IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Highlighting advice available from the NCSC, Hunter Seymour reports on the cyber security issues that have affected so many IT and security teams during the COVID-19 pandemic as employees have moved to remote working.
Earlier this month, a warning flashed on my computer. The inbox opened with this message from a favoured charity, Sightsavers:
“I am writing to tell you about a data security incident involving a large technology company called Blackbaud . . . cybercriminals were able to make a copy of the data stored in parts of the Blackbaud system. This included data for numerous charities and organisations, including Sightsavers . . . we are confident this incident poses a very low risk to our supporters, and that credit card and bank details were not involved.”
Blackbaud, we are told, met the cybercriminals’ ransomware demand and received assurances from the hackers that the data had been destroyed. The National Trust and some 33 UK charities hacked in this data breach have advised the UK’s Charities Commission.
Please pardon a home-worker’s post-COVID paranoia, but does this mean that even now (gulp) these keystrokes you read here are infected by malware? And, as these words fly across the internet, are they spreading an unknown computer virus to lock your system? It’s a suspicion that demands closer examination.
Remote working: 127% increase in endpoint vulnerability
Specifically, since April when the number of worldwide coronavirus cases passed one million, we have been warned by the NCSC (National Cyber Security Centre, a part of GCHQ) that the post-COVID surge in home working has resulted in a significant increase in the use of Remote Desk Protocols (RDP).
The NCSC tells us: “Attacks on unsecured RDP endpoints (i.e. exposed to the internet) are widely reported online, and recent analysis has identified a 127% increase in exposed RDP endpoints. The increase in RDP use could potentially make IT systems, without the right security measures in place, more vulnerable to attack.”
In their identification of the vulnerabilities of exposed remote desk access software, the NCSC in effect issues a general warning to all home-workers: the possibility of data breaches due to the work-related environment becoming available to household members.
Clearly, then, the work and play of staff should be strictly segregated. To attain high-level security their work activities should be done on a workplace device, with personal activities restricted to employee-owned devices. For the concerned CISO (Chief Information Security Officer) the challenge is to provide home-working employees with company-owned and secured end-user devices, while restricting their usage to work-related activities only.
According to a poll from The Chartered Governance Institute, 52% of respondents will continue to work remotely for the next few months. 19% will go back to the office on a part-time basis, 19% will go back full time and an additional 10% specified another option.
CISO best practice for remote working
News this month that the UK’s largest listed asset management firm has told its 5,000 workers they are permitted to work permanently from home has sent shock waves through the City. This move is all the more surprising when, only a month earlier, the firm’s view was: “We think it is premature to assume that the office is dead,” citing some “companies that adopted remote working earlier, like IBM, have subsequently reined in the practice.”
Premature or not, today’s CISO must consider the prospect of a prolonged period of home-working for company staff as a distinct trend and, therefore, they must address the challenges raised by increased vulnerabilities that could provide opportunities for attackers to gain access to company systems.
It follows that your critical objective should be to bring your home-workers’ remotely-used devices under your control, so that appropriate security measures can be applied. A checklist of priorities to prompt your security planning should include several actions, including, but not limited to, those listed below.
Safeguarding end-point connectivity
Review anti-virus protection of devices
Reassess resilience, configuration and deployment of your company’s VPN (Virtual Private Networks), including legacy intranet interactions.
Apply regular software updates to patch security flaws and deny hackers access
Filter out unauthorised access to your network
Limit user privileges and restrict administrative entry to supervisory levels
Advise staff to change any easily-guessed passwords to three random words and implement 2-factor (or multi-factor) authentication to reduce access points for penetration of home-based networks
Discourage use of public Wi-Fi networks, which could provide easily accessible entry points for hackers
Monitor and test security controls, including system integrity possibly compromised by IoT devices and their peripherals
From the start explain clearly your Remote Management Regime, its applied technology and rules for home-working employees, with regular training to maintain network vigilance.
Resisting malicious COVID-19 cyber activity
The NCSC also warns that cybercriminals and APT (Advanced Persistent Threat) groups are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months. Due to the pressures of COVID-19, attacks thrive against newly (and often rapidly) deployed remote access or remote working infrastructure.
Unparalleled opportunities exist for criminals to compromise a company’s network security in scams that lock down systems once access is gained. Such enticements as Phishing or Spear phishing succeed by using the subject of ‘Coronavirus’ or ‘COVID-19’ as a lure in personalised targeted emails which appear harmless at first.
Similarly, distribution of Malware can use ‘Coronavirus’ or ‘Covid-19’ themed lures (e.g. an invitation to open an attachment or download a malicious file from a linked web page). Therefore, use monitoring tools to detect network-users’ poor judgement such as clicking on suspect sites or downloading attachments from unverified senders masquerading as a trustworthy source with ‘COVID-19’ as a pretext. Essentially, use a secure search engine and communication platform that shields users from malicious sites and malware.
Endpoint management roadmap
The NCSC continues to offer CISOs essential guidance to Indicators of Compromise (IOCs) for detection of cyber threats, as well as mitigation advice on hazards arising from the “fast-moving situation” shaped by the global pandemic. Examples include the NCSC Advisory note, or the infographic pictured below.
The great emphasis the NCSC places on the vulnerability of exposed Remote Desk Protocols must not go unheeded, because the ramifications of this neglect can be critical. Cyber security specialists, Reposify, have Identified “the fact that IT teams have much less visibility” when it comes to security of their Cloud assets. This observation should be considered in the context of RDPs exposed to the internet and hosted in the Cloud “without IT teams’ awareness, something which is unlikely to happen in cases of RDPs in internal networks, where there are firewalls and stricter procedures.”
Such a case for cybercriminal exploitation is bound to arise from increasing separation of workforces due to the COVID-19 fallout.
Wish-List: white corpuscles to defeat virus
This precautionary guidance to overcome this undesirable aspect of Cloud hosting is echoed by the Editor of CyberSecurity magazine in his recent online interview, How the Covid-19 Crisis Changes Cybersecurity. What emerges from this in-depth debate on the implications for CISOs of post-COVID impacts is that they must “rethink how they will collaborate to use the Cloud and not rely on it.” In essence: “Rethink your architecture, rethink the configuration of your remote access, and be prepared for everyone working from home . . . be prepared to embrace remote working as a reality.”
Somewhat more arcane thinking emerges in the debate’s summing-up: “Endpoint security is not the final solution. Period.” A shift more towards Security-by-Design is predicted “with the nice analogy of Self-Protecting Data like white blood cells” to counteract invasive viruses.
Evidently such a solution will be on every CISO’s wish-list but, meanwhile, with Cloud and rogue devices in mind, the bottom-line message from the NCSC is this:
Be vigilant. Embed your baseline Risk Management Regime across all devices to protect endpoint data when both inputted and in transit as well as when inactive.
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
A pandemic and remote working: Cyber security under the microscopeHighlighting advice available from the NCSC, Hunter Seymour reports on the cyber security issues that have affected so many IT and security teams during the pandemic as employees have moved to remote working.
Hunter Seymour
IFSEC Insider | Security and Fire News and Resources
Related Topics
“If people don’t feel safe they won’t go in a building” – Bridging the gap between facilities and security
IFSEC Global Podcast: Episode 10 – Security as a community & responding to crises with Bonnie Michelman
IFSEC Global Podcast: Episode 8 – Securing healthcare facilities during a pandemic and beyond
Subscribe
1 Comment
Oldest
NewestMost Voted
Inline Feedbacks
View all comments
Kristian Hartmann
December 11, 2020 12:42 pm
Most of us probably didn’t even think about the cyber security risks that come with the quick shift to remote working and home office. But the risk is indeed there. We chose to implement an EMM Solution from the provider AppTec and are hopefully secured now to prevent any of these risks We can also save money by allowing our employees to use their private devices as long as they are enrolled in this EMM Solution.
Most of us probably didn’t even think about the cyber security risks that come with the quick shift to remote working and home office. But the risk is indeed there. We chose to implement an EMM Solution from the provider AppTec and are hopefully secured now to prevent any of these risks We can also save money by allowing our employees to use their private devices as long as they are enrolled in this EMM Solution.