In 1996 I replaced my dial-up modem with a dedicated 128kbps dual-B-channel bonded ISDN modem, gleefully entering the world of full-time remote. In 2020 much of the world caught up to me -- although with less jargon and 100x more bandwidth -- as Covid-19 made work-from-home the new normal. Working from home doesn’t just eliminate the drudgery of office commutes, however; it also reduces or eliminates many of the cybersecurity protections that we normally enjoy. Recent cybersecurity breaches, such as ransomware hospital attacks and supply-chain compromises should force us to drive home the significance of remaining vigilant against cybercriminals looking to capitalize on the current crisis.
This new reality is filled with conditions that have expanded the boundaries of conducting business. Consequently, cyber threats and attack surface have also greatly expanded. Not only is the number of threats sharply increasing; the intensity of the damage caused by these attackers is also growing at an alarming rate. A 2020 Interpol report conducted between January and April recorded 7,000 spam messages, 737 incidents related to malware, and 48,000 malicious URLs – all related to Covid-19. Additionally, crimes reported to the FBI’s Internet Crime Complaint Center quadrupled in 2020, growing from 1,000 daily complaints to 4,000. A study by McAfee and The Center for Strategic and International Studies estimates that there were nearly $1,000,000,000 dollars lost to cyberattacks in 2020, more than double the amount from 2018. Businesses are struggling to find the best ways to address this increased risk and cost.
The pandemic caused an organizational shift, moving operations quickly from on-prem environments to remote alternatives, with many enterprises finding that some of their older tools and techniques are less effective than in the past. In most cases, addressing this new environment requires more than just thinking about our devices and moving outside of the office. An expanded perimeter means so much more: using new technology solutions, adapting business and security processes, and outlining standard safe practices for employees in easy-to-follow security plans. Fortunately, there are many well-understood best practices that are perfectly suited to manage perimeter-less enterprises, and these practices can also minimize the impact from new threats and attacks. The following elements should be considered when making these changes:
- Vulnerability Management Techniques: Before March 2020, organizations had a typical scan-report-patch cadence using network-based scanners and manual patching processes during “off” hours. Workers at home aren’t usually reachable via a network scan and pushing large or disruptive patches is a challenge with any-hour-of-the-day work from home schedules, let alone typical home bandwidth limitations. Agent-based technologies like Qualys Cloud Agent, Crowdstrike Falcon, and others are designed to work well wherever an employee is located and ensures that security teams don’t lose the ability to identify critical vulnerabilities.
- Automated Response: Global ransomware campaigns can overwhelm a business’s devices in minutes if not contained. Traditional networks often have chokepoints – firewalls on the border, single Internet egress points that can be shut off, etc. – that allow rapid response; a largely remote- and cloud-based infrastructure has very different mechanisms. Endpoint Detection and Response (EDR) solutions provide an ability to quarantine a compromised system, and robust access management processes can suspend a compromised account before it can be used to grab data. Security Automation, Orchestration, and Response (SOAR) tools like Palo Alto Cortex ensure that those actions happen in seconds.
- Zero Trust: Configuring systems to be hardened, patched, and secure has been a traditional line of defense, but it becomes much harder when corporate laptops remain on unsecured home networks and are rarely (if ever) patched. Moving to a strategy that adopts a zero trust model – using strong authentication, robust identity and access management (IAM), and granular access controls – supports doing business from any endpoint to any cloud solution while still maintaining security and control.
- Cloud-Based Strategies: Continuing to monitor, review and revise all cloud migration and cloud-based software is an absolute requirement, especially in these times of constant change. If migrating to the cloud took place in a rushed manner then problems can easily be taken advantage of and cause countless headaches, as the near-constant stream of data compromises from open S3 buckets demonstrates. Covid-19 accelerated the digital transformation, but sufficient logging, monitoring, and vigilance with tools like Splunk, CloudTrail, or Guardduty cannot be forgotten in the midst of this rapid change.
- Setting Home Security Expectations: Solidifying expectations is key, as it ensures the employer is not responsible for home network security. It might be beneficial to walk the line of providing advice, which is not the same as providing support. Providing high-level guidance on areas like patching network devices and changing default passwords may be necessary, but this is one area where many existing processes and tools can be very effective. A renewed emphasis on anti-phishing education, ways to carefully handle sensitive files, etc. can heighten awareness and security for a remote workforce.
- Security concerns 'biggest barrier' to public cloud adoption (opens in new tab)
Creating a culture of security in the remote environment is critical to maintaining security. As companies have restructured over the last year the reality is that “normal” business operations will never be the same. Embracing the change – and making the changes to be successful – will allow companies to succeed in the new normal. Building a cybersecurity plan that aligns with new trends listed above will drive business success, protect valuable data, and protect a company’s hard-earned reputation regardless of what changes the coming years bring.
- The best VPN service (opens in new tab) 2021
Corey Bodzin, Chief Technology Officer, deepwatch (opens in new tab)