Organizations around the world are adapting to respond to the impact of the novel coronavirus (COVID-19). Companies may experience increased stress and challenges across their security programs arising from increased remote user demand, site availability impacts, stringent travel restrictions and requests for social distancing. Security organizations may also urgently need to deploy critical software and infrastructure to help support and secure a remote workforce or fulfill business priorities.

Sadly, but not unexpectedly, threat actors are attempting to take advantage of this crisis and their ability to exploit the expanded attack surface that an increased remote workforce introduces, and to exploit less-savvy workers with new phishing and malware campaigns masquerading as coronavirus news, tools and heat maps. All of these factors may result in additional pressure on already strained security teams to handle increased alert monitoring, investigations and incidents.

At IBM Security, we understand that corporations and institutions around the world count on us to help during challenging times like these. That is why we want to offer this practical advice and assistance.

Limit Your Attack Surface as Virtual Work Increases

Given recommendations for employees to work from home, virtual and digital interactions can increase an organization’s network activity and the number of connected devices on those networks. Some employees could be using personal and family-shared computers, tablets and mobile devices, increasing security risks.

With remote work, employees are frequently outside on-premises protections such as content filtering, intrusion prevention and even basic firewalls. Employees who do not traditionally work from home can be more vulnerable because of the unfamiliar work environment and are therefore more susceptible to phishing attacks and scams. Additionally, threat actors are attempting to attack organizations to disrupt, spread misinformation and capitalize on this crisis.

IBM Security X-Force is observing threat actor attempts to take advantage of this disruption to our normal work routines and work environments. To help combat these attempts, we are offering no-charge access to all COVID-19/coronavirus threat intelligence collections on the IBM X-Force Exchange. These collections share details of known threat actors and how they’re exploiting COVID-19 with recommendations to proactively protect organizations. Organizations will need their front-line security teams to be fully operational with proactive detection, response and remediation plans in place to navigate changes to the environment in order to limit the impact of a security event.

Strengthen Security Posture by Deploying Security Solutions

During this time when extra vigilance is needed, organizations may have software solutions or infrastructure that are yet to be deployed, but the need for remote access, higher bandwidth and extra security precautions calls for immediate action. Organizations can strengthen their security posture by implementing or scaling security software and infrastructure. You may need experts to help you with these pressing needs. If you are facing impacted resources, you can lean on experts to virtually extend your security operations, optimize existing solutions and maximize the value of your security solutions.

Protect Disparate Endpoints with Response Solutions

Increased remote work results in disparate endpoint security for an organization. Across all of your security vendors, there is a need to secure and protect endpoints interacting with your company data, applications and infrastructure. As we continue to publish a collection of known threat actors and how they’re exploiting COVID-19, we perceive an elevated endpoint risk resulting in the need to respond rapidly to cybersecurity incidents. A Managed Detection and Response (MDR) team can be up and running quickly to virtually supplement and support security operations center (SOC) staff in preparation for the possibility of finding your organization short-handed.

Develop Security Strategies with Virtual Consulting Solutions

During these unprecedented times, organizations may find the need for new strategies on managing risk. Our global advisory consultants can be there for you virtually and help guide you through strategy development and operational planning to meet today’s demands. From translating security intelligence to action or SOC optimization for this disruptive shifting of workforce capabilities, we are here to be your security resource through these dynamic times.

Our team of global advisors serving in more than 170 countries is ready to help solve your most complex security challenges. With experience running some of the largest security programs in the world, our thought leaders advise boards and security teams on improving alignment and execution of cybersecurity goals. Additionally, we help clients with crisis management and response in a virtual manner, which is not only achievable but crucial for these unique times.

Virtual Skills and Resources to Help You Stay More Secure

The current global pandemic has created a new set of security challenges. Whether you need to enable secure remote access for unanticipated volumes of people, establish proper strategies and staffing for your SOC, gain greater security over endpoints, verify your incident response posture or solve a wide variety of other unique security needs, IBM Security is here to help. We can help you pivot quickly and effectively with remote expertise to quickly optimize your security controls, review policies and deploy more capacity to support an increased remote workforce. We can provide 24×7 threat monitoring and response with IBM Managed Security Services to remotely help protect your organization.

Listen to the Think Digital recap on the Security Intelligence Podcast to learn more about addressing key risks business leaders face when supporting a new remote workforce environment.

Listen to the Security Highlights from IBM Think Digital 2020

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read