The last few weeks have been a sheer IT (and IT security) nightmare for most organizations around the world. Overnight millions of employees, forced to obey social distancing, found themselves at home, without the ability to work remotely in a secure manner. The new reality of business continuity means that for many companies, they are rapidly on a process of digital transformation “on steroids”.
Industrious well-meaning employees are doing their best to continue working with the tools they have at hand. Many are turning to personal devices to get the job done. This blurring of the lines between work and personal device use presents complex challenges for corporate IT and security teams. They face a high-speed, high stakes balancing act juggling the tension between accessibility, security and privacy as they try to keep workers productive.
However, tackling the immediate scenario of BYOD proliferation is not the only issue. As the situation plays out, there are longer-term risk factors – both internal and external – to be considered.
Economic uncertainty increases insider risk
The economic downturn resulting from the Covid-19 pandemic adds another security challenge to companies already overwhelmed by the new circumstances – a significant rise in malicious insider threat. The number of potentially disgruntled employees (from salary cuts, major layoffs and forced unpaid vacations) is growing significantly.
Rogue employees working from their unsupervised home devices creates a clear risk, with limited remediation capabilities for security teams. As the long tail economic impact of the crisis reverberates through the workforce, security teams will need to remain vigilant around insider threat.
Cyber threat landscape escalates as criminals capitalize on the chaos
As if all of this wasn’t enough, cybercriminals are capitalizing on the chaotic situation. In recent weeks, Threat Intelligence teams at BlueVoyant are seeing cybercriminals around the world take advantage of people working from home, doing most of their interactions with the rest of the world via the internet.
There has been a sharp increase in the number of COVID-19 related phishing attacks, scams, and ransomware attacks. These target organizations from every sector, including healthcare organizations on the frontlines of the battle against COVID-19. Employees working in unfamiliar situations become stressed and tired, and their vulnerability to cyber threats increases. They fall for scams and phishing attempts more easily, putting the business at greater risk.
Tackling the turmoil of events means IT and IT Security teams also face increasing privacy challenges. Installing endpoint detection and response agents on, and monitoring the activity of, employees’ personal devices is a case in point. These devices are used for both remote work and personal activities. Treading the blurred lines between privacy and security risk is just another tightrope that security teams will need to cross. The network perimeter now includes employees’ homes.
So, what could, and should organizations do?
Faced with this panoply of challenges and a fast-changing situation, security teams need to be proactive on all three fronts of people, process and technology:
- Prepare for an extended period (several months) of remote work. No one knows yet exactly what the “new normal” will look like – although some indications are starting to emerge. Organizations should assume that, at least partially, their employees will continue working from home to some degree for the foreseeable future.
- Cyber hygiene is more important now than ever. Conduct phishing training and security exercises for your employees. Instruct them not to use their business email address when they use 3rd party services (online shopping, entertainment, etc.). Also, encourage them to report to your security team regarding every suspicious cyber incident.
- Recommend employees using personal Windows devices, activate Microsoft Defender on their devices and enable automatic updates. It adds an important layer of cyber defence (both to the employees themselves and the organization).
- Implement an affordable and secure solution to allow employees to connect from home, using personal devices, to their corporate devices. A “looking glass” concept, using minimal cloud infrastructure and a clientless remote desktop gateway (like Apache Guacamole) together with a tunnel to the organization’s business network to offer zero-trust, secure, and platform-independent access to local workstations and servers for simple and secure work from home.
- Defend your organization’s devices. Procure a Managed EDR service on all corporate devices to detect and block malware and malicious activities.
Looking to the future
The pandemic has taught us that the situation changes fast. Many regions around the world are now cautiously beginning to lift the most restrictive lockdown conditions, and this brings new challenges as we move towards a very different working climate for the foreseeable future.
Furloughed workers who are starting to return to work should be given refreshers on cyber hygiene. It is likely these workers may work remotely part of the time, having not done so until this point. Provide training and help so they can adjust in technology terms to ensure they can securely access the network from home. It might mean providing new corporate devices or educating workers on how to safely use personal devices when connecting to the corporate network.
It seems likely that there will be a phased return to office working, with employees spending a reduced percentage of time in corporate buildings. This means there’ll be more workers using and travelling with mobile devices between work and home. It increases the risk of lost or stolen devices.
Consider the implications on support and security of future changes
It has also been suggested that businesses may be asked to stagger employee working hours. This will likely extend the core hours of operation and access requirements to corporate systems. It will also increase the length of time that employees will require support during the day. Employee behaviour on the network may look very different from what it did pre-pandemic. There will be employees logging on at unusual times.
Try to implement digital alternatives to previously manual processes. It has implications for automated alerts based on user behaviour analytics. For example, what looks like a malicious insider action might just be someone trying to do their role differently.
Looking further out, it seems likely that hybrid working will become a permanent fixture. Organizations need to start reframing policies and procedures to reflect this reality, rather than “making do and mending” in the hope that things will go back to normal. It will hit multiple areas, including cyber-onboarding for new recruits and decisions on device use, personal or corporate? It will also mean ongoing education for employees on how to protect personal networks.
The sooner organizations start pivoting permanently to the new normal, the better placed they will be to emerge strongly, and safely, during the recovery phase.
BlueVoyant is an expert-driven cybersecurity services company whose mission is to proactively defend organizations of all sizes against today’s constant, sophisticated attackers and advanced threats. Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200 and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies.