Cybersecurity hygiene has never been as crucial as it is today. We are working remotely, putting in more hours and dealing with new situations we haven’t experienced. For many, this change is not only stressful, but also distracting. These changes have upended the traditional workday and, in many cases, our concentration, which introduces risk. Even the most security-conscious engineers and employees might miss something important or overlook a task that would previously be a routine security activity.
Back to Basics
We have seen an uptick in cyberattacks in recent months with disruption caused by phishing campaigns, DDoS and data theft. These have always been the three most common attack vectors, but the pandemic has allowed malicious actors to take advantage of what they view as an opportunity. According to a report by Interpol, during the period of January to April 2020, more than 48,000 malicious URLs were created, which would have been used for phishing attacks and malware delivery.
Simultaneously, technologies are being introduced, enhanced and expanded almost daily to support new ways of working with investments to support home offices and proximity tracing, with 5G leading the charge.
With this acceleration level, now seems like a good time to step back, take a breath, and re-consider the basics of cybersecurity. This does not mean slowing down, but rather taking stock of the situation to ensure that all the right boxes are ticked and innovation is not getting ahead of protection. Remember, one misstep could cost millions in revenue, brand and reputational damage.
Adequate endpoint security should be the first area of focus, ensuring that every device has protection in place. This is foundational to keeping threats at bay and sometimes gets overlooked with the assumption that ‘it is working.’ With so many remote workers, enterprises must ensure their employees are using suitably secured and centrally-managed devices, whether personal or corporate-owned. At a minimum, each device should have anti-virus and intrusion detection with data-loss prevention capabilities installed to protect local data, with cloud-based email security for phishing and malware detection.
Check that there are policies to automatically update anti-virus and endpoint protection signatures, as this helps protect users against direct phishing attacks that can contain a ransomware payload. Also, review the cloud email policies. Ensure that these are up to date and can spot untrusted content being sent as attachments to users.
The next place to review is the network firewalls. These are essential for controlling access, ensuring that only good traffic gets in and anything suspicious is rejected or reported. At the least, today’s enterprise will have next-generation firewalls on the network. These devices can look inside network traffic, identify threats at an application level, perform anti-malware actions or reject packets from untrusted sources. Take time to review the firewall policies; these are not always updated regularly and may be outdated or need replacing.
Going one step beyond the traditional firewall – and into an area where we see investment due to the increase in threats targeting home workers – is the addition of Advanced Threat Protection. This solution uses a combination of machine learning and signature testing to identify unknown traffic before it enters the network. If this detection is not successful, then the traffic is loaded into a sandboxed operating system, which causes it to activate and self-identify. This provides an additional security layer over the traditional next-generation firewall and can even detect malware that may not have been visible in any signature database.
According to a recent report commissioned by Juniper Networks, more than 80 percent of security teams need better visibility. One of the biggest challenges is not missing an alert amongst vast amounts of traffic. This is where the SIEM (Security Information and Event Management) is vital and many enterprises will have one in place – but how well is the monitoring tool managed? Being able to analyze data for visibility can provide indicators of a potential threat. Still, if the SIEM policies have not been reviewed or updated since it was deployed, it’s too easy to miss something or become overloaded in false positives. Offices with reduced staff, many remote workers, over-worked VPN concentrators and employees using personal devices increase the possibility of a breach or attack. Take time to look at what the SIEM is collecting and reporting and ensure that it has been updated to consider changes in the threat and working landscape.
The final piece of the cybersecurity puzzle to review is the users. For many of us, the workday has changed significantly. We are no longer spending time with colleagues in an office or on the road to events and meetings, but instead working at home with a greater reliance on technology for contact and content. Remote workers must take additional responsibility for keeping data safe from attacks, but it is the role of the company to provide training, awareness and tools to make this happen. This does not need to be complicated or time-consuming, but should cover the following areas:
• Ensure that home-WiFi passwords are secure and anti-virus is installed on all computers at home – not just the work laptop
• Remind employees that a suspicious email still needs to be deleted
• Emphasize that just because you are the only person in the house, it doesn’t make locking the laptop screen any less critical
As security specialists, we can sometimes forget that other employees do not have the tuned sense of awareness that comes with our role. Putting the foundations in place for reliable security will prevent many threats from getting in. Still, going back to basics and promoting security awareness and hygiene are the key components in keeping things safe in confusing and challenging times.