The unprecedented global lockdown in the face of COVID-19 has forced companies worldwide to activate emergency business continuity plans, having to support thousands of people working from home like never before.  Most companies have been responding to this in two phases:

 

The initial rush to “Get remote and get connected”.

For many large companies, the majority of their workforce have come into the same offices for years, working on local networked machines with local support, physical meetings and connectivity.  The current situation is a massive hurdle for their operations teams to overcome, equipping and enabling all staff to work from home effectively, including rolling out VPN, MFA etc.  That business imperative around productivity comes first and teams have been working feverishly around the clock to enable their people to carry on working with as little disruption as possible.  For some firms that were already working with a remote-first or at least remote-enabled culture, this transition is a lot easier than for others that have to scramble to purchase laptops, video conferencing licenses, headsets, and configure their networks to operate in this way at scale. 

 

Most companies are now through Phase 1 and starting to think about… 

 

Digital Resiliency during remote work.  

As the immediate, frantic move to remote works subsides and becomes the new normal, new priorities come to the fore ensuring the business can continue to operate securely and resiliently remotely.  This second phase is becoming all the more important as it becomes obvious that even if lockdowns are lifted in the coming months, there is a very real chance that similar restrictions are imposed again during any resurgence of the virus before a vaccine becomes available en mass, which is at least 12-18 months away. 

 

As such, companies must be prepared to roll into remote work again with minimal notice and maintain their productivity and security.  From a security perspective, this is a very different environment to the traditional world where network penetration tests, web and email Gateways, policy frameworks and DLP were at the fore.  Shifting to the new world and maintaining regulatory compliance requires operational agility and the right measures must be put in place swiftly to effectively manage risk through this crisis.

 

In many respects, there is nothing that new here.

 

For years, companies have been moving towards more remote working and cloud adoption as part of their digital transformation programs.  However, current events are going to be the greatest accelerant these initiatives have ever had.  As well as dealing with the immediate crisis, many companies will not return to their old ways when we are on the other side of this – once productivity is established in the new world, many of the changes are here to stay because companies will have invested heavily, made them work effectively, and have the ability to cut costs by doing away with some previous working practices including legacy, on-site approaches to technology.  These changes include:

• Adoption of cloud storage and cloud applications by default vs on premise software and hardware
• Remote working enabled by default for all employees, enabling:
• More flexible hours and working from home possible, not least because employees will expect it
• The ability to hire more remote employees where there are strong talent pools and less competition than in traditional, major metro areas

 

Many of these changes are positive and progressive, but they come with a new set of risks.

 

Risks of a remote workforce:

• Lack of visibility: In order to protect a firm and its data it’s paramount the security team understands the assets they have that are visible and accessible to their adversaries  With the scramble to get everyone online in Phase 1, many new internet-connected assets likely came online and much will likely be insecure or open to attack.
• Accidental data exposure: Having thousands of new, remote workers accessing data outside the perimeter risk that data ending up in the open, especially through use of cloud file storage and other third party services.  That data could include customer records, credentials, code and IP or other sensitive information critical to the company.
• Phishing attacks: Since lockdowns were initiated we have seen a large increase in phishing attacks on our clients.  Just because a lock down is in place does not mean the attackers will cease attempts to breach their targets, especially when new opportunities present themselves including exploiting COVID-19 hysteria through malicious domains, social profiles and campaigns.
• Threat to VIPs: Suddenly, the C-suite of major organizations is outside the perimeter and more vulnerable than ever to targeted phishing and other attacks and is likely to expose themselves to attack online like never before.  
• Increased third party risk:  All partners and suppliers are at increased risk in the new world since most are also going through rapid digital transformation and enabling remote work, with all of the associated risks.

 

Our team also put together a Threat Model of a Remote Worker. Check it out here:

 

What can be done about these risks?

Fortunately there are a range of measures organizations can take to secure themselves for now and for the future against these digital risks:

• Establish visibility: It’s critical that organizations map out and understand their external digital footprint to understand which assets they have and which are open to attack.  As well as commercial services, companies can look to free services to do some of the work here themselves with tools like Shodan and Censys.  If you don’t understand what you have, you cannot defend it.
• Minimize your attack surface: Having identified their attack surface, it’s important that companies also minimize it by fixing misconfigured devices, patching, removing assets that should not be online, and taking down other hand-holds gifted to attackers like access codes and keys.
• Insider threat: More than ever, insider threat is possible with employees outside the network with access to sensitive material.  Existing risk mitigation programs should be ported to the new environment with external monitoring across open, deep and dark web for malicious activity. 
• Protect VIPs: High-risk individuals should be trained appropriately for the new set of risks they face.  In addition, their digital footprints should be assessed and monitored to make them harder targets for malicious attack. 
• Defend against the phishing onslaught: Continuing phishing education programs and training should be provided to employees.  Simultaneously, monitoring for and taking down malicious domains is critical to defend the company and its customers from phishing attacks and reputational damage at a time when digital channels are paramount to business continuity.

 

Coming into this crisis all companies have had to adapt to the same new realities of the working world.  However, some will adapt to their new cyber security reality better than others and will come out the other side secure, resilient, and prepared for the future.

 

 

Looking for more free resources on cyber threats to your business around COVID-19?

Check out our dedicated resources page here:

https://resources.digitalshadows.com/coronavirus-threat-intelligence-resources