases where they are unable to do the service remotely.
Dagher points to Cisco’s leadership in remote work technology on its WebEx platform to enable people to not just work from home, but any other place too.
During the COVID-19 lockdown, WebEx handled 4.2 million meetings just one day alone. This is more than twice the average on a peak day before the pandemic. Cisco also hosted more than 20 billion meeting minutes in April. That’s up from March’s 14 billion minutes, which was also more than double the number from February. Dagher added that this does not include the many one-on-one WebEx sessions, just group meetings. In March, WebEx registered a record 324 million attendees, with usage more than doubling in the Americas. For comparison, WebEx meetings had 153 million attendees worldwide in January. “We believe at Cisco that work is something you do, not a place you go,” she said.
For Dagher, she wants to put some of her focus on the mental health aspect of COVID-19. “COVID-19 is a big, if not huge, wake up call for every single organization. This is a crisis, and it’s going to be about how you respond and recover,” she said. Her advice to customers and partners in Canada is to ensure employees are all safe, prioritizing their health, and that doesn’t just mean physically but mentally as well. From there, think about the technology solutions required to keep everyone connected safely and securely. “I also urge people to be patient and empathize because sometimes the technology will have glitches here and there. People can get frustrated, and they need to take a deep breath and support them,” she added. “This is the new norm. What we have been doing since mid-March will continue long after. This is a reality check for leaders in all organizations on the way we work today,” she said.
Dagher added that there will be a lot of thought put into if it’s worth a person’s time to commute to work each and every day. Or if operations can be run remotely and what would be the cost/benefit scenarios of a remote business model. Leaders will take a hard look at real estate costs, especially if they are situated in downtown areas of the country. And, finally, leaders will start to measure productivity levels for people who work at home.
“In times of crisis, I believe it brings out the best in humanity. I’ve always led with my heart, my mind and my soul. Today more than ever, we need to rise to the challenge of a lifetime. I lived a difficult life in the beginning, and it toughened me to be the servant leader I am today. I try to empower and inspire people and give them a strong sense of purpose. I encourage people to take care of their mental health. We all need our people to be strong and safe, especially in these types of situations,” said Dagher.
Many businesses have transitioned to a new operating model and are beginning to accept this new normal. With all the challenges facing our world today, one can assume that things will be different for a while. Organizations have begun to mobilize their workforce, and remote-work capabilities are becoming more flexible. Gone are the days when workers were tethered to a dedicated desktop and seated closely amongst their peers.
What does this mean for the security of organizations?
With an increased number of employees working off mobile devices such as laptops, tablets and mobile phones, users will often connect to unsecured networks to access work files. Without proper management of mobile devices, users are vulnerable to malicious attacks, and threat actors are ready to take advantage of this situation.
Here are three ways to help protect your remote workers and secure your organization’s data
1. Device Level Encryption
For many years, encryption has been a standard practice to help protect sensitive data from prying eyes. However, not all devices have device-level encryption settings turned on as a default. If you are an organization that is beholden to compliance, encryption helps to meet those requirements. With added endpoint security, you will have device management, centralized deployment, policy administration, and audit reporting capabilities for all devices associated with your network. This means that if a remote worker’s device becomes compromised, your company’s sensitive data will remain safe, and the infection will be isolated from the rest of your corporate network.
2. Managed Security
Security applications and devices, such as firewalls and Virtual Private Networks (VPNs), are an integral part of any layered security environment. Although these systems generally prevent unauthorized access to and from your network, the virtual alerts and threat identification that they provide usually remain unmonitored. To be effective, remote workers need to have confidence in their data protection systems when signing into their respective networks. Having 24/7 managed security affords your organization a more vigorous defence against potential threat actors. With Jolera’s layered managed security approach, your organization will have real-time alerting on threats filtered through our Security Information Event Management (SIEM) system. In addition to automated protection, live agents will analyze and remediate these threats through our Network Operations Centre (NOC) and Security Operations Centre (SOC).
3. Mobile Device Management
Mobile device management (MDM) enables organizations to ensure its remote workers’ data is always protected. The great thing about MDM is that it can integrate with services such as Office 365 and the Active Directory to control who has access and what they have access to within your network. MDM solutions also provide the ability to set rules and configure settings on personal devices to allow users to securely access company data and networks. MDM can deploy and authenticate apps on devices, both on-premises and remotely.
When deployed properly, MDM can increase the security of devices tenfold by pushing certificates to devices that are in the field, while preparing reports on these users and their devices for compliance purposes. It can also remotely wipe the device if it’s found that the device has been lost or stolen or deemed not in use by the organization.
Each of these security layers can help to protect sensitive data from breaches and threat actors. Managing a remote IT environment means that organizations require a 24/7/365 approach that includes monitoring, support, troubleshooting, maintenance, reporting and asset management for all end-user devices. The need for remote support and network security has become an essential part of business operations.
Customers of one of the largest domain name registrar company – GoDaddy – are being warned about an attack that took place last October. An intruder gained access to users’ login information of their hosting account. The attack was only discovered last April 23. GoDaddy proceeded to reset the passwords for all the 28,000 users affected by the attack.
Your organization should enact a credential monitoring program to be alerted when important credentials leak onto the dark web. Services like Secure IT – User Defence continuously scans the dark web for credential leaks and also train end-users on best cybersecurity practices.
Toll Group, an Australian transportation company said its systems had been targeted by a new form of ransomware called Nefilim. The company that operates across 50 countries, detected unusual activity on some of its servers, which led to delays to customers. The hackers behind Nefilim gain access through vulnerable Remote Desktop Protocol (RDP) servers, like other types of ransomware, namely Nemty, Crysis and SamSam.
Attacks via Remote Desktop Protocol servers are widespread these days. In order to prevent them, organizations should enable 24/7 monitoring and remediation solutions. Services like Endpoint Protection and SIEM (Security Information & Event Management) help avoid or at least isolate these attacks from spreading.
Cisco WebEx Phishing
A series of phishing attacks are targeting Cisco WebEx users by using fake certificate error warnings. These phishing emails include graphics and formatting similar to communications sent by Cisco WebEx to users. Users are requested to click on a hyperlink to unlock their accounts and are then redirected to a phishing credential site.
Users should be cautious whenever clicking links suggesting they need to unlock their accounts. Services like Secure IT – Mail help scan the links within emails to detect if they are legitimate or not. If they are not legitimate, these tools will block users from even visiting the malicious website.
A vulnerability has been identified in Microsoft Teams that involved a simple GIF image. For the attack to work, the victim had only to view the malicious GIF, which illustrated Donald Duck character sweeping a row of Mickey Mouse toys. The attackers were then able to steal data from specific systems and have access into the company’s Teams accounts.
Microsoft has already corrected this vulnerability by updating misconfigured DNS records, thus mitigating the problem.
A new spyware campaign has been identified and has been ongoing for 4 years. Named PhantomLance by Kaspersky, this spyware is distributed by dozens of Android apps available on Google Play (in addition to other points of sale). The attack implements high levels of encryption, in addition to being able to download and execute additional malicious payloads that would be suited to the specific environment of the device.
Kaspersky reported his findings to Google that has since removed the malicious apps from the Play Store.
Critical Adobe Illustrator, Bridge and Magento Flaws
Critical flaws were detected in several Adobe tools, namely Illustrator, Bridge and Magento. These critical flaws include a stack-based buffer overflow flaw (CVE-2020-9555), heap overflow bugs (CVE-2020-9562, CVE-2020-9563), memory corruption glitch (CVE-2020-9568) and use-after-free vulnerabilities (CVE-2020-9566, CVE-2020-9567). Also included are critical out-of-bounds write flaws (CVE-2020-9554, CVE-2020-9556, CVE-2020-9559, CVE-2020-9560, CVE-2020-9561, CVE-2020-9564, CVE-2020-9565, CVE-2020-9569). All of these could be exploited remotely by an attacker, allowing arbitrary code execution.
With remote workers reaching unprecedented levels during the COVID-19 pandemic, strengthening Wi-Fi access points and the devices that access them is becoming a necessity. Unfortunately, very little thought has been given to Wi-Fi in the security landscape leaving many people vulnerable to hackers. Before the onset of the COVID-19 pandemic, people were using public Wi-Fi for collaborating with co-workers, outside suppliers and customers, along with friends. What made public Wi-Fi so useful was that it was widely available and, more importantly, free. As of last year, there were a total of 362 million public Wi-Fi hotspots available around the globe.
Know the types of Wi-Fi attacks to watch out for.
The most often used attack for WIFI is
called Man-in-the-middle. Hackers use Man-in-the-middle to intercept data
packets as they travel from the person’s computer to the WIFI network. Think of
this as cyber-eaves dropping. The hacker has access to your files and can view
your messages. For a man-in-the-middle attack to work, the hacker needs to be
in the range of an unencrypted WIFI access point. Or has set up a rogue WIFI
access point that the unsuspecting person signs in on.
Do you ever go into a Starbucks to
work? You check for free WIFI, and you see two Starbucks access points available.
You don’t give it a second thought and click on the wrong one. Well, that’s an
Evil Twin situation, were the access point that looks legitimate, but isn’t.
One of the more famous Evil Twin
attacks happened during the 2016 Republican National Convention, where 1,200
attendees connected to the IVOTETRUMP! Hotspot.
AirCrack, Passive Sniffing,
Cowpathy and many more…
To prevent remote workers from these
types of attack methods, what’s needed is to look at security more
holistically. Many people, especially during this unique time, are unaware of
the risks of using unsecured Wi-Fi. The organizations that these people work
for also fail to take the proper precautions to protect remote workers wherever
they are located and the data they access.
Organizations need to think of the whole picture instead of letting their deployed devices out in the wild. Data should be protected behind a Firewall, the devices accessing the data should be monitored and protected with endpoint protection. Instead of installing an access point and walking away, think of WIFI-as-a-Service, that includes a wireless access point but does much more such as advanced security information and event analysis, real live threat detection and remediation.
Each step taken builds upon your organization’s security posture and keeps both your users and your data safe and secure.
Google released a stat this week that 39% of its workforce is away from its various offices in the U.S. In Canada, its 44%. Also, this week, research firm Gartner Inc. reported that 88% of organizations have set up some work from home program.
Many organizations had little or no plans
for securing these workers at home previous to the COVID-19 pandemic, which has
created an opportunity for threat actors to target these people. Most of these individuals
are focused on trying to be productive, while self-isolating to remain safe and
healthy. For many, this new work-at-home reality has been challenging. The
hacker community is taking advantage of this crisis to target vulnerable people
who have their minds distracted by things at home.
Hackers are finding success using hidden mobile apps and unique distribution methods, according to the latest McAfee Mobile Threat Report 2020. The report found that mobile apps, third-party login and counterfeit gaming videos are the tools hackers are using to lure remote workers. Approximately 50% of all malicious threats were as a result of hidden mobile apps.
Terry Hicks, the executive vice president
of McAfee’s Consumer Business Group, said mobile threats are playing a game of
‘hide and seek.’ McAfee has uncovered that hackers have expanded the ways of
hiding their attacks, making them increasingly difficult to identify and
remove, which makes it seem like 2020 will be the year of attacks from places
organizations least expect them.
McAfee’s research found that hidden apps are the most active mobile threat, generating nearly 50% of all malicious activities. Hackers continue to target people through channels that they spend the most time on— their devices, as the average person globally is expected to own 15 connected devices by 2030. Hidden apps take advantage of unsuspecting individuals in multiple ways, including taking advantage of third-party login services or serving unwanted ads. Here are a few examples.
Remote workers who are learning how to work from home are dealing with gaps in there day that they occupy by playing games and seeking other multimedia experiences. Hackers are taking advantage of this by distributing malicious apps through links in gamer chat apps and cheat videos by creating their content containing links to fake apps. These apps disguise themselves as real with icons that closely simulate the actual apps but serve unwanted ads and collect user data. McAfee researchers uncovered apps such as FaceApp, Spotify, and Call of Duty all have fake versions trying to prey on unsuspecting users.
New Mobile Malware
McAfee researchers have also discovered new mobile malware called LeifAccess, also known as Shopper. This malware takes advantage of the accessibility features in Android to create accounts, download apps, and post reviews using names and emails configured on the victim’s device. McAfee researchers observed apps based on LeifAccess being distributed through social media, gaming platforms, malvertising, and gamer chat apps. Fake warnings are used to get the user to activate accessibility services, enabling the full range of the malware’s capabilities.
Legitimate Apps Used by Hackers
There are also legitimate apps aimed at stealing data used by Hackers. McAfee researchers found that a series of South Korean transit apps were compromised with a fake library and plugin that could exfiltrate confidential files called MalBus. The attack was hidden in a legitimate South Korean transit app by hacking the original developer’s Google Play account. The series provides a range of information for each region of South Korea, such as bus stop locations, route maps, and schedule times for more than five years. MalBus represents a different attack method as hackers went after the account of a legitimate developer of a popular app with a solid reputation.
What’s clear is that with so many more remote workers in play, hackers will have a bigger pool of people to target, which is why a comprehensive suite of security, backup, and management solutions for those who use Office 365 is an excellent route to protecting these users.
During this time of COVID-19, people need to protect their email with powerful tools that can scan the email tenant for phishing and malware. Not only do they need tools to look for the usual suspects but also advanced AI systems and tools such as a Security Information and Event Management (SIEM) system. These tools find suspicious or malicious events and have an extra layer of security by having real human beings that can take action and remediate potential security threats.Services such as Secure IT – Mail are able to fulfil the needs of keeping users secure while working remote.