The COVID-19 pandemic has changed the way businesses around the world operate, and with the majority of employees working from home for the foreseeable future, cyber risks to businesses have increased significantly. As cyber offensive actors seek to exploit the widening attack surface created by the new normal of remote work, businesses must deploy new cyber risk management strategies to protect their operations. At Next Peak our Cyber Defender Network have been out the door helping companies meet the new challenges of remote work, and as we have started to push our thoughts to clients we wanted to share some ideas on how companies can adapt their cyber risk management strategies to protect business operations.
Cyber Risks Amplified: growing attack surface and new threat vectors
The sudden implementation of COVID-19 lockdown measures left many business scrambling to transition employees to working remotely, often without proper security preparations. Data has shown that around 60% of employees have been using personal devices when working remotely, and 90% are connecting via home networks, mostly without any new security protections in place. In addition, digital remote work has created a growing reliance on new cloud collaboration tools for video conferencing, project management and communication through third-party applications like Microsoft Office 365, Zoom and Slack. As a result, business is being conducted over unsecured channels, on different operating systems, and through multiple devices, and securing networks is made more complicated by third-party vendor risk.
This spike in electronic channel usage by end-users has created new threat vectors and expanded the attack surface for malicious cyber actors who have exploited heightened security vulnerabilities and the general anxiety over the pandemic for personal gain. The FBI has reportedly received a 300% increase in numbers of cybercrime reports since the pandemic began, and ransomware attacks increased by 148% between February and March with financial institutions accounting for 52% of all cyberattacks in March. COVID-19 themed phishing and vishing attacks to steal security credentials and engage in social engineering campaigns have increased exponentially, and we have also seen credential stealing fake mobile apps and malware claiming to provide information on the pandemic.
However, security defence efforts have been hampered by reduced coordination capabilities, a limited ability to monitor new usage patterns, and challenges in providing effective training to end-users. Security teams have also found that their attention has been diverted away from security duties towards assisting with other IT tasks to ensure that businesses can keep operations running as employees work from home.
What can companies do to improve cyber security?
Remote work poses new challenges to companies’ network security, and vulnerabilities will continue to grow as threat actors become aware of new vectors to access remote workers, and develop new attack tools and expertise to exploit weaknesses. Considering the challenges imposed by the pandemic, we have identified three security areas that require urgent attention.
First, businesses must review and enhance security controls in response to attack surfaces, mixed operating platforms, and offensive TTPs. Companies should: a) assess and strengthen technical and non-technical security controls including by enforcing endpoint security management and hardening devices; b) increase communication with management, staff, and customers to create awareness of potential threats; and c) focus on mission-appropriate remote access policies and controls including improving cloud security through a ‘Zero Trust’ approach.
Second, businesses must assess and address external cyber threats. This can be done by building or enhancing cyber threat intelligence (CTI) capability, and efforts should be focused on producing a targeted response that prioritises certain groups of threat actors according to industry cyber threat trends. Companies must also review risks associated with third party suppliers and partners and confirm the incident response protocols and arrangements of critical vendors. In addition, they may want to tighten security by applying tactical controls across the highest risk areas to mitigate insider threats by rogue or naïve employees.
Third, technology and security teams must undergo resource and continuity planning. Security teams should go through a process of assessing the evolution of the crisis, conducting mapping of IT and security functions, analysing end-to-end security processes, reviewing working procedures, and re-deploying and training staff. As resources are spread thin, companies may find that their current operating model is ineffective, and while automating some security controls will alleviate some pressure, they may decide to outsource parts of cyber security after careful consideration of potential supply chain risks.
These three areas address the immediate cyber and information security priorities faced by companies in light of the COVID-19 pandemic, but companies should not stop there. At Next Peak, we believe that in order to secure the long-term security priorities of the company, cyber security professionals should consider migrating organizational security architectures for remote working to a cloud-first, zero trust model.
A cloud-first, zero trust security architecture offers solutions to companies looking for efficient ways to enable workers to be productive remotely while maintaining security, increasing flexibility and cost efficiency. A successful cloud-first, zero trust architecture requires key components that include effective identity and access management, remote access to internal applications through identity-aware proxies, and cloud-first security tools like host-based firewalls. As remote work looks to continue for the foreseeable future, companies must ensure that their cyber security strategy remains effective in meeting their security needs, and at Next Peak we make sure companies have the tools to create a safe and secure remote work environment to meet the challenges of the new normal.