COVID-19 Phishing Threats Reinforce Need for Collaboration in Email Security

EYAL BENISHTI-01

As COVID-19 persists worldwide, the majority of businesses are choosing to maintain a work-from-home mandate indefinitely, despite some state and local government decisions to the contrary.

However, the business decision to have entire workforces continue to operate remotely isn’t as cut and dry as one might think. While the safety and security of employees should, and usually does, trump all else, lost productivity, diminishing comradery, and declining revenue also figure into the verdict.

And in 2020, so too does cybersecurity.

Cyber Security Skill Gap – Fixed with Diversity and Creativity

Today, many companies have policies and procedures to limit cyber risk for employees who
work remotely, whether that be occasionally or on a full-time basis. But such guidelines weren’t written with permanent work-from-home for everyone in mind, nor were they written for a scenario in which attackers are aggressively exploiting a global pandemic.

Email security challenges during COVID-19

We’ve all seen the cybersecurity headlines in recent weeks. From impersonating government entities and nonprofit organizations like the World Health Organization to spoofing the IRS and even President Trump, phishing attacks preying on people’s coronavirus’ fears, uncertainties, and doubts are trending worldwide. One company’s research also suggests that phishing attempts have increased by more than 600% since COVID-19 emerged, although those numbers have not been independently verified.

Majority of Enterprises Expect to Suffer from Email-Borne Cyber-Attacks

In addition to seizing on people’s emotions, attackers realize that work from home mandates do not exclude a company’s cybersecurity team. Yes, cybersecurity has been classified as an “essential” profession in the United States, so in theory, such employees could maintain in-office hours. But it is unlikely that the vast majority are doing so, especially those who work for companies with offices in coronavirus “hot zones.”

Thankfully, the migration from on-premise to cloud-based security tools has made remote work more secure overall. But as threats proliferate in frequency and sophistication, not all cloud-based security tools can prevent attacks from exploiting the many network and device vulnerabilities of a fully remote workforce.

Operating a completely virtual SOC also complicates matters, especially with phishing
mitigation, which long prior to COVID-19 represented a massive burden for many security
teams. A recent survey by Osterman Research found that 24% of a 40-hour workweek is spent by security analysts investigating, detecting, or remediating phishing emails.

Additionally, the same survey also discovered that more than 70% of organizations use only manual processes for reviewing user-reported phishing emails. This is particularly problematic for security teams working from home without the in-person or real-time collaboration that often goes into malicious email assessment and response.

Cross company collaboration needed in a post-COVID-19 world

It’s safe to say that many organizations will review a variety of safety and security plans,
policies, and procedures when the COVID-19 finally subsides. And when the time is right, such evaluations should include a fresh look into cybersecurity.

If COVID-19 has shown the cybersecurity community anything, it’s that it must learn to embrace a mindset that encourages real-time collaboration by utilizing an unlimited network of contributors instead of centralized peers, especially when it comes to phishing mitigation. Yes, democratized threat intelligence has been discussed as a concept in the cybersecurity industry before, but COVID-19 has indeed underscored the need for security teams to embrace unified collaboration once and for all finally.

While we certainly cannot quantify the extent to which businesses would have reduced risk in this pandemic if email threat collaboration had been universal, we can assert with confidence that it would have made the lives of cybersecurity teams on the front lines infinitely easier.

Currently, hospitals worldwide are reporting an increase in phishing attacks that, if successful, could paralyze systems and harm the treatment and daily operations available to COVID-19 patients. Fortunately, such risk could be significantly reduced if security professionals were able to collaborate in real-time on phishing threat intelligence.

Here’s how democratized phishing collaboration would work: once a phishing threat is
identified by either a human or technology, the technology would automatically triage its
severity and orchestrate a comprehensive forensic examination of any suspicious email. If a clear Indication of Compromise is returned for any email, link, or attachment, the message would be automatically removed from all affected mailboxes.

Coronavirus Phishing Attacks – Most of Them Have US IP Addresses

Simultaneously, technical controls would syndicate the phishing intelligence to all other
organizations within the ecosystem, enabling security teams to prepare for this emerging threat proactively. In this scenario, a company with just one security analyst that is part of a community of 1,000 organizations would benefit from the decisions of at least 999 other
security professionals. This ongoing level of collaboration enables organizations and users to prepare for advanced phishing attacks while reducing the amount and time of human
involvement.

Post coronavirus, establishing a model of assessment that mitigates risk is an essential step organization should consider relieving pressure on security teams. But reaching true
democratization will require the global security community to collaborate on email threat
intelligence and share practical solutions in terms that are applicable for analysts of various skill levels. Besides, the output of such collaboration must be actionable and automated to reduce training costs, improve analyst efficiency, and enable organizations of all sizes to identify and mitigate threats easily.

Obviously, universal collaboration will not occur overnight. But the time to implement such an approach is now, as many doctors and scientists believe that coronavirus is likely to return this fall. And if it does, another wave of phishing attacks – as well as a return to mass remote work – is sure to follow.

The only question is – will businesses be better prepared?