The last few weeks have been a sheer IT (and IT security) nightmare for most organisations around the world. Overnight millions of employees, forced to obey social distancing, found themselves at home, without the ability to work remotely in a secure manner. The new reality of business continuity means that for many companies they are rapidly on a process of digital transformation “on steroids”. As industrious well-meaning employees do their best to continue working with the tools they have at hand, many are turning to their personal devices to get the job done.
This blurring of the lines between work and personal device use presents complex challenges for corporate IT and security teams. They face a high-speed, high stakes balancing act juggling the tension between accessibility, security and privacy as they try to keep workers productive. However, tackling the immediate scenario of BYOD proliferation is not the only issue. As the situation plays out there are longer term risk factors – both internal and external - to be considered.
Economic uncertainty increases insider risk
The economic downturn resulting from the COVID-19 pandemic adds another security challenge to companies already overwhelmed by the new circumstances – a significant rise in malicious insider threat. The number of potential disgruntled employees (from salary cuts, major layoffs and forced unpaid vacations) is growing significantly, and the fact that these rogue employees are working from their unsupervised home devices creates a clear risk, with limited remediation capabilities for security teams. As the long tail economic impact of the crisis reverberates through the workforce, security teams will need to remain vigilant around insider threat.
Cyber threat landscape escalates as criminals capitalise on chaos
As if all of this wasn’t enough – Cyber criminals are capitalising on the chaotic situation. In recent weeks, Threat Intelligence teams at BlueVoyant are seeing Cyber criminals around the world take advantage of the fact that people are at home, doing most of their interactions with the rest of the world via the internet. Not surprisingly, there has been a sharp increase in the number of COVID-19 related Phishing attacks and various scams, and ransomware attacks are targeting organisations from each and every sector, including healthcare organisations on the front-lines of the battle against COVID-19. As employees work in unfamiliar situations and become stressed and tired, their vulnerability to cyber threats increases. They fall for scams and phishing attempts more easily, putting the business at greater risk.
When trying to tackle the turmoil of events, IT and IT Security teams also face increasing Privacy challenges, especially with regard to installing endpoint detection and response agents on employees’ personal home devices and monitoring the activity on these devices, which are used for both remote work and personal activities. How to tread the blurred lines between privacy and security risk is just another tightrope that security teams will need to cross, as the network perimeter extends to employees’ homes.
So, what could, and should organisations do?
Faced with this panoply of challenges and a fast-changing situation, security teams need to be proactive on all three fronts of people, process and technology:
- Prepare for a long period (several months) of remote work. No one knows yet exactly what the “new normal” will look like – although some indications are starting to emerge. Organisations should assume that, at least partially, their employees will continue working from home to some degree for the foreseeable future.
- Cyber hygiene is more important now than ever – conduct phishing training and security exercises for your employees; instruct them not to use their business email address when they use 3rd party services (online shopping, entertainment etc.), and encourage them to report to your security team regarding every suspicious cyber incident.
- Recommend to your employees, who are using personal Windows devices, to activate Microsoft Defender on their devices and enable automatic updates. Even though these personal devices would not be monitored by the company’s Cybersecurity team, this will add an important layer of Cyber defence (both to the employees themselves and to the organisation).
- Implement an affordable and secure solution to allow employees to connect from home, using their personal devices, to their corporate devices: a “looking glass” concept, using a minimal cloud infrastructure and a clientless remote desktop gateway (like Apache Guacamole) together with a tunnel to the organisation’s business network to offer zero-trust, secure, and platform independent access to local workstations and servers for simple and secure work from home.
- Defend your organisation’s devices – procure Managed EDR service on all corporate devices in order to detect and block malware and malicious activities.
Looking to the future
Of course, if the pandemic is teaching us anything, it is that the situation changes fast. Many regions around the world are now cautiously beginning to lift the most restrictive lockdown conditions and this brings new challenges as we move towards a very different working climate for the foreseeable future.
Furloughed workers who are starting to return to work should be given refreshers on cyber hygiene. These workers may also be expected to work remotely part of the time, having not done so until this point. They should be offered help to adjust in technology terms to ensure they can securely access the network from home. This might mean providing new corporate devices or educating workers on how to safely use personal devices when connecting to the corporate network.
It seems likely that there will be a phased return to office working, with employees spending a reduced percentage of time in corporate buildings. This means there’ll be more workers using mobile devices and travelling with them between work and home, which can increase the risk of lost or stolen devices.
It has also been suggested that businesses may be asked to stagger employee working hours, which will likely extend the core hours of operation and access requirements, and also the length of time that employees will require support over the course of the day. Employee behaviour on the network may look very different to what it did pre-pandemic, as they log on at unusual times and try to implement digital alternatives to previously manual processes. This will have implications for automated alerts based on user behaviour analytics – what looks like a malicious insider action might just be someone trying to do their role in a different way.
Looking further out, it seems likely that hybrid working will become a permanent fixture. Organisations need to start reframing policies and procedures to reflect this reality, rather than “making do and mending” in the hope that things will go back to normal. This will hit multiple areas, including cyber-onboarding for new recruits, decisions on device use – personal or corporate? – and ongoing education for employees on protecting their personal networks. The sooner organisations start pivoting permanently to the new normal, the better placed they will be to emerge strongly, and safely, during the recovery phase.
Written by Ron Feler, Global Head of Threat Intelligence, BlueVoyant