These are unprecedented times. As companies scramble for business continuity, millions of workers around the world are forced to adapt to a workplace culture dubbed as the world’s largest work-from-home experiment. But there is a steep price to be paid for this change — weakened cybersecurity.
With more and more people working from home, the attack surface has never been wider for attackers to take advantage of.
Cybersecurity In Times Of Crisis
The current crisis calls for immediate reprioritization. The very tools that are upholding business operations are opening up a wide range of vulnerabilities and flood gates to cyberattacks. Since the outbreak, virtual private network and remote desktop protocol usage has surged dramatically. The Department of Homeland Security discovered a 127% increase in exposed RDP endpoints and has warned that this increased use of RDP could make systems more vulnerable to cyberattacks.
Opportunistic cyber attackers are always adjusting their tactics. A recent report from Europol revealed that cyberattackers are preying on anxieties, spreading disinformation and exploiting emerging vulnerabilities. Europol noted an initial spike in domain name registrations using words relating to “Corona” and “COVID.” They also noted a slight increase in DDoS (distributed denial-of-service) attacks following the outbreak.
Reports of malicious actors spreading disinformation, false narratives and carefully planted stories on social media in an effort to spread panic and anxiety are also making the rounds. Earlier this month, attackers attempted a break-in at the World Health Organization, and a well-known COVID-19 vaccine test center was targeted and held hostage by ransomware.
Business continuity and disaster recovery plans are being put to the test. Gartner estimates that only 12% of organizations globally are truly prepared for a disaster such as a pandemic.
Federal Emergency Management Agency (FEMA) research highlights the fact that 40-60% of small businesses never recover or reopen their doors following a disaster.
Remote Workforce Security Braces For A New Normal
The norm has certainly changed. When an endpoint sits on the desk within a corporate environment behind corporate-grade firewalls and proxies, it’s much easier to secure and control. In the home environment, all controls have suddenly vanished. The importance of a business continuity plan was always known to IT, but it seldom entailed an entire company going on telework en masse at once. The first questions to ask should include: What policies should be in place? What hardware do I need? What licenses? How do my people operate day to day? Once you’ve identified what needs to be done, you’ll need a budget to get it done, and acquiring that is never an easy task.
Best Practices To Secure Remote Workers In The New Normal
Remote work is scaling fast. According to a recent survey, 40% of people plan on incorporating video tools into their software stack. On top of this, 55% of those surveyed also said they have had to cancel their recent travel plans. IT teams need to find compensating controls to manage the rapidly evolving and escalating cybersecurity situation. Here are some best practices that can help:
- Take the time to sit down to ensure you’re prepared. Not taking time to do so can put you at risk of stressing systems that were never designed to scale. If you move quickly, you can accidentally risk the security of your systems.
- Look at business workflows; ensure your teams are covered for both remote and on-prem work. Take a good look at your infrastructure. Can your VPN support the additional load of more users? Do your existing collaboration tools pose bandwidth issues?
- Acknowledge that the norm has changed. Employee policies or rules of engagement must be put in place that define how workers conduct themselves when working from home.
- Ensure your leadership is engaged and communicates regularly with employees.
- Educate your teams to be vigilant about phishing attacks, especially those that carry a pandemic theme, and ensure they follow cybersecurity hygiene.
- There will be a sudden degradation of visibility into network activity as soon as endpoints leave corporate oversight. Here are solutions that can help regain some insight into your environment:
- Enterprise VPN is a good solution to start with, but there are bandwidth considerations and scaling issues.
- Desktop virtualization (VDI) can be a potential solution for challenges around VPN scalability and performance.
- Endpoint security or EDR (endpoint detection and response) is a good vector of visibility back out into those devices that have gone home.
- Single-sign-on and multi-factor authentication (MFA) are essential.
- CASB (Cloud Access Security Broker) solutions can help proxy all traffic through a central location and help monitor traffic.
On top of all of this, log collection must be a focus always. Start from VPNs and SaaS applications, like Office 365. Once you have data in place you can ask different questions. Some log sources will carry more weight than others. Lean toward any critical infrastructure that you don’t have insight into or assets that have proprietary data. Invest in security tools that can provide visibility into tactics and techniques like phishing, denial of service, and ransomware.
Turn your attention to workers. What does their role look like day to day? That exercise can alone bubble visibility gaps. Another potential approach is to adopt a zero-trust cybersecurity model that allows access to applications that are relative to job roles. Such systems are more scalable than VPNs and can easily be integrated with SSO (single sign-on) platforms. The zero-trust approach also allows for the creation of granular policies that can help define who can access what and from which device.
Remember that there is no one-size-fits-all strategy for securing a remote workforce. Adjustments will have to be made on the fly. Understand the shift to a new norm and regain control. Stay focused and vigilant.