Organizations that rushed to implement WFH back-end solutions should dispense with the complacency and take stock of overlooked cybersecurity lapses.
At the onset of the pandemic, as employees shifted from working in corporate offices to their homes, many companies rushed to expand their remote-working capabilities.
At the same time, threat actors were developing sophisticated phishing campaigns designed to take advantage of the fear and uncertainty caused by the pandemic.
Going forward, a significant number of people will likely continue to work from home on a full- or part-time basis. This reality is forcing cybersecurity professionals to review or reconsider their current cybersecurity operations.
When employees use both personal and corporate devices to access corporate networks from disparate home locations, two primary cybersecurity impacts arise.
- First, devices used to access corporate resources and information are dispersed across a non-homogeneous set of home networks, essentially creating untrusted network connections to the corporate network. This means that critical systems housing sensitive information are now potentially being accessed by personal laptops with limited baselines for virus checking, security updates or malicious programs or viruses. Furthermore, connectivity of these devices to the corporate network is not persistent, leaving less time (or inconvenient times) to execute security activities such as after-hours software patching.
- Second, the threat landscape may be evolving to increasingly target popular Internet-Of-Things (IOT) devices, such as personal computers and cell phones, to internet-connected appliances like smart TVs and smart cameras. The Work-From-Home/Anywhere environment has also increased opportunities for threat actors to use these devices to remotely gain access to personal or work-issued computers used.
In all the rush to implement remote-access solutions to enable remote-working, many cybersecurity considerations may have been accorded less priority over business survival. However, now is the time for organizations to review their current cybersecurity practices.
"By focusing on increased scanning and patching and multifactor authentication while reviewing anomaly-based monitoring capabilities and pandemic processes and controls, firms will be more resilient to future threats and risks."
Four Post-Rush Cybersecurity Strategies
While short term enhancements to remote-working ensured continued operations and minimized disruption at the onset of the pandemic, now is the time to fully assess the longer-term implications of current remote-working cybersecurity and business resilience levels.
- Increased scanning and patching of critical applications and infrastructure
Given the rise of employees that rely on virtual private networking (VPN), security professionals will want to identify and remediate hidden threats quickly. Prior to the pandemic, VPN access supported a small number of simultaneous users. The workforce displacement created by the pandemic has the majority of users simultaneously connected to this infrastructure. Any outage to this infrastructure has the potential to disrupt critical business operations.
- Considered strong or multifactor authentication for critical applications
Critical applications may be accessed through home networks with different threats and security postures. While the introduction of a new authentication scheme is not a trivial task, it should be considered as a possible addition to a company’s security toolkit to enhance protection of valuable information assets.
- Review anomaly-based monitoring solutions
Increased VPN usage will change observed network traffic patterns and may require companies to develop new baselines for normal traffic. Cybersecurity professionals may need to re-evaluate the effectiveness of current monitoring strategies.
- Review pandemic processes and controls
The pandemic required some companies to onboard applications and services in an abbreviated manner to support the need for employee and business productivity. Additionally, certain controls were relaxed to support employee requirements, such as home printing and remote-working applications were adopted to support meeting and conference needs. These new or modified processes and applications should be reviewed to fully understand where cybersecurity processes and controls can be enhanced to continually improve cyber-protection.
As the COVID-19 pandemic rages on, cybersecurity risks and threats will continue to evolve, and our ways of working will continue to develop over time.
By focusing on increased scanning and patching and multifactor authentication while reviewing anomaly-based monitoring capabilities and pandemic processes and controls, firms will be more resilient to future threats and risks.
This article was first published on CybersecAsia.