The fight against Covid-19 inspires companies to improve cyber hygiene

06 Jul 2022 350 views

While the Covid-19 pandemic has changed the hygiene habits of people around the world, cyber pandemic is another crisis that companies need to be aware of and guard themselves against.

The Covid-19 pandemic has changed the hygiene habits of people in all four corners of the globe. Health safety measures such as frequent hand-washing, going into quarantine, getting vaccinated and wearing a face mask to keep viruses at bay are now deeply etched into our consciousness. While the pandemic is apparently subsiding, remote work and online shopping have given rise to a new form of crisis: cyber pandemic. Today, various kinds of cyber attacks are on the rise. Companies that fail to put in place measures against this new pandemic could see their operations easily disrupted by cyber attackers. At worst, an entire business could meet its own demise.

Content

Be aware of security risk in digital transformation given the highly infectious nature of computer viruses
Types and impact of severe cyber attacks
Take preventive steps by drawing reference from anti-Covid pandemic measures
A good sense of cyber hygiene helps reduce risk of infection
Managed security services for self-protection: the way to go amid shortage of talent and funds

Be aware of security risk in digital transformation given the highly infectious nature of computer viruses

Viruses are worrying because they are infectious. According to the World Health Organisation, the average infection rate of the SARS virus, which Hong Kong people are familiar with, is 1:2-4 , and that of the Zika virus, a mosquito-borne flavivirus, is about 1:2 to 6.6 , compared to 1:2.5 for Covid-19. If an epidemic is not controlled properly, it will lead to widespread community outbreaks and serious loss of lives and properties. The same is true for computer viruses. According to a cyber security report, the infection rate of cyber attacks is at least 1:27, and that of the computer worm, slammer, is even more striking, doubling every 8.5 seconds on average. A computer attacked by such a virus may face dire consequences.

Meanwhile, because of the Covid-19 pandemic, many companies have sped up their pace of digital transformation. They are adopting more remote work tools and are becoming more dependent on cloud applications and online shopping platforms in order to maintain their operations. As a result, these companies now face a much higher risk of cyber attacks. The cyber security report also pointed out that cyber attacks against corporate networks in 2021 increased notably by 50% compared to 2020. All these indicate it is high time for companies to ramp up their cyber defence capabilities.

Types and impact of severe cyber attacks

Type of cyber attack	Introduction
Ransomware	The attacker encrypts a company’s computers and computer files with advanced algorithm encryption, forcing the company to pay a ransom for decryption. The attacker also steals the victim company’s confidential data in what is a double extortion.
Infostealer	The attacker mainly wants to steal a target company’s confidential information, such as information related to intellectual property technology, financial reports and customer data. Such information will then be sold in the black market or used to blackmail the victim company.
Phishing	The attacker sends phishing emails to employees of a target company, luring them to open a malicious link or file. Using a malicious link, the attacker can extract login details of the employees to carry out further attacks. A malicious file, on the other hand, enables the attacker to install malware in the internal network of a company, such as Trojan horse and ransomware.
Distributed Denial of Service	A botnet manipulated by the attacker bombards the victim company’s server with invalid requests trying to connect to the server. The purpose is to overload the server and exhaust its computing resources, thereby causing suspension of the company’s operations.

Take preventive steps by drawing reference from anti-Covid pandemic measures

Thanks to efforts to curb the spread of Covid-19 in Hong Kong, we have learned that the key to fighting a virus is to block its paths. That involves measures such as collecting the latest information on virus variants, closing borders, and placing people coming from abroad under quarantine. If a person shows Covid-19 symptoms after the quarantine period is over, causing local transmission, the government can still curb the spread of the virus by sending that person to an isolation facility and tracing his or her close contacts. The fundamental principle of these measures can be applied to the formulation of preventive measures to promote cyber hygiene.

Covid-19 preventive measures	Measures to prevent cyber attacks
Real-time virus tracking	Collect the latest threat intelligence, and get to know the methods used by different cyber criminal syndicates as well as the characteristics and attack methods of different malware and their variants, so as to boost the detection and interception capabilities of network security tools.
Predict infections based on big data	Use artificial intelligence to analyse virus data and news, and predict the trends of cyber attacks and how they evolve. This can help strengthen a company’s cyber security and prevent cyber attacks.
Strictly implement quarantine measures for travellers	Establish a “zero trust” security policy. For example, implement strict account authentication and adopt the practice of privilege management. Depending on their ranks, employees’ access to sensitive data can also be restricted.
Build isolation facilities	Adopt a variety of isolation solutions, such as opening suspicious-looking email attachments or web links in a sandbox, and using the micro-segmentation technique to divide internal networks and infrastructure. Sandbox enables employees to work without disturbance while preventing a virus from spreading. The micro-segmentation technique enables a company to keep the scope of cyber attacks or virus infection under control, thus minimising losses.

A good sense of cyber hygiene helps reduce risk of infection

在網絡安全方面，有九成以上發生於企業的網絡攻擊都屬於人為事故，因此企業管理者有必要加強公司及員工的「網絡衛生」意識。

More than 90% of cyber attacks on companies are man-made incidents. Companies should raise employees’ awareness of cyber hygiene.

In the fight against the Covid-19 pandemic, there are surely ways to keep the virus at bay, but not all anti-pandemic measures are watertight. Nonetheless, if people can maintain good hygiene habits and observe social distancing rules at the beginning of each wave of the pandemic, they will be able to avoid infection and help curb the spread of the virus. In terms of cyber security, more than 90% of cyber attacks on companies are man-made incidents. Therefore, company managers should raise employees’ awareness of the importance of cyber hygiene.

Raise awareness of cyber security	Provide regular training to employees to raise their cyber security awareness. Illustrate with data and real-life examples related to their profession.This will make it easier for them to understand the problem, lower the chances that they will open malware or phishing links, and enable them to understand the latest cyber attacks methods.
Self-test	Conduct penetration tests on a regular basis to check for any loopholes in infrastructure. Through these tests, a company can also identify employees with a weaker sense of cyber security and then provide them further training.
Safe vaccination	Install official updates for software and hardware as soon as possible to effectively prevent cyber attackers from exploiting a company’s known vulnerabilities to carry out attacks. Comply with safety rules and regulations to minimise the risk of cyber attacks and data leak. Use cloud backup services and regularly carry out data recovery tests to ensure data can be recovered.
Use safety equipment	Strengthen end-point protection to protect employees’ computers and IoT devices Use email protection tools to filter suspicious emails. Formulate a password policy, which may involve not allowing employees to use weak passwords or reuse a password. Companies can also consider providing password management tools for their employees.

Managed security services for self-protection: the way to go amid shortage of talent and funds

全球不少企業已傾向採用網絡安全託管服務（Managed Security Service）或網絡營運中心（Security Operation Centre）服務，透過網絡安全專家及先進的分析工具，解決網絡安全問題。

Many companies around the world now use managed security services or services provided by security operation centres. Cyber security issues can be resolved with the help of network security experts and advanced analytical tools.

To counter increasingly sophisticated cyber attacks, companies must keep improving their cyber hygiene. However, some enterprises with limited resources and talent well-versed in cyber security simply cannot afford advanced security tools or do not have the money to hire full-time talent. Besides, with the ever-changing attack strategies of cyber criminal syndicates, it seems companies can hardly avoid being attacked in the cyberspace.

To overcome the challenge, many companies around the globe now use managed security services or services provided by security operation centres. Small and medium-sized enterprises with limited resources in particular prefer tackling cyber security issues with the help of cyber security experts and advanced analytical tools. The solutions on offer cover different areas, including secure network connections, login permission, traffic distribution and control, and network segmentation. Managed security services also help companies detect potential loopholes and solve security issues.

Contact Ricoh’s Cyber Security Team