Source: Getty Images
The spread of the coronavirus is disrupting businesses and government agencies worldwide. But for cyber attackers, it’s business as usual. They see the global pandemic as just another opportunity to take advantage of people’s fears to distribute spam, spread disinformation and steal sensitive corporate data. And the fact that your organization’s security perimeter has moved to the endpoint – outside the protection of the corporate firewall and other network security tools – will make their “job” a lot easier.
It’s impossible to overstate the difficulty of the challenge now facing IT teams. Yes, allowing employees to work remotely has become more common – but not at this scale. According to data provided by GlobalWorkplaceAnalytics.com, only a small fraction of the workforce (3.6%) works at home at least half-time.
It’s one thing to ask IT to secure the endpoints of a handful of employees working from home, but asking them to do so for everyone – including themselves – is unprecedented. And so is the cybersecurity threat.
Tom Kellermann, who served on a presidential cybersecurity commission during President Obama’s administration, told The Hill’s Maggie Miller that, “there are nation-states that are actively taking advantage of (individuals working outside secure office environments), particularly our Cold War adversaries, and we need to be keenly aware that they are aware of the lack of security that is presented by everyone telecommuting.”
The Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security’s cyber agency, has issued an alert regarding the increase in cyber vulnerabilities that come from having so many people work from home.
CISA is particularly concerned about attackers targeting the virtual private networks (VPNs) employees use to access files remotely. It recommends that organizations “update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.”
The agency also raises a critical point about the psychological nature of cyber attacks like phishing emails that take advantage of teleworkers’ fears and uncertainties to pilfer their usernames and passwords.
Even if you are proactive in educating employees on following security policies and best practices, remember that it only takes one mistake to launch a ransomware attack or open the virtual door to a hacker looking to steal sensitive data. The fact that everyone is working on less secure networks increases that risk exponentially.
Hardening Your Defenses
Don’t just tell employees they need to remember not to click on the links in suspicious emails. Explain how malware authors will try to play on their emotions to get them to react first and think later (especially when using a smartphone device for email).
After you advise your users on the basics, practice what you preach. Stay up to date with all patches and implement a solid backup strategy. You may already have one in place to guard your servers, whether on-premises or in the cloud. However, your endpoints are also at risk because that’s where much of your company’s IP resides.
Complement your existing security layers with an approach that does not rely on blacklisting or threat intelligence or any prior knowledge about attacks in order to stop them. Note I use the word “complement.” Do not rip out your existing endpoint security solutions, but pair them with technologies that apply a whitelisting-like approach. That’s the key to building the most effective defense in depth posture.
A Promise to Our Customers
We are committed to keeping our services up and running. Our employees will work from home so they stay safe while they continue to provide our customers with effective levels of threat monitoring and support.