Cyber security risks during the corona pandemic
Covid-19 has thoroughly shaken both our private lives and our professional activities and will probably continue to do so for the foreseeable future. Our government have taken strict measures and the majority of the working population has been working from home for weeks. This is a huge adjustment for employees and employers especially when it comes to cyber security.
Working remotely presents many challenges especially if companies are obliged to switch to working from home without proper preparation. Most organisations are actually not ready to give a substantial part of their employees remote access to their infrastructure at the same time. And this at a time when the risk of cyber attacks is greater than ever. After all the coronavirus outbreak makes us less wary of hackers who consider this an excellent opportunity to break into our computer systems.
The good thing is that we can prepare in a short space of time. With a few simple measures you can make life for hackers a lot harder.
VPN infrastructure is not ready to be scaled up
The average VPN infrastructure for an organisation is set up that about twenty percent of the employees can work from home. Due to Covid-19 outbreak the share of home workers can suddenly rise to as high as eighty to ninety percent. This quickly drains the capacity of the VPN infrastructure requiring expensive and time-consuming upgrades.
You can however implement a solution that gives client machines access to critical servers without using VPN. Technology exists today that creates a disguised cryptographic peer-to-peer network between the endpoints and the servers. This takes the strain off the VPN and also provides access based on minimal privileges.
VPN allows unnecessary access
A VPN normally gives employees full access as soon as they have made themselves known on the network. This is sufficient if they are within the walls of an office environment but not if they are working from home or remotely. About eighty percent of employees have access to only twenty percent of infrastructure and applications. So to limit the potential for hackers it is better to follow the principle of least privilege and give users the absolute minimum rights to perform their work.
The same technology not only provides users with secure access to critical applications but also enables identity based access control. This limits access to the required applications and thanks to access control it also reduces the possibilities for hackers.
Increased risk of attacks on endpoints, servers and backup infrastructure
Covid-19 is the main news item these days and attackers like to use it. Our interest in the coronavirus is the ideal opportunity for cyber criminals to spread phishing scams. They hope to encourage users to click on malicious links or to download apps that install ransomware or steal personal information.
The technology already mentioned obscures endpoints and servers making them invisible to network mapped scans and therefore more difficult to hack. It is also possible to integrate this technology with other security software that upon detection of an incident may request the software to isolate the endpoint or server to prevent further contamination. To prevent ransomware from encrypting backups this software can also with encryption separate and disguise your backup infrastructure.
However it is of course still necessary to inform users about the risks of phishing, downloading malicious apps and other precautions they must take with regards to cyber security. Good e-mail and web filtering technology also helps against phishing emails and other malicious downloads in general.
Article continues under image
Vulnerabilities with suppliers and third parties
Suppliers and other parties may face the same problems as described above. So make sure that they also carry out the necessary checks in order not to endanger themselves and your organisation.
Have an open conversation with suppliers and third parties about the increased risks that Covid-19 poses. Find out if they too have relevant mechanisms in place to protect their own data and yours. If they cannot present them limit their access to environments using the technology as above for example
Denial of service attacks and hiding malicious traffic
The increased external traffic in your organisation also offers attackers the opportunity to pressurise your external and web infrastructure with a denial of service attack or to conceal malicious traffic between legitimate external traffic and this way avoid detection. That malicious traffic can result from compromised endpoints or stolen personal data. Due to the rapid transition to an external working environment this can easily go unnoticed.
Talk to your telecom provider and other service providers to mitigate the risk of these types of attacks. An additional investment in user and network behavior analysis along with the controls discussed above, can help detect malicious traffic trying to hide.
Make sure your business continuity plan is up to date
Unfortunately many organisations were simply not prepared for the speed with which Covid-19 has unfolded. As a result they had to roll out home work facilities very quickly and the cyber security requirements sometimes were not the top priority. This provides opportunities for attackers to look for leaks in the system.
An important lesson that Covid-19 teaches us is that organisations must always be resilient. It is therefore important that you have a robust, updated and thoroughly tested business continuity plan in place.
Tech-Wales and Cyber Security
At the moment all of our staff are working form home however this does not stop us to provide our excellent IT services to your organisation. If you need Business IT support or require our cyber security consultancy due to an increased amount of staff working from home do not hesitate to contact us.