A 2019 report released by the National Cyber Security Alliance (NCSA) showed just how devastating a cyberattack is to small and medium-size businesses. After suffering a data breach, 25 percent of the businesses surveyed had to file for bankruptcy, with 10 percent closing permanently. Now, during extraordinarily trying times, hackers are doubling down and taking advantage of new vulnerabilities as well as new attack. From nefarious ransomware masquerading as a COVID-19 contact-tracing app to phishing campaigns that use well-known brand names as bait, cybercrime is at a new level.
When considering the unprecedented number of people working from home, it’s nearly the perfect storm of security challenges requiring businesses of all sizes to batten down the hatches. It is also a tremendous opportunity for businesses to move away from just being defensively reactive and rethink positioning to stay ahead of attackers. After all is said and done, these circumstances have the potential of serving as a catalytic force, inspiring new breakthroughs that will enable companies to thrive moving forward.
Defining new rules for a new game
Working remotely may not be a new concept for some, but it is for the millions of people who had to abruptly transition to a home office. And it’s testing organizations, putting their IT departments under great stress. Like employees, many companies were unprepared for the many challenges of this seismic shift, one of which has been the dramatic changes in network and enterprise boundaries. Suddenly, securing endpoints became — and continues to be — a top concern. And for good reason. A recent TrendMicro survey of 13,200 remote workers across 27 countries reveals that, although 72 percent of respondents feel more conscious of their organization’s cybersecurity policies since lockdown began, they’re not necessarily following the rules:
- 56 percent are using a non-work app on a corporate device, with 66 percent uploading corporate data to it
- 39 percent “often” or “always” access corporate data from a personal device
- 80 percent are using their work laptop for personal browsing
In practice, those numbers are probably higher given that these behaviors go against company policy. But, to be fair, there was this understandable push to operationalize and keep the wheels of productivity turning, so providing employees with quick access took precedence. And there’s still likely a false sense of security working from home compared to an office environment. Employees may not be on guard, particularly when opening emails, thinking the “office filters” are firmly in place — which is exactly what hackers are hoping.
Keeping a close eye on the network
In the work-from-home model that’s quickly become the new normal, vigilance must be constant. A comprehensive approach that includes protecting network extensions with the right Virtual Private Network (VPN), controlling the blast radius but binding applications with smaller segregated networks (VLANs, etc.), using Network Traffic Analysis (NTA) processes to detect targeted attacks and 24/7 network perimeter monitoring is key to ensuring security.
It’s also critical to recognize potential weaknesses and take protective steps to resolve them before an attack is attempted.
With accountability and network boundaries changing, and in some cases disappearing, Cyber R&D Lab assembled some best IT practices for safeguarding both employees and business assets, a few of which are presented below:
- Prioritize segmenting and secure remote networks - Now that we are halfway into 2020 and months into the pandemic, enterprises of all sizes are looking at new approaches to build a more resilient remote workforce. This includes securing and monitoring not only endpoints and authentication, but also remote workers themselves. In addition to having a plan in place for network segmentation and VPN pool allocation, it’s important to ensure that home routers use unique, strong passwords and that both home router firmware and IoT devices connected to home networks are updated. This includes everything from smart TVs and surveillance cameras to gaming consoles and baby monitors.
- Strengthen account access requirements - Penetration testing shows that at least 75 percent of companies use dictionary passwords for their external services, such as websites, portals, databases and teleconferencing. For remote workers, passwords should be more complex and updated every 90 days. For non-privileged accounts, its recommended to create passwords that are at least 12 characters long for regular users, and 15 for administrators. Exporting password hashes from the domain controller (in ntds.dit) and running this file through password cracking dictionaries is a great way to check for complexity, character count and the proper use of capitalization, symbols and numbers.
- Increase awareness and training - Discussing important topics like phishing and malware combined with reporting procedures and well-designed, straightforward training materials are now essential for increasing awareness and building a proactive workforce. This includes communicating clear instructions on how to report potential threats, such as business email compromises that target employees responsible for paying vendors and taking extra measures including phone calls or video conferencing to verify identities.
- Offer a new perspective on monitoring - Employee monitoring software has been around for years, but never so ubiquitous as it is now. Perceived by many as Big Brother watching their every move, the pandemic is offering companies the perfect opportunity to remove the dark shadow from a solution that aims to help people stay safe and focused rather than catch them in the act of doing something wrong. How the notion of monitoring is communicated will make all the difference in how employees perceive it. Underscoring the benefits that monitoring provides to ensure employees are safe from hackers is just one way. Using it as a tool to discover top performers or incentivize productivity is another. Companies may find that some of the most productive employees are able to accomplish far more in less time and, as a reward, they can offer these employees greater flexibility to keep them motivated and inspired. Companies could also introduce contests and challenges (in the same way a physical office often does) with monitoring utilized to track results.
Although it seems we have been forced into a new way of life and business, perhaps this is a part of our natural evolution. Instead of adapting to survive with a defensive strategy, we adapt to thrive with new offensive processes and perspectives that benefit all but the cybercriminals. It’s more than a possibility; it’s a reality well within our reach.