The spread of coronavirus (aka COVID-19) has compelled many businesses to shift their office-based workforces to remote ones. This has quickly changed the game from a security perspective: an evolving attack surface, proliferating endpoints, new network behaviors, and more.
Due to the pandemic, CISOs are facing an increase in work-pressure and dwindling resources, which can rapidly lead to unmanageable pressure and stress, severely affecting health, happiness and productivity. In turn, this can lead to major security and regulatory compliance issues.
Dr Aditya Mukherjee, Vice President at Synchrony was happy to offer his perspective intended to benefit security teams adapting to the changing landscape.
What are the immediate threat vectors arising from this sudden change, top challenges, steps to be taken, and best practices?
CISOs need to look immediately to access new threat vectors arising from this sudden change organization-wide. This has 2 major impacts:
- Your security team’s productivity may get impacted due to being remote, and not have access to multiple screens, landlines, his/her colleague sitting beside them, etc.
- Secondly, there will be a massive surge in the number of security alerts/incidents being triggered. It could be due to the lack of streamlined process or preparedness of profiling what a WFH user might do which constitutes a risk behavior. To add on top of that, is the lack of detection rules, etc providing you a holistic view of the new threat landscape.
Immediate Steps Organizations should take:
- Have an authorized Instant Messaging (IM) platform with Calling/Video/Fileshare?
- Have secure and seamless access to cloud and on-premises applications/VPN?
- Use Multifactor Authentication (MFA), Mobile Device Management (MDM)/Enterprise mobility management (EMM)?
- Provide employees with basic security knowledge – Avoid the use of USB sticks.
- Are your employees traveling? Are they sick?
- Is consistent Tech support being available 24×7?
- Please take care of not just technical, but mental aspects. Connect with them, keep them motivated in virtual happy hours.
- Spear Phishing
- Social Engineering
- In the case of BYOD – How do you restrict pre-existing IM apps. Remote Desktop apps, Web Browser activity?
- In the case of company-provided assets like desktops – How do you assess hardware/software changes?
- Ensuring adequately equipping associates with laptops, network bandwidth, and VPN.
- Change of threat landscape: Users may operate out of insecure locations – WiFi, Prying eyes, potential of company assets being stolen.
- From a cybersecurity perspective, the behavior of users may change. They may surf the different sites, may login and logout erratically. So how would your User and Entity Behavior Analytics (UEBA) understand the difference between legitimate and malicious behavior?
- Potential lack of motivation and drop in productivity.
- How do you respond to IT security incidents, when the users are not in the office, or you can’t reach the office physically?
- Management of vendors and 3rd party suppliers is critical.
- Educate your users about the different threats that come with Work From Home (WFH), they should be cautious that they are operating with due diligence, locking the computer, not sharing confidential information with anyone and basically not doing something that they won’t ideally do in the office.
- There is also a considerable risk of Spear Phishing & Social Engineering, themed after COVID-19, so ensure your teams know how to spot them and report them to the security team.
- Train your security applications and test your cyber resilience, not just from a technological point of view but also from process and people who would operate differently now, given the circumstance.
- Keep in touch with your employees, give them the due attention that they would normally get from their supervisors in the office.
- Ensure that you are motivated, launch a virtual happy hour to connect the entire team together and have a fun activity.
- Don’t burn yourselves and your teams out. This may last for some time. If teams can find some time, try to work on strategic projects to utilize this downtime to its best.
- Provide timely updates on what the organisation is doing to combat COVID.
That many organizations are able to respond to this event (COVID 19 & WFH) in a synchronised manner because they started preparing for this early on. A similar situation, we saw a few years ago when the wannacry ransomware had hit the world.
The key takeaway from both of these incidents should be that organisations need to be proactive in preparing against catastrophic or adversarial events which might impact their operations and test their response to it via full scale mock drills. Otherwise, they are bound to find themselves in such condition again and again.
Image credit: Pixabay.com