Does your organization seek to transform workforce productivity, agility, and security while exponentially increasing employee satisfaction? Moving to the cloud affords you the opportunity to empower employees to securely work remotely while providing greater flexibility. Three months ago, cybersecurity leaders were laser focused on optimizing cybersecurity processes to defend their established enterprise perimeters. We were all dialed in on combating the offense (cyber threats and risk) through a defense trained specifically on our relatively understood operating environment.
Fast-forward to March 2020; a global pandemic has changed the threat landscape and thrust organizations of all sizes into a new normal. Remote working is no longer optional, but essential for all workers and not just those in tech. Microsoft revealed it now has more than 44 million daily users of its collaboration/video-conference service, generating over 900 million meeting and calling minutes (a 775% spike in demand since February). Similarly, Nasdaq reported that Cisco’s video-conferencing app, WebEx, has registered 324 million attendees in March. With millions of new connections and thousands of new endpoints (BYOD and corporate owned), the organization’s defensive perimeter has grown exponentially, particularly in the use of cloud services.
With more connections, endpoints, and cloud services, organizations are facing larger, more distributed attack surfaces defined by gaps in detecting and monitoring identities and user behavior in their environment. This empowers cyber adversaries to go on the offensive, exploiting the natural human fear factor inherent in the current COVID-19 pandemic. According to cyber threat intel firm CYIFIRMA, a 600% increase in cyberthreat indications and warnings related to COVID-19. Additionally, Google’s Threat Analysis Group (TAG) has detected 18 million COVID-19 related phishing and malware events each day, along with increased activity from nation-state attackers. Although tactics and techniques have not drastically changed as the leading attack methods remain phishing, malicious domains, ransomware, and commodity malware, attackers are naturally taking advantage of gaps in monitoring and detection capabilities introduced by expanded networks and digital footprints. This uptick in threat activity has forced the FBI Cyber Division, US CERT, and UK Interpol to issue warnings of increased activity and need for awareness.
Organizations must now look to shift their cyber defensive strategies to address a newly remote workforce and decentralized operation pushing reliance on cloud services. This is necessary to ensure overall cyber resiliency and to account for the expanded enterprise network perimeter. We at TalonX honed-in on four domains that organizations should focus on to decrease cyber threats and risks introduced by their new remote workforce and rapid reliance on cloud services.
1. Rejoice, we have the cloud…but what about cloud security?
A 2019 Gartner study revealed the cloud services market segment was forecasted to grow 17% in 2020 but this did not account for the demands that the COVID-19 pandemic placed on organizations to rapidly adopt remote solutions for their workforce. Although the cloud service providers remain poised to scale and meet capacity demands, most organizations do not have the internal capability to scale security in parallel. A survey conducted by Fugue revealed 84% of IT professionals are worried about ensuring the security of cloud environments during the rapid transition to 100% distributed teams. Additionally, 92% of IT teams are worried that their organization is vulnerable to a major cloud misconfiguration-related data breach. The rapid shift toward cloud services to manage remote worker requirements has increased the need to update cloud computing policies, ensure adequate controls are in place, and provide governance over the growing number of cloud APIs. These concerns call for organizations to bolster, or even implement software as a service (SaaS) security solutions that provide capabilities such as file auditing and blocking, regulating all communications for a defined set of ports and applications, external IP blocking, URL filtering, and a web application firewall (WAF) capabilities. Also, organizations should look to deploy a cloud access security broker (CASB) solution to manage policies governing applications on the influx of new endpoints.
2. Say hello to your remote workforce and all the new endpoints!
COVID-19 has led to an average growth of remote workforce for organizations from 20% to 90% overnight. We have observed organizations’ IT teams pressed to deploy thousands of new corporate endpoints and personal devices, with a primary focus on operational capabilities over security concerns. Organizational leadership is willing to accept these risks to ensure business can press on, however cyber leaders understand that securing the endpoints is inherent to maintaining a favorable risk profile. A survey conducted by IPass revealed 57% of CIOs suspect their remote workers have been hacked or caused a mobile security issue in 2018. To combat the threats posed by an influx of new endpoints, organizations should update device onboarding procedures, review and enhance current technical endpoint controls, and expand endpoint monitoring and detection capabilities. This provides the ability to detect malicious activity and tune detection logic for gaps uncovered in their expanded endpoint landscape.
3. The network perimeter starts with remote worker Wi-Fi
Every home device or wireless connection is a potential entry point for attackers. According to the 2018 Mobile Security Report, 81% of CIOs said their organizations had experienced a Wi-Fi related security incident. Reducing risk associated with home Wi-Fi networks helps limit the attack surface associated with a rapidly deployed remote workforce. Although organizations are not likely or not able to mandate policies on an employee’s home Wi-Fi, awareness campaigns that empower remote workers as “security agents” (by changing Wi-Fi default passwords or ensuring they are using WPA2 or WPA3 protocols on Wi-Fi networks) shrinks risks associated with the new enterprise perimeter. These items, along with the use of a corporate VPN with multifactor authentication (MFA), may not sound elaborate or cutting-edge, but will decrease remote workers attack surface and reduce the overall organizational cyber risk.
4. Reinforcing basics through awareness and training
As your employees’ transition to working from home, the office posters and constant security reminders may become ineffective. Now the updating and employment of security training and awareness programs is more important than ever. Wandera’s Mobile Threat Landscape 2020 highlights that 83% of phishing attacks in 2019 occurred outside the inbox in text messages, Facebook Messenger and WhatsApp along with a variety of games and social media services. To combat these threats, organizations should look to include security nuggets in email correspondence and increase the volume of warning messages on internal applications. Organizations must also update acceptable user and remote worker information security policies to set a standard for the shifting operational environment. Lastly, updating and educating all employees on the proper communication channels for reporting suspicious activity on devices they are using to support work from home activity is critical. Hammering the point home: the importance placed on heightened security planning should focus on mitigating one of the most common cyber risks…humans.
Minimize your remote workforce attack surface through a cloud-focused detection and response
With a largely remote workforce as the new normal for many companies, mitigating risk and tactically defending the expanded attack surface is a must. The time has come for companies to enhance their current defensive strategy and provide their remote workers with the tools and techniques to improve the organizations cyber risk in an unusual time. We at TalonX provide a remote work and cloud security focused managed detection and response (MDR) service built on automation to rapidly surge capacity for security operations teams that have become overtaxed by the uptick in attacks and alerts. Our security stack enables us to monitor and protect client cloud environments across IaaS, PaaS, and SaaS. Additionally, we can help bolster your operational capacity through tailored security automation solutions focused on reducing cyber risk and accelerating cybersecurity processes. Incorporating a defined cloud and endpoint security strategy reinforced by automation is the next evolution in the chess match of the defense gaining an advantage over the offense!