Cyber security during the COVID-19 pandemic
The concept of cyber hygiene is relatively new in Romania. It defines a series of measures every PC user needs to take in order to be protected in the virtual space. Such measures are all the more necessary since the use of the Internet has been significantly growing during the COVID-19 pandemic. "A great many companies had no choice other than shift their working procedures to teleworking, with little, if any, time to make sure the required security measures are up to the mark. And that prompted them to be more susceptible to such attacks, since their employees need to log on to the companies' resources using their own computers at home, which more often than not are connected to networks with minimum protection. As remote working continues, employees ought to take additional security measures, beginning with the creation of a strong password for their remote work instruments" or at least that is what a couple of IT professionals working with Kaspersky say. Kaspersky is a global cyber security company founded 23 years ago. At present, Kaspersky provides security for more than 400 million individual users and 270,000 client companies. Each time users log on to their corporate networks from home, no matter what instruments are used, specialists recommend users to take a series of measures. Among them, the use of different and strong passwords to access the resources of the company, updating all software programmes installed on their computers, using the most recent version of such programmes. Encrypting is also recommended, in the case of computers used for work purposes, as well as making backup copies for the critical data. An analysis carried by Kaspersky has revealed that all told, the brute force-type cyber attacks perpetrated in quarantined countries have reached the number of 100 million, or thereabouts, in March this year, that is three times as many attacks as compared to data reported for the month of February, which means that such attacks have intensified since the outbreak of the COVID-19 pandemic. Brute force cyber attacks are actually attempts to detect the username and the password for RDP, which is one of the most familiar remote access tool for the working stations or servers. In such attacks, several options are randomly tested, until the right combination is discovered. Once the remote access is secured for the targeted computer in the network, the attacker can do almost anything with the computer, from spying to the stealing of information.
Cyber-attacks are sure to intensify in the coming period, Dan Cimpean, General Director at Romanian National Computer Security Incident Response Team CERT-RO has told Radio Romania. During the pandemic, the nature and level of sophistication of such attacks have changed. Moreover, cyber crime networks and state actors perpetrate their attacks in new versions.
Dan Cimpean:
"Because of the coronavirus, we have all started to work as mere users, we have been working from home to a greater extent than before. We use computers and applications, more and more, we use the Internet. The number of attacks is expected to progress accordingly, it won't be on the wane. Attacks will intensify, will become more diversified in scope, in the level of sophistication, of complexity, plus the fact that the response they get from everybody will be a little bit different as compared to what had happened before."
Dan Cîmpean advocates the idea of a cyber protection officer to be employed in institutions and organizations. Their role should be that of a cyber security contact, just as it happens in the case of personal data protection.
Mihai Rotariu is the spokesperson for CERT-RO. Mr Rotariu gave specific examples of recent cyber-attacks, which are tantamount to perpetrating crimes of attempted fraud for companies in Romania.
Mihai Rotariu:
"One of the methods was the e-mail spoofing, which actually means forging the return address for the sent email messages to conceal the identity of the real address the message came from. Companies need to have a clear-cut security policy, a clear checking procedure must be in place for the legitimacy of the prices required via e-mail and, obviously, a set of rules will have to be put in place, so that attempted fraud may be reported. And, as employers, we must carefully check the e-mail addresses where such demands have been sent from, we should never open suspicious links or attachments and we must also be extremely cautious, restricting info posted on social networks about the company.
We cannot deny the COVID-19 crisis has had its impact on us all, as individuals, on the society, on the institutions. The crisis a stark reminder of how strong our dependence on the digital domain is. Because of that, we need to aware of the fact that the number of cyber threats for those who work on a computer is on the rise, or at least that is what those with The National Computer Security Incident Response Team emphasized. The more we use the digital technology, the more exposed we are. Besides, we need to be able to understand the threats, we must take primary cyber hygiene measures, we should not forget the rules, we need to be open and learn extensively. Specialists also say we should not get stuck up in a mindset having to do with technologies that used to be operational in the past, we must accept, we must embrace the digital progress. Specialists estimate an acceleration as regards digital transformation. The new technologies will be very quick to appear, they will be used by everybody, by people of all walks of life, of all age brackets. Whether they are citizens or public bodies, the speed of change is there for them all, we have seen it already and we need to learn how to live with it.
( Translation by Eugen Nasta)
Useful Links
Copyright © . All rights reserved