Cyberattackers live for moments of crisis and confusion. Government agencies and companies already stretched thin are at their most vulnerable, and cyberattackers are all too willing to apply overwhelming pressure to maliciously disrupt operations or gain some financial benefit.
As the world struggles to address the mounting challenges of the pandemic, we have already seen early examples of this. For example, news broke this week that the Department of Health and Human Services (HHS) had been hacked over the weekend. After gaining access to HHS’ systems, the cyberattackers broadcast a false claim that the U.S. government planned to introduce a nationwide lockdown – sowing the seeds for more confusion and panic amongst the general public. Bloomberg News senior White House reporter Jennifer Jacobs said the multi-pronged assault on HHS included a denial of service attack.
Additionally, we have seen an uptick in companies, especially in critical sectors like healthcare, looking to fast-track the evaluation of our software. Given everything happening in the world, this initially took us by surprise. However, the security professionals at these firms rightly and quickly pointed out that attacks on companies under duress are increasing during this crisis not decreasing. The logic, they explained, is simple. The bad actor perceives the company (and its employees) to be otherwise occupied and under stress, and thus defenses will be weakened. In addition, the opportunity to inflict damage and extract financial gain is heightened.
These security professionals’ contingency efforts include expanding their security portfolio to include cloud security posture management (e.g., DivvyCloud). Their goal in adopting DivvyCloud is to ensure that there aren’t any cloud and container misconfigurations for cyberattackers to exploit.
If you are concerned about the security of your cloud environment, let us know. We are here to help. Our software is easy to deploy and you can quickly see how your AWS, GCP, Azure, Alibaba Cloud, or Kubernetes environments measure up against leading standards like NIST 800-53 and the CIS Benchmarks and then automate the remediation of risk.