Commentary: Even as phishing and other attacks rise in the wake of COVID-19, white-hat hackers are readying their defenses.
Under the strain of the COVID-19 global pandemic, we’re seeing a great number of people rise up to help others. Unfortunately, we’re also seeing a number of bad actors taking advantage of the situation to launch cyberattacks, including (perversely) against healthcare-related organizations. Unfortunately, the very things that may “flatten the curve” of the coronavirus outbreak also put cybersecurity at risk, as HackerOne CEO Mårten Mickos said in an interview.
SEE: Coronavirus and its impact on the enterprise (TechRepublic Premium)
Exploiting the new not-so-normal
As captured at TechRepublic sister site ZDNet, COVID-19 is putting new stresses on our already somewhat fragile corporate defenses, as bad actors live up to the adjective (“bad”). Under siege, IT departments suddenly have to deal with securing dramatically more endpoints while managing device sprawl.
Nor is this all, as Mickos catalogued an array of new threats in the wake of novel coronavirus:
- COVID-19 impostors: Phishing and fake websites;
- People working from home depend on Wi-Fi routers that may not be secure;
- People working from home may create or take into use new software tools and services that may not be as thoroughly tested and protected as the tools they normally use;
- If companies have not enforced multi-factor authentication, when people work from home, the risks will go up; and
- Security people working from home may not be able to react as fast to incidents as if they are physically in the office, in the Security Operations Center.
SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)
White hats to the rescue
Fortunately, in addition to the continued efforts of IT departments everywhere (including significant increases in bug bounty programs), white-hat hackers are also lining up to fight back. One of these HackerOne hackers, Tommy DeVoss, took to Facebook and Twitter to advertise his (free of charge) services to combat this security sludge:
Nor is he alone. A plethora of other security professionals are raising their hands to join in. At some point we’ll get through the pandemic and life will return to normal (and these security professionals will get paid for the valuable work they’re doing). But for now, like many others in healthcare and beyond, they’re contributing their talents to minimize the harm created by COVID-19.
Disclosure: I work for AWS, but nothing herein relates to my employment there.