These are unprecedented times. As companies scramble for business continuity, millions of workers around the world are forced to adapt to a workplace culture dubbed as the world’s largest work-from-home experiment. But there is a steep price to be paid for this change — weakened cybersecurity.
With more and more people working from home, the attack surface has never been wider for attackers to take advantage of.
The current crisis calls for immediate reprioritization. The very tools that are upholding business operations are opening up a wide range of vulnerabilities and flood gates to cyberattacks. Since the outbreak, virtual private network and remote desktop protocol usage has surged dramatically. The Department of Homeland Security discovered a 127% increase in exposed RDP endpoints and has warned that this increased use of RDP could make systems more vulnerable to cyberattacks.
Opportunistic cyber attackers are always adjusting their tactics. A recent report from Europol revealed that cyberattackers are preying on anxieties, spreading disinformation and exploiting emerging vulnerabilities. Europol noted an initial spike in domain name registrations using words relating to “Corona” and “COVID.” They also noted a slight increase in DDoS (distributed denial-of-service) attacks following the outbreak.
Reports of malicious actors spreading disinformation, false narratives and carefully planted stories on social media in an effort to spread panic and anxiety are also making the rounds. Earlier this month, attackers attempted a break-in at the World Health Organization, and a well-known COVID-19 vaccine test center was targeted and held hostage by ransomware.
Business continuity and disaster recovery plans are being put to the test. Gartner estimates that only 12% of organizations globally are truly prepared for a disaster such as a pandemic.
Federal Emergency Management Agency (FEMA) research highlights the fact that 40-60% of small businesses never recover or reopen their doors following a disaster.
The norm has certainly changed. When an endpoint sits on the desk within a corporate environment behind corporate-grade firewalls and proxies, it’s much easier to secure and control. In the home environment, all controls have suddenly vanished. The importance of a business continuity plan was always known to IT, but it seldom entailed an entire company going on telework en masse at once. The first questions to ask should include: What policies should be in place? What hardware do I need? What licenses? How do my people operate day to day? Once you’ve identified what needs to be done, you’ll need a budget to get it done, and acquiring that is never an easy task.
Remote work is scaling fast. According to a recent survey, 40% of people plan on incorporating video tools into their software stack. On top of this, 55% of those surveyed also said they have had to cancel their recent travel plans. IT teams need to find compensating controls to manage the rapidly evolving and escalating cybersecurity situation. Here are some best practices that can help:
On top of all of this, log collection must be a focus always. Start from VPNs and SaaS applications, like Office 365. Once you have data in place you can ask different questions. Some log sources will carry more weight than others. Lean toward any critical infrastructure that you don’t have insight into or assets that have proprietary data. Invest in security tools that can provide visibility into tactics and techniques like phishing, denial of service, and ransomware.
Turn your attention to workers. What does their role look like day to day? That exercise can alone bubble visibility gaps. Another potential approach is to adopt a zero-trust cybersecurity model that allows access to applications that are relative to job roles. Such systems are more scalable than VPNs and can easily be integrated with SSO (single sign-on) platforms. The zero-trust approach also allows for the creation of granular policies that can help define who can access what and from which device.
Remember that there is no one-size-fits-all strategy for securing a remote workforce. Adjustments will have to be made on the fly. Understand the shift to a new norm and regain control. Stay focused and vigilant.