The Covid-19 pandemic has transformed the lives of global citizens everywhere and in particular, with the way organisations have had to shift the way they run operations. The pandemic has proven that businesses all over the world must digitally transform or they will be left in the dust. CrowdStrike's latest research paints a bleak picture of UK PLC’s cybersecurity preparedness as it tries to recover from the Covid-19 pandemic - and signposts serious risks for healthy post-lockdown business activity. During the pandemic, cybersecurity challenges increased as adversaries preyed on both fear and disinformation from consumers and businesses to launch cyberattacks. YouGov, in conjunction with CrowdStrike, surveyed organisations around the world to determine what the security risks during this time looked like and to uncover how prepared businesses truly were in facing them.
There was a mad scramble as a direct result of Covid-19 lockdowns and many businesses have had to quickly embrace a remote working culture. Suddenly 85 per cent of respondents were working from home as much or more than before.
UK specific findings indicate that over half (52%) of respondents are completing company business on their own personal devices since the pandemic began, as many small to medium-sized businesses could not provide devices. The usage of personal devices can create potential backdoors into corporate systems for adversaries - whether these are eCriminals or adversaries from nation-states.
With the move to enforced remote working the use of personal devices for work became inescapable. As necessary as it might be for work to be conducted it also opened up the threat landscape for these users and their businesses. Despite the verifiable increase in malicious Covid-19 cyber-threats, only a third of the survey respondents (33%) believe cyberattacks are more likely now than before the lockdown, but with a majority of people (52%) working off personal devices that lack the usual enterprise network protection, the consequences for businesses may be catastrophic once devices are checked for intrusion and breaches.
The insidious threat
CrowdStrike Intelligence teams have also seen a 100X increase in Covid-19 related malicious files circulating in first half of 2020, yet according to the YouGov survey, two thirds (65%) of remote workers in the UK say they had no extra training against cyberattacks. Worryingly only five per cent believed their devices were less secure, and a mere third (33%) believed that cyberattacks are more likely at these times.
If companies don't take immediate action to tighten security measures around remote working practices there’s a high likelihood that adversaries have the chance to infiltrate organisations lying low, a ticking time bomb on the inside. And whilst businesses have been setting up potentially unfamiliar working from home regimes, possibly investing in new tools, and solving the very pressing productivity problem, it’s time for UK businesses to wake from the Covid-19 induced immediate productivity scramble and look to the horizon for the oncoming cybersecurity storm that may take weeks, months, or years to understand and mitigate.
Real threats are being tracked emerging from cyber-adversaries and they may be finding it an easier task to infiltrate and dig into devices and systems given the improvisation rush that many organisations achieved to enable workers to do their jobs away from the office.
Yet for those businesses that weren’t fully set up to allow a fully-remote workforce, there’s a massive risk that in the past few weeks proper cybersecurity practices fell by the wayside. With the rapid ramp-up in attempted cyberattacks there’s a non-trivial risk that threats have entered the business. UK businesses are attractive targets to these adversaries right now for all the usual reasons - intellectual property, financial details, and personal data.
The future of work
A workplace culture shift is widely expected after the Covid-19 pandemic and social/economic disruption ends. Whilst I can’t predict the future it seems likely that a percentage of the workforce will try and work from home as a long-term strategy, some will look to limit their time on public transport and in the cities and towns and decide to work less in the office. Still, others may become mobile and decide they’ve had enough of home and no longer wish to be confined back in the office either - deciding to roam. It’s fair to assume that a return to the office will be impossible in the near-term due to office-based social distancing rules and the fact that many businesses may reduce future office presence for cost efficiencies.
As lockdown is decreased the bid for freedom while working from a coffee shop, library or the park will likely increase. This changes the threat landscape once again which requires an endpoint protection platform that can protect a device from not only digital threats but also the physical - such as rogue USB devices.
However, the workforce decides, all likely scenarios highlight the importance of a remote-working friendly culture. This means that now, a few weeks after the crisis point and lockdown emerged in the UK, those organisations who rushed through a solution should take some time to plan how their team will be supported in their working choices.
Moreover, if personal devices have been co-opted for work purposes then untested and less secure consumer applications will lay side by side with corporate applications and data sources. Indeed, many organisations will have rushed to employ novel applications to get their teams’ productivity up, heedless of regular IT security best practices. Risks from supply chain attacks and insecure apps are real and make headlines monthly. Video conferencing solutions received a lot of attention as they rose to sudden global prominence and hitherto unknown and emergent vulnerabilities came to light. Such solutions won’t be alone in the suite of newly relied-upon technologies that will be found to have security risks requiring remediation.
Added together there is an unequal balance between, on one side a distributed workforce, a rise in less secure devices, a lack of network supervision, less secure applications, the inability to harness IT administration solutions built for an on-premise workbase and on the other side, a rise in threat activity. It’s an equation that equals real long-term risk.
Bye-bye network security, hello cloud-based security?
Most businesses may have just been able to survive working remotely but they will need to rethink their strategy to make sure they are able to survive long-term. One example is that some organisations have not been able to run critical vulnerability updates for the length of the lockdown, a risk that may have been acceptable at the time but is not a risk that can be taken long-term.
Whilst this adds up to a real risk the UK faces an acute moment of focus, not necessarily a disaster. If organisations can adapt fast, they will be able to secure the access points used by malicious adversaries, uncover any files and persistence that have made their way in, and eject, secure, and remediate. Of course, every step is easier to achieve if the IT security team can move fast.
Antivirus software is an important first step in protecting against foreign infiltration. However, it only can only go so far in preventing/detecting infiltration as adversaries have become wise to the tracking characteristics of AV software. The proliferation of data and devices has opened up a whole new means for infiltration and legacy solutions are no longer suitable for preventing modern-age threats like ransomware and malware-free attacks due to the outdated model that legacy solutions usually use.
Next-generation antivirus solutions, with endpoint intelligence based in the cloud rather than on the office network, offer the protection for workers deployed outside the office and the corporate network firewall. Deploying a solution incorporating behavioural analytics and machine learning gives organisations the means to stop breaches before they happen - from all types of threat, even zero-day, unknown threats. The power comes from the artificial intelligence deployed, which looks for indicators of attack rather than indicators of compromise like legacy solutions do. Modern attackers even use anti-forensic tools to hide their tracks or disable legacy antivirus on machines. A solution that looks for indicators of attack focuses on detecting the intent of what an attacker is trying to accomplish in real-time, regardless of the malware or exploit used.
We’ve had a culture shift, and as a result, technology must catch up for those organisations who were unused to remote working on these scales. They’ve made the biggest step, and now it’s time to finish the job and safeguard their most important assets for the coming months and years.
Zeki Turedi, Technology Strategist, EMEA, CrowdStrike