May 28, 2020 by Siobhan Climer and Mishaal Khan
The rapid deployment of remote work models in response to the Covid-19 pandemic is the stuff of cybersecurity nightmares. In fact, a joint security alert release by the US and UK agencies in early-April, aptly titled “COVID-19 Exploited by Malicious Cyber Actors” specifically called out four primary, albeit non-inclusive, vulnerabilities:
- Phishing, using the subject of coronavirus or COVID-19 as a lure,
- Malware distribution, using coronavirus- or COVID-19- themed lures,
- Registration of new domain names containing wording related to coronavirus or COVID-19, and
- Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.
This non-summative list includes the observations government agencies have made regarding the behavior of cyber criminals. Our report today will focus on the fourth item in the list. For CIOs, CISOs, and IT teams across the globe forced to quickly deploy remote infrastructure, the security concerns are catching up – or have already taken root.
How Remote Access And Teleworking Infrastructure Relate To Cybersecurity
The rapid deployment of remote access and teleworking infrastructure is ripe for exploitation for a number of reasons.
1. Remote deployments were done, by necessity, quickly. This means that proper vetting measures and testing simply could not be accomplished. These steps are crucial. Missing them opens up the door to a world of unwelcome possibilities.
2. Think of all those new security holes … er, we mean, endpoints. The network went from neatly contained to nearly limitless. Securing that number of unknown endpoints is complicated, especially if the implementation happened quickly.
3. The dreaded personal email account – and more unvetted applications – increase attack surface areas. In response to the Covid-19 crisis, more than 50% of businesses allowed users to use personal email accounts, according to a report by Barracuda. All it takes is one compromised device to let malicious entities begin gathering information and moving laterally through – or deeper into – the organization’s network.
Securing this enormous increase in attack vectors is no easy task.
Endpoint And Cloud Security In Remote Environments
Most infections happen at the end-user device. As such, securing endpoints is essential. But how do you identify, manage, and secure a potentially unknown number of endpoints?
The Basics: Identify Endpoints And Start Assessment
Now that the remote access implementation phase has passed, take the time to ensure all laptops have a minimum-level of endpoint protection. Examine applications that house mission-critical data and assess access credentials. In a non-standard work environment, some changes may need to occur.
Next Up: Secure Personal Devices
Confirm personal devices have anti-malware. A dedicated IT team member should work with each employee to ensure all personal devices are protected. Adding a level of additional security, such as multifactor authentication, helps to ensure only authorized users access critical data.
Multi-Factor Authentication: Should You Use It? The Good And Bad of MFA: A Cybersecurity Report
Enhance: Rethink Infrastructure
Cloud computing offers both complexity and simplicity, as it so often does. On one hand, the cloud offers yet another attack vector. A simple misconfiguration could be disastrous. At the same time, the cloud offers opportunity. By moving endpoint security to the cloud, businesses have a simple way of harnessing the vast number of endpoints and applying end-to-end security policies.
Endpoint And Cloud Security Work Together
The IT sectors’ town criers have been alerting organizations for a long time that endpoint security must eventually move to the cloud. Why?
Less Risk: Moving endpoint security to the cloud removes the need for expensive infrastructure investments. Ensuring timely updates and security reviews are the kind of thing that can easily fall to the wayside, especially during unusual circumstances. Security patches happen automatically within a cloud environment.
More Reliable: Redundant processes, continuous monitoring by experts, and alert notification mean that your endpoint security is wrapped in a systematic process. Cloud endpoint solutions ensure things run like clockwork – even when a crisis event occurs.
Improved Availability: Most cloud-based endpoint security solutions offer anywhere from 99.9% to 99.999% availability. This guarantees a level of security simply not possible when endpoint and cloud security are managed in-house.
Real-time Detection: Detection and response is faster using the cloud. Creating a root cause analysis diagram takes significantly less time, allowing your teams to have the most up-to-date information and informed response protocols.
Better Visibility: Consider email as an attack vector (if you haven’t already). In fact, according to Verizon, 94% of malware attacks start with email. Cloud-based endpoint security solutions improve your visibility, not just into how many inboxes a particular threatening email may have entered, but other elements of your network that would otherwise require more manual data-gathering and investigation.
Start Securing Endpoints Today
Prevent threats and keep your business running. Ensure any change to your standard protocols and network deployments has been noted, assessed, and modified to meet the changing security landscape. Add remediation and controls to protect your network. And don’t do it alone. Our team of cybersecurity experts, including ethical hackers, network security specialists, and pentesters, can give you the insights you need to secure your business – for today and every day in the future.
Talk to a Mindsight expert today. Contact us today to discuss endpoint and cloud security capabilities.
Like what you read?
Mindsight is industry recognized for delivering secure IT solutions and thought leadership that address your infrastructure and communications needs. Our engineers are expert level only – and they’re known as the most respected and valued engineering team based in Chicago, serving emerging to enterprise organizations around the globe. That’s why clients trust Mindsight as an extension of their IT team.
Visit us at http://www.gomindsight.com.
About The Authors
Mishaal Khan, Mindsight’s Security Solutions Architect, has been breaking and – thankfully – rebuilding computers for as long as he can remember. As a Certified Ethical Hacker (CEH), CCIE R&S, Security Practitioner, and Certified Social Engineer Pentester, Khan offers insight into the often murky world of cybersecurity. Khan brings a multinational perspective to the business security posture, and he has consulted with SMBs, schools, government institutions, and global enterprises, seeking to spread awareness in security, privacy, and open source intelligence.
Siobhan Climer writes about technology trends in education, healthcare, and business. With over a decade of experience communicating complex concepts around everything from cybersecurity to neuroscience, Siobhan is an expert at breaking down technical and scientific principles so that everyone takes away valuable insights. When she’s not writing tech, she’s reading and writing fantasy, hiking, and exploring the world with her twin daughters. Find her on twitter @techtalksio.