As the shift to 100% remote working during the COVID-19 crisis increases the likelihood of a cyber breach, experts reveal how businesses can improve their cyber defences to prepare and protect.
Amit Serper, Vice President of Security Strategy and Principal Researcher at Cybereason: “In every corner of the world, COVID-19 has had an impact. During these unprecedented times, there seems to be little honour among thieves as they continue to prey on unsuspecting individuals and organisations, including hospitals, first responders and governments.
“With much of the world in lockdown and most businesses operating with the new norm of a remote workforce, it’s important to evaluate how businesses are securing their infrastructure. When sending people to work remotely, a new set of security challenges arise.
“A business may have sound security measures in place to protect normal course of business, but they cannot simply be ‘cut and pasted’ and applied to an increasingly remote workforce. Telecommuting presents its own unique set of security challenges, including a number of environment changes and increased reliance on the digital world, all of which must come into consideration. What devices will employees be using and where will they be using them? Could others have easy access to information either in physical proximity or through a shared Wi-Fi connection? How will we share information with each other and is that source being proactively secured?
“Let’s look at the challenge of securing a remote workforce in the form of a checklist:
“VPNs: Many (if not most) organisations are providing their employees with VPN access to the company’s internal network. While IT staff usually maintain the network and keep it secured and patched, people oftentimes neglect VPN servers/appliances. We have all seen this happening fairly recently with multiple vulnerabilities discovered in the summer of 2019 in PulseSecure VPN.
“Giving your employees VPN access helps maintain business continuity but can also be disastrous if they are misconfigured or unpatched. Make sure that your VPN configurations, policies and software/hardware are properly configured. Implement strong identify verification and authentication techniques and enable 2FA.
“Raise Awareness: Attackers have released many malware campaigns that exploit the panic around Coronavirus. As an example, one campaign is masquerading as a Coronavirus infection map. Remind your team that there are plenty of websites, including the World Health Organisation’s official website, where you can get all of the necessary information without having to download any ‘software’. Make sure your employees can tell which emails are officially sent from company management.
“Be Ready to Respond: Just like the Coronavirus isn’t taking a break from infecting people, neither is malware. The Cybereason Nocturnus team has already observed malware campaigns leveraging the Coronavirus panic to spread. Threat actors are crafting ransomware campaigns around the COVID-19 panic. It’s important to double and triple check that all of your backups are in place and that your company has a rapid response program that will allow you to recover quickly in the case of a ransomware attack.”
Adrian Taylor, Regional VP of Sales for A10 Networks: “Since the start of the pandemic, we have seen different attacks, ranging from attackers targeting the World Health Organisation (WHO) to steal information, to mass phishing email and spam campaigns targeting remote workers. We have even seen cases where cybercriminals are launching websites with domain names related to Coronavirus and COVID-19, exploiting people’s curiosity or worry to eventually launch ransomware attacks. When it comes to cybersecurity, just like public health, prevention can be better than the cure. We are providing you with some common guidelines and security best practices that, when followed, can give you a better chance of fighting the people who are trying to capitalise on the chaos of this pandemic.
“The following measures can help enterprise businesses bolster their cyberdefences during this pandemic:
- Train your employees on security and work from home best practices to make sure they are aware of the risk they can inadvertently pose to the security of the organisation. If possible, ensure that your employees are only using their corporate devices to access company data. Also, make sure that the devices they use have the latest security patches installed and updates enabled.
- Tweak your company’s email protection settings to ensure that no phishing or spam emails can make it through to your employees. Train employees in the art of spotting phishing emails, not clicking on suspicious links and alert them to phishing emails that have made it through.
- Make sure remote users access SaaS applications through the corporate network instead of accessing the applications directly via the Internet from home. This would ensure that your security solutions like CASBs have visibility into all traffic accessing your services in the cloud.
- Make sure you are keeping a close eye on all your network traffic, especially SaaS traffic. Data breaches are a real threat during this crisis and you must ensure that no unauthorised data transfers take place in the guise of ‘normal remote work’.
- Ensure that all your employees accessing your corporate network are using VPNs to do so.
- Make sure your analytics solutions can track shadow IT. If you followed the previous steps, then that should help facilitate the tracking of unauthorised application use.
- Finally, follow the Zero Trust model. This practices principle is based on the ‘trust nobody’ and make sure that no user has access to data that they don’t depend on for their day-to-day functions. Restrict access as much as possible and ensure that you have visibility into all your users, traffic, data and workloads, and that you have uniform security policies applied across all locations to make sure no security loopholes exist.
“Just like a simple bar of soap can help protect you against the COVID-19, taking simple, common-sense security measures can help protect us all against the cybercriminals exploiting the chaos.”
Brett Beranek, VP and GM Security and Biometrics, Nuance Communications: “With a massive shift to work-at-home, enterprises need to be aware of evolving threats and fraudsters looking to take advantage of this societal change.
“Fraudsters don’t stop their crimes because of a pandemic. They often seize the immense change that comes with an event like this to ramp up activity. For example, now more than ever, secure contact centres are a necessity for organisations to interact with customers. With the recent shift to a stay-at-home world, there has been a significant increase in fraudster attacks against call centres – testing for vulnerabilities by directly attacking work-at-home agents, or alternatively, pretending to be remote agents to test for weaknesses that may allow them to perpetrate fraud.
“To keep bad actors at bay and ensure the security of their operations and customers, organisations must arm themselves with tools that will keep disruptions caused by fraud to a minimum. Organisations that have deployed biometrics are finding the technology to be incredibly useful in this effort because it can identify fraudsters, instead of relying on more traditional methods focusing on established suspicious transactional patterns.
“There are several applications for biometrics to help solve some of the new and more complex challenges organisations are facing today:
Fighting new influx of fraud attempts: Many organisations, including financial institutions, insurance companies, telecom providers and citizen-facing government agencies, are seeing a massive surge in call volumes as brick-and-mortar locations shut down. And in some cases, they are seeing an enormous increase in inquiries and transactions across digital channels. With this surge, it’s a big ask to expect customer care agents to separate fraudsters from real customers while trying to address customer needs. After all, it’s a customer care agent’s role to focus on helping customers. Biometrics proves to be an invaluable tool to automatically identify when fraudulent calls are being placed – removing pressure from frontline customer care agents and protecting them from social engineering.
Letting agents safely work from home without comprising security: Empowering agents to work remotely comes with a set of challenges, especially when agents are using their personal laptops, desktops and mobile phones on the job. This rapid shift to work-at-home agents created countless opportunities for fraudsters. There is vast potential for biometrics to improve internal security checks in these situations by verifying the identity of agents and preventing fraudsters from taking over agent accounts. Biometrics authentication also allows organisations to display less customer personal information to agents, which consequently reduces the risks of occupational fraud in a remote-work context where the lack of direct supervision provides an opportunity for bad actors.
“With biometric solutions, enterprises can keep bad actors at bay, ensure the connections they need to make with customers are safe and secure and allow their organisations to adapt rapidly to emerging threats.”
Onkar Birk, SVP strategy and engineering at Alert Logic: “The COVID-19 pandemic has had a dramatic impact on businesses around the world. People are being directed to maintain social distance and that has led many enterprises to implement mandatory work-from-home protocols. Although the sudden spike in remote working poses unique cybersecurity risks, there are steps businesses can take to bolster defences.
“Many organisations already struggled with the complexity of hybrid or multi-cloud environments and maintaining visibility and effective cybersecurity. With companies suddenly asking all employees to work from home, there has been a remarkable surge in the number of users connecting to company networks and accessing sensitive data from home computers over the public Internet.
“In order to bolster security, enterprises can start by reviewing cybersecurity policies with employees, making sure that devices have endpoint protection in place, leveraging Machine Learning and user behaviour anomaly detection to actively look for suspicious or unusual activity and separate the signal from the noise. Finally, enterprises should augment technology with human intelligence to accurately prioritise and effectively respond to emerging threats.
“Machine Learning and user behaviour anomaly detection are essential. The ability to quickly analyse an overwhelming volume of signals and data and identify traffic or actions that seem suspicious or unusual will enable IT teams to avoid alert fatigue. Although cybersecurity tools and Machine Learning algorithms are useful, they alone are not enough and the human element is imperative too. Cybersecurity experts with the skills and experience to recognise threats and malicious activity are necessary to provide context and prioritise the most urgent issues. Most small and medium-sized businesses are challenged to hire and retain these cybersecurity experts and instead leverage third-party managed security vendors to extend their own internal security team.
“Managed detection and response capabilities, in particular, are effective for detecting and responding to cyberthreats quickly, helping security teams cost-effectively bridge gaps and reduce the likelihood or impact of successful attacks. Organisations must make sure that computers are patched and updated and verify that devices have endpoint protection. They should also remind employees to be suspicious of emails from unknown sources and to refrain from opening file attachments or clicking on links; ensure that workers connect to the company network and sensitive data through secure means, such as a VPN connection; and instruct them to store data on company-sanctioned cloud storage platforms.”
Morgan Wright, Chief Security Adviser, SentinelOne: “Our recent threat report which analysed COVID-19 from a cyber perspective found that cybercriminals are increasingly looking for ways to exploit Coronavirus, take advantage of people working from home and play on their anxieties. Potential threats include phishing emails purporting to be from co-workers or virus specialists with an infected attachment containing ransomware, to fake websites that claim to have a cure and websites with COVID-19 or corona or coronavirus in the name. Over a seven day period, SentinelLabs and our threat team discovered:
- Registered domains including ‘coronavirus’ over a seven day period = 5762
- Registered domains including ‘covid’ over a seven day period = 6155
- Registered domains including ‘covid-19’ over a seven day period = 934
- Registered domains including ‘covid19’ over a seven day period = 3098
- Registered domains including ‘coronacure’ over a seven day period = 934
“Businesses that are relying on incomplete or hastily-developed Business Continuation Plans (BCP) are most at risk. Many organisations were faced with an almost overnight transition to a complete virtual workforce. Aspects like IT support, extending the security bubble to a WFH environment and BYOD all introduce new attack vectors by orders of magnitude. The human challenge is defending against the psychology of fear, uncertainty and doubt. Phishing emails that exploit fear over COVID-19 are particularly effective in getting a response.
“In terms of bolstering cyberdefence, the onus is on both the business and the employee. Think about it this way, it’s up to the employer to provide the hand sanitiser. But, it’s on the employee to use it. As an organisation you must lead from the corporate front. Keep cyberdefences simple, provide the right kind of tools and trusted communications and make the process as transparent as possible. A large proportion of cloud-based technology, that can secure both home and work environments, operate even when disconnected from the cloud, and protect the various endpoints including IoT.
“Organisations must ensure that the cybersecurity fundamentals are in place, simple steps like encryption and two-factor or multi-factor authentication are vital in securing your business. Furthermore, make common sense common practice. Some quick wins involve no cost to the company, but instead focus on changing the way your employees view security. Simple narratives such as ‘stop-think-don’t click that link’ only requires a behavioural change, but if universally implemented can save your organisation millions.
“In turn, as an employee, it is your responsibility to take a breath, practice common sense and implement security behaviour into every aspect of your work life. Avoid sharing company equipment with anyone, including children. Don’t mix business with personal on the same computer. Hold back from forwarding messages from home to work and vice versa. Refrain from clicking on suspicious links or attachments. Take a second before you knee-jerk respond to emails purporting to come from an officer in your company that is directing you to send files, money, or allow access to resources. When in doubt about the authenticity of any message or communication, use a trusted communications channel to verify. If applied without exception, this would stop every instance of Business Email Compromise.”
Adam Philpott, EMEA President at McAfee: “It’s evident that working from home has become a new reality for many, as companies across the globe require their staff to work remotely. While working from home offers many benefits, this upswing in employees connecting to enterprise networks from remote locations and using new collaboration tools can potentially leave organisations and staff exposed to security risks. Businesses should therefore be sure to educate their employees on digital security best practices and give them the tools they need to work securely from any location.
“Businesses and employees can optimise security and protect both personal and corporate data in a few simple steps. Firstly, using a VPN to establish secure connections when working remotely is vital, as an unsecured Wi-Fi connection creates an easy gateway for hackers to access personal information and data. Additionally, steering clear of suspicious email attachments and links is also crucial, as targeted phishing emails are often used to access personal data.
“Ensuring security when using collaboration platforms and video conferencing is also essential, as many employees transition from infrequently using these tools to now using a wide range of collaboration services. Business and IT leaders must recognise the potential security risks that come with a decentralised workforce using so many new and differing services which may or may not be suitable for enterprise use – for example, in this new working environment, corporate data can be shared by employees on both devices and platforms that the business does not control. It’s crucial that companies have visibility and control over which platforms are being used and what data is being shared, as well as how devices securely access information, to allow automated and user-engagement policies to be put in place to protect sensitive data.
“It’s also important for businesses to have a flexible architecture that can adapt to changes in working patterns, without the need for bolt-on security. To ensure this, they should be asking questions – are all devices secure and able to connect securely and scalably to the Internet? Is data being managed securely? What cloud services and infrastructure are being used? Businesses can then integrate each of these elements into a common platform to better manage threat prevention and defence as well as data loss prevention (DLP). What’s more, as remote working becomes the new normal, taking a collaborative approach to security and adopting a shared responsibility mind-set will be crucial if businesses are to meet current complex security challenges head-on.
“Finally, password security is key. Work applications should all be secured with complex passwords, and businesses should be sure to implement two-factor authentication on all work-related services and devices. Ultimately, getting access to something supposedly confidential isn’t always that hard for hackers nowadays. By requiring a second form of identification to log in, hackers are limited in what they can pull off, and home devices will be better protected.”