Insights blog.

In today’s ever-evolving, competitive business climate, organizations are partnering with more and more vendors to ensure they’re as agile, flexible, and efficient as possible. Now, at a time when as much as 75% of the workforce is shifting to remote work in some industries, this is more true than ever — with organizations seeking to rapidly acquire new software and technology to help accommodate new business requirements.

As federal government guidance on social distancing due to the COVID-19 pandemic is extended through April, a new reality is setting in for federal workers — a prolonged period of telework, even beyond the coronavirus crisis.

Over recent weeks, the ongoing spread of the COVID-19 coronavirus has had a major impact on the global economy and how businesses operate as a whole. More and more organizations are moving to a mandated work from home (WFH) model to help limit the spread of the virus — introducing a variety of unique and constantly evolving challenges for security leaders when it comes to mitigating cyber risk.

As citizens adjust their daily lives to reduce the chances of catching or spreading COVID-19, the risks associated with the pandemic are extending beyond a national health and economic crisis. Cyberthreats, including phishing scams, spam, and other attacks against organizations are spiking by as much as 40% as bad actors seek to take advantage of global uncertainty and anxiety, according to new data from CNBC.

Over recent weeks, the ongoing spread of the COVID-19 coronavirus has forced companies around the country to make difficult decisions about how they can do their part to protect their employees — as well as their communities as a whole.

As the nation struggles to come to terms with the coronavirus and questions linger around our readiness for such a pandemic, government leaders are already grappling with the next potential catastrophe — a major cyberattack against the U.S.

As the world wrestles with the spread of the COVID-19 coronavirus, many businesses are instituting new work from home (WFH) policies to keep employees safe and do their part to help halt the rate of infection. While remote work has long been a reality for many employees and businesses, remote work on such a large scale is frankly unprecedented and has the potential to open entirely new problems for security teams. It may make already challenging but essential work more difficult, and will require a careful reexamination of long standing policies, systems, and procedures.

The Department of Defense (DoD) has one of the largest supply chains in the world, scaling to hundreds of thousands of different vendors and partners. Yet, these vital partners in our nation’s defense infrastructure pose a huge cyber risk.

Since 2017 Bitsight has been working together with Microsoft’s Digital Crimes Unit (DCU) to understand the inner workings of the Necurs malware, its botnets and command and control infrastructure in order to take disruptive action against the threat, including reverse engineering, malware analysis, modules updates, infection telemetry and command and control updates and forensic analysis.  This week, an action took place to disrupt all Necurs botnets, followed by mitigation and eradication actions. 

Cyber hackers are an opportune group of people, hunting like predators and shifting their approach as needed. And now, they’re leveraging the concern and — in some cases — hysteria about the coronavirus outbreak to advance their nefarious objectives.

In mid-February, the Cybersecurity and Infrastructure Agency (CISA) alerted owners and operators in all critical infrastructure sectors to review their cybersecurity programs. The alert came in the wake of a ransomware attack against an unnamed natural gas compression facility that resulted in a two-day shutdown of the facility’s operations.

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on a day-to-day basis.

Earlier this month, ZDNet broke the news that the FBI had sent a cybersecurity alert to the U.S. private sector warning of an ongoing hacking campaign against supply chain software providers. According to the FBI, hackers are attempting to infect upstream companies — particularly those in the energy sector — with the Kwampirs malware, a remote access trojan (RAT).

When it comes to monitoring the third-party cyber risk associated with vendors, suppliers, and others, companies and organizations all over the world rely on Bitsight and OneTrust Vendorpedia. When used together, the two platforms empower third-party risk management teams with enhanced vendor visibility, rich monitoring capabilities, and increased automation throughout the vendor risk management lifecycle.

Quantum computing has the ability to change the world, both for better and worse, and while it may be far off in the future, security teams need to start preparing for the new reality it will usher in.