At-Home Workers Face Hacking Threat
Tuesday, June 23, 2020
Bryan Cunningham, executive director of UC Irvine Cybersecurity Policy & Research Institute, says foreign government agents are increasingly trying to swipe information about the hunt for a vaccine for COVID-19, the latest example of hackers targeting those working from home during the pandemic.
“The hackers, the bad actors have done a lot of retargeting. They’re now targeting many, many more people at home because they realize that’s where the business is getting done now.”
The extra work required to protect these at-home workers is good news for Orange County’s cluster of cybersecurity and IT firms; the industry is expected to see growth of more than 10% this year, based on multiple industry reports, as companies look to protect computers used by their growing ranks of remote workers.
Cunningham reviewed some of the cybersecurity lessons learned during the coronavirus pandemic, during a talk with the Business Journal on June 4.
Cunningham said the countries doing much of the sleuthing after information include Russia, China, Israel and India.
He said they are “trying to get either intellectual property or government secrets or health data.”
“The target No. 1 right now is anything related to COVID-19, vaccine, research, antibody testing, health records,” according to Cunningham.
For example, a Chinese agent could try to steal a scientist’s COVID-19 information at the researcher’s home, Cunningham said.
Cunningham said cybersecurity is “definitely more complex” as a result of the pandemic.
“There are a lot fewer big institutions with good cybersecurity controlling the machines. You have less points of control over cybersecurity,” according to Cunningham.
“So many people now don’t work for any company, or they’re consultants, or whatever and the companies don’t have the ability to control how they do their work.”
It’s a growing issue that will only continue, according to officials with CrowdStrike Holdings Inc., which was founded in Irvine and relocated headquarters to Sunnyvale in 2017. It still has sizable operations here, although most area employees are working remotely, officials said this month.
“The COVID-19 pandemic has created a breeding ground for cybercrime,” said CrowdStrike co-founder and CEO George Kurtz, speaking to analysts following the company’s latest earnings report. “The past couple of months have represented one of the most active threat environments we have ever seen.”
CrowdStrike, which went public last year, has seen its stock rise more than 80% this year; it counts a $20 billion market cap.
“IT and security teams are looking for ways to easily and remotely solve new problems inherent in work-from-home and hybrid models,” Kurtz said. The security challenges associated with a remote or hybrid workforce “are best solved by a cloud-native platform,” he said.
Slow internet and cellphone service for some homebound workers creates its own risks, while some workers are bypassing directives to use a virtual private network (VPN) to improve cybersecurity while working at home, according to UCI’s Cunningham.
“I imagine there are a lot of people who just say ‘screw it. I don’t want to have that lack of capacity. I don’t want to wait for stuff.’” He guesses that many people working at home will be getting frustrated with slow service. “They just connect in the fastest way they can, which is not using a VPN.”
Companies can require their workers to use VPN, said Cunningham, who expects that decently sized companies concerned about their cybersecurity are doing that.
While there have been numerous reports about the vulnerability of Zoom meetings, Cunningham points out that using a password with the correct configuration helps keep “Zoombombers” from barging into meetings.
Did companies rush into working from home too quickly at the outset of the pandemic (see story, page 1)?
“I don’t think they have any choice,” Cunningham said. “I don’t think they’re moving too fast. I just hope they’re understanding implications and taking the right precautions.”
He said big companies are probably taking the right precautions, while “I’d be more worried about mid-market banks,” as well as doctors’ practices and small businesses, for example.
UCI’s Cybersecurity Policy & Research Institute is planning an event aimed at encouraging high school, college and graduate school women to go into cybersecurity.
The event will be held virtually this summer, with a prominent but as-of-yet unannounced cybersecurity leader from Orange County to be the keynote speaker and to manage the discussion.