The Rising Remote Workforce and Cybersecurity Threats

Abhinav Raj, Writer
@uxconnections

As the coronavirus crisis compels global workforce to operate remotely, the surge in cyberattacks emerges as another challenge for them to overcome

If one crisis is here, can another be far behind? 

The past few months have seen a dynamic shift from an office-based to a work-from-home economy as the global workforce retreat to their homes to practice social distancing and reduce transmission of the notorious SARS-CoV-2. 

A survey by Massachusetts Institute of Technology conducted early in April showed that about 33.3% of the 25,000 American workers responded to the pandemic by shifting to remote work, hinting at what may be a paradigm shift in the way the world works post pandemic. However, this transition may have left firms across the world vulnerable to new threats to networks and endpoints. 

Cyber threat actors have been actively leveraging the global health crisis for their onslaught on organisations through disruptive and malicious activities, including but not limited to stealing and exploiting data. 

On April 23, the World Health Organisation reported an alarming fivefold increase in cyberattacks directed at its employees through email scams. 

“This week, some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response”, reported the WHO, in the newsroom post. 

“The leaked credentials did not put WHO systems at risk because the data was not recent. However, the attack did impact an older extranet system, used by current and retired staff as well as partners.”

A coterie of cybercriminals impersonating the WHO in emails deliberately targeted the general public with links embedded in emails leading to fraudulent donation funds. Since the unfortunate turn of events, the organisation has been taking stringent measures to consolidate cybersecurity in collaboration with the private sector and briefing its staff on potential security risks in order to prevent any further exploitation.

Not coronavirus, but computer virus

In a related phishing attack, cybercriminals were reported impersonating the Centre for Disease Control and Prevention by sending emails laden with links that would download malware onto a system allowing them to steal data and hijack IT systems. These emails were sent as ‘infection prevention’ notices against COVID-19. 

The CDC has since urged vigilance and asked to inculcate good security practices to reduce the likelihood of a debilitating cyberattack. 

The Council of the European Union on April 30 addressed the rising trend of malicious cyberattacks directed at essential operators, including the healthcare sector in the Member States, condemning the heinous act exploiting the coronavirus pandemic and putting lives in jeopardy. 

“The European Union and its Member States condemn this malicious behaviour in cyberspace, express solidarity with all countries that are victims of malicious cyber activities and underline their continued support to increase global cyber resilience,” stated Josep Borrell, High Representative of the European Union on behalf of all the 27 EU Member States. 

“Any attempt to hamper the ability of critical infrastructures is unacceptable. All perpetrators must immediately refrain from conducting such irresponsible and destabilising actions, which can put people’s lives at risk. We need the entire world to stand united in this global fight against the virus. It is a matter of humanity and universally shared values.”

This has not been the first instance of the intervention of an intergovernmental organisation into the domain of cybersecurity. The United Nations General Assembly’s First Committee devised a body for the furtherance of peace, stability and security in the sphere of cyberspace.

The United Nations’ Open-Ended Working Group (OEWG) of the General Assembly is the world’s sole intergovernmental forum that provides for international discourse to develop a common framework to enforce responsible behaviour in cyberspace. 

The secretariat of the OEWG is preparing its final report that will provide an overview of the discourse that has taken place, suggesting reforms in the norms, international laws and other proposed measures to make cyberspace more secure. 

During this time of crisis, the work-from-home culture is here to stay for quite a while, say the tech giants in the industry. Google CEO Sundar Pichai in an all-hands meeting concurred to the idea of adopting the work-from-home model for the remainder of 2020, while Twitter CEO Jack Dorsey went so far as stating that with the exception of those required to be physically present in the office, Twitter employees may permanently work from home post pandemic. While a commute-free work model may be looking good, its subsequent pitfalls demand consideration. 

The trend of cyberattacks has been on the upward curve and it’s likely to remain that way as cybercrime actors exploit the vulnerability of endpoints, as more employees turn to less-protected home computers to log in to corporate networks, subsequently leading to the creation of more weak links in the security chain. 

Until a point in time all of its vulnerabilities are patched, the permanence of a work-from-home model seems like a distant dream. 

But dreams do come true.