The strongest protection is well-trained employees
Photo: Publicity Photo CERT.LV
"It's not a question of if you will be a target of a cyberattack, but when? So, it is smart to be prepared", says Baiba Kaškina, the General Manager of CERT.LV - the Information Technology Security Incident Response Institution of the Republic of Latvia, to Baltic Business Quarterly.
Has Covid-19 changed the cybersecurity risk? If so, how and why?
A Covid-19 pandemic has substantially impacted the cyber environment by forcing businesses and governmental institutions into remote work, thus causing the following ramifications: a remote work infrastructure being set up in a hurry without proper security considerations, poorly configured computers connected to the internet directly, a loose protection of corporate perimeter defences, and privately owned computers without appropriate security measures which have been repurposed for work and are being connected to the corporate infrastructure.
The deployment of insecure connections (e.g. no VPN) could cause information leaks, while the use of weak passwords (e.g. for RDP) as well as lack of a firewall or antivirus could lead to the comptonization of devices and systems. Outside the corporate network, it is much harder to control employees’ actions on devices as well as much harder to ensure protection. More generally speaking, since much of our activities happen in cyber space, the attack surface has increased and there is more room for different kinds of phishing, malware, and extortion campaigns.