The first half of 2020 brought unprecedented disruption, change and the need for adaptation to businesses and organizations across the world. While leaders have moved to identify and confront a slew of challenges, cybersecurity adversaries have acted just as quickly to take advantage of uncertainty and changing dynamics.
Sharing knowledge, experiences and insights has always been integral to effective cybersecurity protection. Knowing what organizations are experiencing — both in terms of adversaries and their activity, and also internally, as processes, technologies, budgets and opinions shift — is fundamental to achieving widespread best practices.
The CrowdStrike® Asia Pacific and Japan (APJ) State of Cybersecurity survey asked over 2,000 business leaders in Australia, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, Philippines, Singapore and Thailand about their cybersecurity practices during the COVID-19 pandemic, and their future plans as the world enters a period of tentative revival.
By identifying and sharing the gaps, needs and intentions of some of APJ’s senior business leaders, organizations can work to ensure that cybersecurity is not a cause of business failure in the challenging times ahead.
RESPONSE NOW NEEDS TO MATCH INCREASED RISK DURING COVID-19
Throughout the COVID-19 pandemic, CrowdStrike Intelligence has observed an increase in malicious activity. While the scope and variety of these attacks have been significant, there are some common themes.
COVID-19 eCrime: eCrime adversaries have used social engineering techniques and malicious documents referencing COVID-19 to prey on the public’s fear, often using subjects such as health guidance, containment and infection-rate news to mount successful attacks.
Targeting of Remote Services: Many organizations have expanded the use of software as a service (SaaS) and cloud-based remote connectivity services in order to enable and support employees working from home. Criminal actors continually seek to collect credentials for these services, potentially allowing them to gain access to these SaaS accounts and the victim organization’s data. The eCrime big game hunting (BGH) ransomware industry in particular leverages Remote Desktop Protocol (RDP) brute forcing or password spraying for initial entry.
Vishing Robocall and Tech Support Scams: As employees shift to flexible work arrangements such as telecommuting, they will increasingly rely on phone communications to maintain and continue business operations. Adversaries have been observed taking advantage of this situation to conduct malicious operations attempting to mimic official business communications.
Download now to find more information.