Partners need to protect customers from cyber attack during Covid-19

The channel needs to step in to help protect their customers from cyber attack during the Covid-19 coronavirus crisis, according to managed security service provider (MSSP) Effective Cyber Security (ECS).

Rick Gray, CEO of ECS, said a huge number of companies are rushing to enable their workers to work remotely, but few corporate computer systems were designed with such large remote workforces in mind. This has left them susceptible to cyber attack and “more vulnerable than ever to attackers”.

“We’ve seen a huge number of clients frantically trying to enable home working, and in doing so either relaxing security or making misconfigurations,” said Gray.

“This increases the operational risk of cyber attacks. We’ve noticed a huge increase in cyber activity, malware, ransomware, phishing and account takeovers, all exploiting Covid-19.”

Research by Barracuda shows three main types of phishing attacks using Covid-19 themes – scamming, brand impersonation, and business email compromise. Goals of the attacks range from distributing malware to stealing credentials, as well as financial gain.

The research also highlights a spike in spear phishing attacks, which are up 667% since the end of February.

The surge in attacks in April prompted the FBI to issue a warning regarding the different ways in which organisations and individuals can be targeted.

One cyber security specialist said that the volume of attacks trying to exploit vulnerable home workers since that start of the coronavirus has been the highest he had seen. “It’s disgusting what’s going on out there,” the specialist said.

Gray said that seeing the crisis unfold prompted his team at based at Camberley, Surrey to draw on their experience protecting critical national infrastructure (CNI) to design a service that can be used to protect companies from attacks during lockdown.

Free of charge to customers until August, the external scanning service includes a dashboard that enables customers to translate technical data into everyday language. It highlights vulnerabilities, ranks them in order of criticality, and recommends remedies.

“People are still fighting fires and are still in crisis mode, so ECS has been careful to design this service to be as ‘hands free’ for companies as possible. There is nothing to download, install or configure, making it the simplest, most straightforward way to check your security perimeter,” said Gray.

He added that as part of ECS’s initiative to “help organisations in these strange times”, the firm is welcoming other MSSPs and potential partners to offer the scanning service to their own clients.