Coronavirus outbreak is changing the economy, creating disruption across retail, tourism, airline, transportation and many more industries. The virus is also severely impacting supply chains and manufacturing, as it forces a significant amount of companies/businesses to throttle down or temporarily shut down assembly lines in U.S and Europe, where the most vulnerable companies are those that rely heavily on factories in China for parts and material. Furthermore, the balance between supply and demand is fragile, and when both sides are hit, it can unmask deeper issues.
One such example of COVID-19’s impact on the economy is reflected in people’s shifting behaviors; they are avoiding public contact, large events, public transportation, shopping malls, restaurants, flights and more. These self-imposed limitations on outside contact is likewise hitting the workforce; some organizations that never allowed remote work are now implementing it to protect the health of employees and the business itself.
Online living and working creates two major glitches:
- Huge traffic surges. Organizations are ill prepared to handle these; do they have enough bandwidth, for example, if their online customer base doubles in a matter of months? Are they prepared to capture the opportunity and ensure performance and availability of their online systems/services?
- It creates opportunity for threat and nation state actors to leverage the increased attack surface and new segments that arise. If people are opting to conduct their lives and business online (versus in person), thereby creating more online accounts, there’s a bigger opportunity for account takeover, credit card fraud, ransomware, denial of inventory, service disruption and more. What’s more, panic and demand for news makes great breeding grounds for malware.
In the last few weeks, the world has observed an increase in attacks, and moreover, their sophistication and adaption to world events.
- In Japan, threat actors are leveraging coronavirus fears to issue malicious malware campaigns for personal gain
- In the U.S., a similar malicious malware campaign is on the rise, leveraging the tax season in its prime to infect and steal private information
- In Australia, the largest logistics supplier (Toll group) went offline due to ransomware. This resulted in a huge disruption to the general market, as other major businesses couldn’t stock retail stores or deliver to customers. Similarly, the nation’s wool trading system has been breached and taken offline. The entire wool delivery supply chain has been shut down for a few days. How many wool producers were considering the security, availability and integrity of the trade platform as business critical to their operation? Probably not top of mind for most sheep farmers, until now.
Globally, as coronavirus infections increase and spread to more countries, phishing attacks are becoming more pervasive. The most recent example comes from the World Health Organization, a United Nations unit, which warned this week that fraudsters have started to use its name and images as part of phishing attacks and other scams.
Is There Any Good News?
The good news is that inside any disruption are hidden opportunities that the prepared can capture (online businesses with logistics, reviving local producers, etc.). This pandemic has the high likelihood of forcing habit changes on society and a drastic shift in how we operate day-to-day. Some companies will be prepared to capture the opportunities, while some industries will be irrevocably changed.
How can organizations protect their business to better to handle the growing threat?
- Infrastructure protection against disruptive network and application level attacks – To stay protected, organizations need to implement different tools and technologies. For example, DDoS prevention solutions help organizations win the ongoing security battle against available attacks by detecting and mitigating known and zero- day DoS/DDoS attacks in real time. They can protect against emerging security threats that can go undetected by traditional DDoS mitigation tools, such as SSL-based flood attacks, DNS attacks, attacks on login pages and attacks originating from IoT botnets.
- Advanced web application attacks – The digital transformation era is mainly around user experience. Thus, applications become more centric and public facing but at the same time, more exposed to attacks. In order to ensure fast, reliable and secure delivery of mission-critical web applications for corporate networks and in the cloud, a comprehensive WAF is needed.
- Identify legitimate traffic with malicious intent – 26% of the total internet traffic is generated by bad bots. While good bots help accelerate business processes, such as data collection and decision making, bad bots target websites, mobile apps and APIs to steal data and disrupt service. Unfortunately, 79% of organizations cannot distinguish between good and bad bots.
- Cloud workload protection – Moving workloads to a public cloud means new threats. Putting internal resources in the outside world creates a larger vulnerable attack surface, and external threats that could previously be contained can now strike directly at the heart of an organization’s workloads. In other words, when your inside is out, the outside can get in. Cloud providers are vigilant in how they protect their data center. But responsibility for secure access to applications, services, data repositories and databases falls on the enterprise.
- Application delivery and performance – As organizations are adopting cloud as an infrastructure for their applications, for both development and production, new challenges arise because their application portfolio gets scattered across multiple environments. The need is for a new breed of application delivery and security for on premise data centers, private and public clouds, using one centralized service management and control to simplify administration via centralized policies that are proposed that are propagated to all environments and ensure operational consistency.
- Embrace the elastic cloud – Leverage the elasticity of the cloud to flexibly grow business. Those with cloud native applications will be able to scale faster and more effectively.
By Nikhil Taneja, Managing Director-India, SAARC & Middle East