Within one short month, “business as usual” has become anything but. Millions of workers have shifted to remote work, been redeployed to focus on evolving business priorities, or face general uncertainty about their jobs. As IT teams work around the clock to execute business continuity plans, cyber attackers have been working just as hard and fast to exploit weaknesses in these dynamic and changing environments.
Through my regular conversations with tech leaders, it’s clear that staying ahead of known and emerging threats in this new landscape has added even more levels of complexity to an already complicated job. CIOs and CISOs at organizations everywhere are looking for the best way to handle these challenges while keeping employees safe and productive. As they navigate this “new normal,” there are three fundamental areas that are emerging as key priorities for security leaders across critical people, process and technology dimensions:
While remote work was growing in popularity before it became a necessity, there are still many people across industries like government, finance and education who have never had to work like this before. They’re now forced to navigate a completely different way of getting their jobs done. At the same time, they’re “homeschooling” their kids, caring for aging parents, poring over the internet for the latest news on the unfolding situation and trying to snag an elusive time slot for grocery delivery. Needless to say, with everything else on their minds, security can be an afterthought—and attackers know this. Attackers have launched a wave of phishing, ransomware and social engineering campaigns taking advantage of the confusion and distraction. Some cyberattack attempts are seemingly work-related—like a phony email from IT asking the user to click on a link as part of a set-up process—while some make emotional appeals looking for support of a “noble cause” or use government stimulus or other financial incentives as the hook.
Securing Devices and Applications
IT teams had very little (if any) time to prepare for the acute spike in remote workers. Some employees were able to take their office computers home with them while others set up shop with their own technology. This surge in new and personal device use has created a host of new challenges, particularly for those organizations that did not have an existing BYOD policy in place. In the rush to get connected, misconfigurations abound and leaving new devices in their default (insecure) factory settings can put companies at risk. Attackers look for these situations to gain a foothold into the organization.
In addition, as we rely more than ever on messaging and conference calling applications to keep us connected, attackers are exploiting vulnerabilities in these systems too. Whether it’s “Zoombombing” attacks—where uninvited attendees break into and disrupt Zoom meetings—or targeting application credentials stored within web browsers, compromising popular web-based applications has become a dangerously organized effort by attackers.
Securing Connections and Access
According to a CNBC survey, 53 percent of organizations have never stress-tested their systems for an event like this. Many organizations face both security and availability challenges as hundreds of thousands of employees try to connect using virtual private networks (VPNs) to send and receive data. Compounding the issue, employees logging into their VPNs are using home WiFi networks, which are often unsecured, unmonitored and overloaded as multiple people try to work and learn remotely. Attackers can easily infect these WiFi routers with malware, making all of the household’s connected devices vulnerable—from TVs and smart thermostats to cell phones and computers.
Beyond just providing access to servers and systems for the average employee, many others need access to sensitive information and data to do their jobs. While this is particularly true of traditional roles—like IT admins who require powerful privileged access to critical systems—the number of privileged users continues to widen as employees from departments like finance and legal also need access to cloud consoles, RPA consoles and orchestration tools.
As the definition of a privileged user expands rapidly, security teams struggle to maintain visibility of what these users access—at what time and for how long—from various remote work locations. Meanwhile, many organizations have shifted responsibilities and deployed workers to perform additional or different tasks to help cover departments that may be short-handed. Some of these workers have been given elevated privileges that they’ve never had before—often without the requisite security policies in place, like automatically provisioning and de-provisioning credentials. This makes it easy for attackers to exploit the access typically granted to a powerful insider, using it to launch and execute attacks and potentially gain control over all infrastructure.
While the security issues CISOs collectively face today are not new, they are more acute than ever before. While we often talk about this “new normal” as temporary, it is very likely that it will persist long after the current situation has dissipated. Employees unaccustomed to working from home may recognize the benefits and balance remote work can bring to their lives. Similarly, their employers may realize operational efficiencies, productivity gains and employee empowerment opportunities, and allow—or even encourage—more remote work.
No matter what the future holds, the actions taken by organizations today will inform what our collective tomorrow looks like. Start by remaining hyper-vigilant and maintaining strong cybersecurity practices. From there, you can begin planning for the long game by redefining how to approach risk across people, processes and technologies.