By Ira Winkler, CISSP
The long forgotten show CSI: Cyber deserves to be long forgotten – it was one of the worst shows on TV. It portrayed ridiculous scenarios where highly skilled criminals could turn computers into death traps. The plot of one of the absurd episodes (a very low bar) was that a computer virus caused physical illnesses in people. But as the Coronavirus spreads around the globe, I wonder if I should rethink my criticism…
On second thought, no, I’m definitely not going to do that. The plotline was ludicrous. However, it’s true that criminals are exploiting the Coronavirus for click bait. It is just the latest example of trying to capitalize on someone else’s pain or fear.
The Coronavirus has been used for phishing attacks designed to trick people into entering credentials to find out if they are infected, or to download ransomware. The bad actors are also using the constant media coverage as cover for their efforts to propagate false information just to create fear, uncertainty and doubt. Kudos to Facebook for its ban on ads that promise to deliver Coronavirus cures.
The security industry’s knee-jerk reaction is always to recommend that companies increase their employee education and awareness efforts. Awareness can definitely help, but no matter how well you construct your awareness program, someone will make a mistake.
Just like the best efforts to contain the spread of the Coronavirus can’t provide any guarantees it will stop the virus in its tracks, you will likely never completely immunize your workforce from cyber attacks. However, embracing a multilayered approach to security will enable you to decrease your risk to the point where it becomes negligible. With the appropriate anti-malware prevention and phishing prevention, you should be able to filter out most of the attacks.
It’s not possible for those tools to filter out all attacks so that users never find themselves in the position to mistakenly click on malicious messages. But the combination of awareness programs and technology tools can significantly reduce the risk.
Hardening your defenses requires you to add a fail-safe capability to your systems. There is software that can stop users from clicking through to malicious links. At the same time, you need to prevent malware, such as ransomware, from taking over your system. For those purposes Microsoft Defender AV and Nyotron’s PARANOID make a great combination. Achieving perfection is impossible, but this combination does bring you closer to perfection than ever before.
Whether it is the Coronavirus, a hurricane, earthquake, or the next pandemic, the reality is that criminals will exploit any human suffering. To respond, you need a constant program that is ready for any attack. Malware is not exclusive to disasters.