COVID-19 doesn’t have to compromise your organisation’s security
Security is something that every business should be thinking about; it’s an absolutely essential part of any IT strategy, and can lead to serious problems if not properly maintained and monitored. However, it can be tempting to think of security threats as purely external forces, driven by malicious hackers launching attacks from outside your network.
The truth is that in many cases, your own employees – consciously or not – could be posing as much of a security threat as any cyber criminal. There are a variety of ways in which employees can inadvertently compromise elements of your defences, and many of them have unfortunately been exacerbated by the ongoing COVID-19 pandemic.
In particular, global – and now local – lockdowns and the resulting surge in remote working have introduced or heightened risk areas that were previously only minor concerns for businesses.
In through the out door
The use of cloud-based collaboration and communication services like Microsoft Teams, Slack et al has exploded since the start of the year as businesses scrambled to keep their remote staff connected through virtual platforms. But although these services can bring huge benefits to businesses, there are also risks attached to their use.
One of the biggest advantages to these services is that they provide a centralised, easily accessible record of all of your organisation’s communications and information and, while this improves efficiency, it’s also a double-edged sword – any attacker that gains access to this system potentially has access to an alarming amount of sensitive information, as well as a whole host of options for further network traversal and privilege escalation tactics.
Access credentials for shared services are often posted by staff in open channels, as are links to potentially sensitive files and folders, not to mention confidential information about internal operations or upcoming deals. This can all be used by an attacker to access more valuable areas of the network, whether their goal is to deploy ransomware, exfiltrate confidential documents, or spy on your staff. These systems are generally complemented by cloud storage platforms, which provide a further treasure trove of data for intruders to exploit.
There are a number of ways to combat this; the most obvious one is to enforce policies against sharing credentials or sensitive documents on public channels, but this is hard to police. As any security team knows, convenience usually wins out over proper procedure. Therefore, it’s wise to supplement this with strong password controls and multi-factor authentication for all user accounts, ensuring attackers can’t simply brute-force their way in. A nice side benefit of this is that it also helps mitigate the risk of password reuse, which can be endemic in larger organisations that don’t keep a close eye on their password hygiene.
Cloud storage platforms also incorporate a number of access control mechanisms, such as role-based permissions; these allow you to define which specific people can access certain files and folders, and what level of control they’re allowed to have over them. Some platforms will go even further than that, with features like the ability to grant time-limited access to files.
“Risk assessments would reveal the level of access to a firm’s digital and physical assets each person has,” notes Red Sift’s head of cyber governance Rois Ni Thuama. “No one person should have the keys to the kingdom and making sure that access is restricted on a need-to-have basis goes a long way to mitigating the potential fallout. This works just as well irrespective of whether the threat arose from a deliberate act or a mistake . You do not want to give the bad actor free reign to move laterally across an entire organization.”
Left to their own devices
Implementing strong access controls, password hygiene and multi-factor authentication are all good practice in any circumstance, but they’re especially important when all of your staff are relying on cloud-based apps and logging in from locations and devices which may not be as secure and well-protected as when they’re in the office. For a variety of reasons, many workers are now using personal devices to access corporate platforms, and these devices in themselves could be posing a serious risk.
If an employee is using a personal device for work and hasn’t alerted IT teams to this fact, they likely won’t have any monitoring or protection running on the device. This means it can’t be tracked for threat analysis purposes, and it may also be introducing security holes via unpatched software or even malware that the user has unwittingly picked up. Furthermore, if they’re working from a cafe or coffee shop, they might be using unsecured Wi-Fi, which puts them, and any information they’re working with, at risk from snoopers.
“Of course, the most important way to mitigate risk is user education and awareness,” says Ian Thornton-Trump, CISO of threat intelligence firm Cyjax, “but a strong contender for second is extend your perimeter defences and licenses for your organisation’s fancy antivirus or EDR solution to those users at home – especially if they’re not working on corporate assets.”
Traditional perimeter defence is going to be less helpful in this scenario and, if you’re dealing with a significant number of employees that use personal devices for remote work, you should consider deploying endpoint security tools to give your IT team a centralised way to monitor, patch and protect your employees’ devices in a relatively unobtrusive fashion. Knowing exactly what devices are on your network – and what condition they’re in – is a vital part of protecting it, and shouldn’t be neglected just because staff are working from home.
“Anyone who’s thinking there’s a security perimeter is tragically out of date with our current times,” says Thornton-Trump. “Most businesses have no defined perimeter anymore as highly sensitive data is found all over the place – in S3 buckets, in hosted email solutions and in the hands of ERP, CRM and financial system SaaS vendors.”
Workers aren’t the only ones who are having to adapt to new ways of working, however; cyber criminals are also switching up their tactics to capitalise on the new situation. Many hackers are attempting to exploit the trends we’ve already discussed through tactics like password compromise, spear phishing, and others, and IT teams should be on the lookout for changes in attack patterns as adversaries adapt. Phishing attacks, in particular, will remain an easy attack method throughout the course of this lockdown, and staff should be trained (or retrained) on warning signs which may indicate a bogus email.
COVID-19 has necessitated a huge change in the way we work, and now that the genie of remote working is out of the bottle, it’s extremely unlikely that businesses will go back entirely to how they operated before. This change doesn’t have to make your business less secure, however. Many of the potential risks that can be introduced when organisations move to a remote model can be mitigated through careful use of security best practices, including inventory management, password monitoring and multi-factor authentication.
The process of moving into the ‘new normal’ – whatever that looks like – will involve an adjustment period for all of us. However, if IT teams remain alert to the changes and continue to implement industry-standard recommendations, we can emerge into the new world with our security intact.