COVID-19: Organizations More Exposed to Cyberattacks

To slow the spread of COVID-19, Luxembourgish companies have widely adopted remote working whenever possible. For cybercriminals, this organizational shift represents a significant opportunity. How can organizations protect themselves?

In just a few days, companies were forced to completely rethink their operations to enable employees to work from home. While health risks were reduced, other threats have emerged. In particular, organizations face an increased risk of compromise of their information systems and data.

Increased Exposure to Risks

“Throughout the year, we help our clients deal with attacks carried out through various digital channels,” explains Laurent Untereiner, Department Manager, Sales Unit – Network & Security at Proximus NXT. “In the current context, however, companies are more vulnerable to cyberattacks. First, because employees are permanently connected. This is not necessarily the case in the office, where they also spend time in meetings or on the move. Today, all communications take place via the internet. Second, the stress of the current situation increases the likelihood that people may act without taking the usual precautions, driven by emotion.”

Cybercriminals Exploit the COVID-19 Context

Just days after the implementation of pandemic-related measures, cybercriminals adapted their strategies, using COVID-19-themed tactics to attempt to compromise their targets. “And the fact that everyone is alone at home, facing a malicious email or call, significantly increases the success rate of attacks,” comments Laurent Untereiner.

It is therefore essential that companies, after having made considerable efforts to enable remote working, adapt their IT security management to this new context.

“Whereas yesterday 90% of system connections were made from the internal network and 10% via the internet, today the situation is reversed. It is important to adapt the company’s security policy to this shift and to consider the Zero Trust model,” continues Laurent Untereiner.

Raising User Awareness

“In the short term, the priority is to raise user awareness of the risks,” explains Laurent Untereiner. “They must be reminded that the rules in place at the office also apply at home. It is important to reinforce the reflexes acquired in the professional environment, which are often lost when working remotely.”

“For example, users should be reminded not to click on unusual links and to regularly log out of professional tools. The risk of compromising company systems by visiting websites in a personal context or checking emails via a personal webmail account is significantly higher.”

Strengthening Security Systems

“When working remotely, it is essential to secure connections that pass through the internet between employees’ homes and the company datacenter,” notes Laurent Untereiner.

Companies must first implement secure solutions for remote access to corporate resources. Two priorities stand out: ensuring data confidentiality by encrypting communications, and verifying user identity through strong authentication mechanisms.

However, this is only a first step and not sufficient on its own.

“It is also necessary to ensure that any action initiated by users on the internet does not compromise company resources. Various tools, such as Cisco Umbrella, can block access to malicious sites or code remotely, whether the action is initiated for professional or personal reasons by the user—or even by a program running on a company laptop protected by the solution.”

Gaining Visibility Over All Activity

In addition, security teams must have full visibility over all network and application activity.

“Thanks to artificial intelligence solutions, we can more quickly isolate unusual connection patterns among alerts or identify users accessing data they do not need for their job,” explains the expert. “By having visibility over users’ workstations and overall activity, we can better organize responses to potential attacks and prevent any compromise.”

To support companies that may lack the necessary resources and expertise—and which, in the current crisis, must focus on their core business—Proximus NXT offers its cybersecurity services through its SOC, the Cyber Security & Intelligence Operations Center. These services include prevention through remote user awareness campaigns, vulnerability detection via penetration testing, and incident response in the event of a confirmed security breach. Together, these services enable companies to assess their exposure and security level while monitoring and protecting their users, infrastructure, and business environments.