The coronavirus lockdown has had a catastrophic impact on UK businesses. Manufacturing plants have ground to a halt, corporate offices remain deserted and the hospitality industry lays in ruins. The outlook is gloomy. As things stand, the economy could contract as much as 35 per cent this quarter. Understandably, businesses are desperate to get back up and running again as soon as possible – but they might be sleepwalking into a cybersecurity disaster.
As the UK is starting to look at life beyond the lockdown, cybercriminals are getting ready to strike with full force. Innovative technologies like VPN tools or cloud solutions have proven to be a double-edged sword. On one hand, they have helped to quickly create a remote workforce and keep at least some business processes moving. On the other hand, they have opened new routes into corporate networks that bad actors can – and will – exploit.
The crucial question is: how can businesses avoid a cybersecurity crisis after lockdown?
Taking stock of what's on your network
All is not lost though, in cybersecurity, knowing where the threats could be is key. In theory, this is pretty straightforward. Organisations simply cannot protect themselves against something they cannot see. Most of them usually know what devices they own and have connected to their networks. But with trends like Bring Your Own Device (BYOD) on the rise and employees occasionally sharing network passwords with each other in good faith, most corporate networks contain at least 30 per cent more devices than IT teams are aware of. This can be anything from personal smartphones or tablets to smart desk appliances and even gaming consoles. But all these devices have one thing in common: if compromised, they provide bad actors with an unguarded back door into a corporate network, without the IT team even noticing.
Unless organisations assess the risk posture of all their devices, the return to work after the lockdown will only amplify this problem further. Employees are likely bringing new devices into the workplace. Some of these devices won't be running the latest software and security patches. Others may have already been compromised, giving cybercriminals a virtual golden ticket that fast tracks their access to corporate networks. It is therefore imperative that organisations have full visibility over what devices are on their networks, what software they run and what they are doing, before their workforce returns. This is the foundation of any good cybersecurity defences. But it is also only just the start.
Organisations further need to put comprehensive network compliance policies in place ahead of a return to work for their employees. During the lockdown, many countries closed their borders and only let people in, if they could demonstrate that they haven't been exposed to the virus. Such policies are common and very effective, not just during a global pandemic but also in cybersecurity. Zero Trust policies establish minimum security requirements that devices need to meet before they are allowed to connect to a network. If, for example, a vulnerability in an older operating system has been identified, any device running this OS can be denied access to a network until it has been updated to the latest version or run an appropriate security patch. If such policies already exist, it is essential to review and update them now as the cyberthreat landscape is constantly changing. Cybercriminals won't stop looking for potential exploits in common operating systems just because a global pandemic is going on.
Lessons from global quarantine efforts
Over the last weeks and months, people have learnt to quarantine themselves and limit interactions to the people they immediately live with to contain the spread of the coronavirus. This approach of isolating individual elements of a system to avoid cross-contamination isn't unique to virology. It is just as effective when it comes to cybersecurity. Segmenting a network into different, independent parts continues to be a cybersecurity staple that, in case of a breach, prevents bad actors from laterally moving across an organisation's network. Just like hospitals are sealing different sections off and controlling who goes in and comes out of them, organisations need to do the same with their networks.
On top of properly segmenting their networks, organisations could also consider introducing a separate "decontamination zone" for devices returning to a local environment. Here, IT teams can vet each device before allowing it back onto the corporate network, while still giving it access to the most basic service in order to keep operations running smoothly. This approach goes hand-in-hand with the final pillar of an effective approach to cybersecurity for life after lockdown: network access control.
Network access control – or NAC – unites network visibility, compliance and segmentation under one roof and ensures these individual elements are enforced consistently and scrupulously across every device on every part of a network. Think of it as the command centre of an organisation's cybersecurity defences. With NAC solutions, IT teams can manage any device on a network, monitor its activities, and step in to revoke access if the device starts behaving suspiciously. Access permissions can be managed and enforced across the whole company network, or simply on a device-by-device basis – and some of these processes can even be automated. With the expected influx of new and existing devices joining corporate networks after lockdown, network access control solutions will be indispensable for organisations that want to adequately protect themselves against the looming cyberthreats.
No rest for the wicked
With tens of thousands of cyberattacks on UK businesses every single day, the sad reality is that those attacks are now part of daily operations for most organisations. The pandemic won't have changed any of this. If anything, an increase of attacks can be expected once the lockdown is fully over as bad actors will be prying on businesses eager to resume operations as quickly as possible, but potentially at the expense of good IT and cybersecurity hygiene. If organisations plan ahead and put the right processes and solutions in place, they will be able to weather the brewing cybersecurity storm.
Bob Reny, EMEA CTO, Forescout