The sudden global lockdown due to the Covid-19 pandemic has left many organisations scrambling to keep operations running smoothly. Faced with the often-monumental challenge of quickly enabling mass remote working for their staff, the speed and scope of the change has put unprecedented pressure on CISOs to ensure systems remain as secure as possible. The CISOs and IT Managers play a major role in ensuring business continuity by keeping organisations safe from malicious attacks whilst keeping sensitive data protected effectively and networks withstanding pressure. At the same time they have to defend their organisations amid accelerated threat levels, as cyber attackers ramped up attacks in a bid to exploit the coronavirus confusion and vulnerability of organisations.
Ideally, one should update your business continuity plans and identify key individuals who are critical to the business continuity as well as individuals who can substitute them should they fall ill. These new changes are also bringing on new threats. Therefore, always challenge the existing assumptions about your security infrastructure. Remember that hacking is an attack against assumptions. The adversaries observing the behaviours or organisations and can easily recognize a soft or weak spot. The current primary means of collaborating is now through video conferencing. One should initiate meeting on your own platform to have full control over your security and the ability to research problems, if any, as well as to deny access when it is needed.
Phishing and spam campaigns and malicious websites or domains have significantly increased in number and frequency during the pandemic. This threat is further increased by the fact that a largely remote workforce comprised of people who are used to the easy access to colleagues to verify suspicious emails might be less likely to investigate such messages over online communication channels. As employees shift to remote work from home, most organisations are seeing heavy loads on resources such as virtualized desktop environments and VPNs.
The demand for seamless connectivity often wins over security. In order to facilitate a distraction- free workflow, one might be tempted to let users access internal resources from untrusted networks, such as the Internet and personal devices. If these resources rely on the more trusted, internal network as their security model this approach opens up a variety of risks to the organisation ranging from unpatched software to lax authentication and authorisation models for an untrusted network.
Each employee working from home, especially ones using their own personal hardware to access company resources, exposes a new untrusted network to the organisation. As home networks are mainly comprised of commercial off-the-shelf hardware, they might not have the same security maturity as company-approved, corporate devices. This exposes several risks to the organisation, mainly stemming from insecure IoT devices, which can be easy targets for both targeted and opportunistic attacks, and even for drive-by malware, such as IoT botnets, to which access is sold on black markets.
When a VPN is used as the main channel for remote employees to connect to the corporate network, it is crucial that these VPNs are used in full tunnel mode. This is to ensure that proper ingress and egress filtering can be applied by the organisation, as all traffic will be funnelled toward the VPN concentrators, as opposed to split-tunnel mode, where only certain traffic will go through the VPN tunnel. Additionally, full tunnel mode also decreases to risk of information leakage and successful command and control (C2) channels used by malware.
Employees working from home might be tempted to use open social media platforms (Facebook, Twitter, etc.) for work. This is especially true in case the work networks are congested, and the internal instant messaging solutions are unreliable for the increased number of meetings.
It is recommended to take extra care not to share work information on social media, even in ephemeral channels, such as video meetings and similar events. Employees should not use any social media accounts on work devices and to take extra care where documents and other files are shared. The majority of organisations no doubt have plans for growth, staying ahead of the competition and digital transformation of their processes. Cybersecurity needs to be put at the centre of every business decision to enable an organisation to meet its overall objectives. All employees should also be advised about the risks affecting them working from home in order to improve their security awareness in these rapidly changing work environments and be able to easily get in touch with an IT person in the organisation to make any queries.
We also have an eBook on the cyber-security Guidance for Covid-19 on our Cybervision website that you are welcome to access.