Cybersecurity experts weigh in on COVID-related cyber-threats in the 4th installment of Cisco’s Navigating The Shift. The board of panelists include Kerry Singleton (Managing Director of Cybersecurity, CISCO APJC), Emmanuel Caintic (ASEC, Department of Information and Communications Technology and Raymond Nunez (GIAC Information Security Expert, DEFCON Black Badge and former security consultant of the DICT).
Alarmingly, a lot of businesses are underprepared for emerging threats. According to Kerry Singleton, CISCO Managing Director of Cybersecurity (APJC): “We found that 54% of organizations across the Asia Pacific region, they actually said they were somewhat prepared (for remote work). 7% of them weren’t prepared at all for this style of working. You could imagine the panic and urgency around some of these setups that were having to be deployed to customer environments. You know, we really connect from outside the corporate walls. Secure access is really important. Cybersecurity is a huge challenge. At the same report, it was flagged up for being an issue of 63% of remote workers.”
Remote working makes cybersecurity more challenging for companies and businesses. Each device is a point of vulnerability, especially if the terminal has access to sensitive data or administrative functions. The shift from physical to virtual made security policy changes necessary, even for government agencies.
“Our government agencies had to double up their efforts in securing their systems because most of the transactions (had) to be done online. There’s also been an increased vigilance on our part because there have been also increased attempts in attacking our government websites and our government online transactions. We are also in charge of making sure online commerce is not going to be interrupted. As we move towards online shopping, we also have increased reports on issues relating to online commerce. There are more attempts on phishing and more attempts also on cyber attacks,” related ASEC Emmanuel Caintic.
Email and social engineering are two of the most common ways people fall prey to cyberattacks. However, since the pandemic, SMS and voice-based phishing became more prevalent. Text messaging apps have no spam filter, making it harder for users to recognize scams.
The panelists agree that cyber-hygiene should be practiced to ensure data security. And according to them, most users can protect themselves using the built-in tools found in their PCs. Unfortunately, lack of awareness in cybersecurity standards leave people vulnerable. And according to Information Security Expert Raymond Nunez, this isn’t new phenomenon. In fact, most users have been wide open to attacks even before the pandemic.
“Another thing that we encountered (with) the recent breaches was (something) we also knew in the past: weak credentials. People are using very weak credentials and attackers just try to get in with ‘password123’ or ‘password 1234’, and surprisingly are able to penetrate organizations with that. Last thing, we saw an increase in credential stocking wherein if I am an attacker and able to breach, let’s say, ‘organization A’, people (use) the same username and password across multiple online platforms. So (the credentials for) ‘company A’, I’m just gonna re-tie it with ‘company B’ with the same username and password. Then, most of the time, I’m going to get access to their accounts there,” says Nunez.
Multi-factor authentication, enabling antiviruses, putting up firewalls and a more discerning attitude are all necessary to ensure data security. For businesses, user awareness is just as important. Nunez stresses the importance of constantly educating remote workers, so they’re knowledgeable about the cybersecurity landscape.
Businesses – big or small – would do well to invest in basic end-to-end security, according to the panelists. Some companies make the mistake of foregoing security, as they think they’re ‘too small for cyberattackers to target’. “Having no security is really low-hanging fruit for the attackers,” reiterates Singleton.
Watch episode 4 of Cisco’s Navigating The Shift entitled “Cybersecurity Today: Addressing the new threat landscape” here: