With mass vaccination ramping up and the possible end of the pandemic in sight, it’s time to look at how organizations will return to normal in terms of cybersecurity.
Once the pandemic draws to a close, the only certainty is that the world will no longer be the same, as new paradigms have radically changed the way we work and relate.
The COVID-19 crisis has created new challenges for organizations that have upset their work processes to allow their employees to work from home while keeping their services unchanged and efficient.
Due to the new posture, the attack surface for businesses is growing as a larger number of services and resources are exposed online and their protection is a top priority.
Remote workers are still in danger
Unfortunately, most organizations haven’t implemented a secure remote working environment, and the promiscuous use of some resources like internet connections and mobile devices poses serious risks.
Most SMBs adopted the ‘Bring Your Own Device’ (BYOD) approach, allowing their employees to use personal devices to access corporate resources. Clearly their devices could not guarantee an appropriate level of cybersecurity as the workplace environment. In some cases, organizations have mitigated this exposure by adopting mobile device management (MDM) solutions, but it is not enough to completely secure their devices, especially when they connect to the organization through unsecure wifi networks.
Working from home inevitably reduces the level of inherent protection ordinarily implemented in a working environment. Phishing and spear-phishing campaigns, business email compromise (BEC), and malware-based attacks are only a few examples of attack vectors that could hit employees while working from home.
How the pandemic changed the security landscape
Security firms have documented a surge in COVID-19-themed cyber-attacks during pandemic, in many cases threat actors attempted to exploit the human factors targeting employees working from home.
Strong authentication mechanisms are essential to protect companies’ resources from unauthorized accesses. Credential stuffing attacks have skyrocketed during the pandemic due to the availability in the cybercrime underground of combinations of username and password obtained from past data breaches. Once obtained employees’ login credentials, attackers can access internal company networks and communication platforms.
The human factor is another element of great concern. Employees working from home may be continuously interrupted by people that live with them, and attackers could benefit by these drops in the attention level.
Another element to consider is the push towards digital transformation by governments who want more technological and proactive organizations, demanding them to be resilient to new emerging cyber threats and this requires a cultural change.
The above changes introduced with the pandemic will impact the return to work in post-COVID-19. Clearly, nothing will completely return to just like it was before the pandemic, and businesses must be prepared for the new cybersecurity risks.
In a post-COVID19, scenario many organizations will continue to adopt a hybrid model, with part of their employees working from home. However, organizations are not prepared for the spike in sophisticated cyberattacks targeted at them.
Organizations have to implement additional security measures avoiding to be intrusive and boosting their adoption by employees.
How can organizations increase cybersecurity after the pandemic?
Below is a list of recommendations for organizations that allow employees working from home:
- Enforce cybersecurity awareness programs: employees should be aware about cyber threats, threat actors and their tactic, techniques, and procedures. This knowledge is essential to spread a culture about cybersecurity within the organizations to mitigate the risks of cyber-attacks. Specific awareness programs have to be designed to teach employees how to avoid social engineering attacks such as phishing/spear-phishing attacks and BEC scams. Employees must be trained also on home network security fundamentals, for example how to secure their home wificonnections (i.e. which wifi protocol to use, how to keep router firmware up-to-date, use of a strong password).
- Enforce the implementation of a risk assessment model: organizations have to perform a risk assessment and regularly evaluate the level of exposure of the organizations to determine the action and the controls to mitigate them. Businesses should adopt governance, risk, and compliance (GRC) solutions to improve risk management and monitor the company’s risk exposure.
- Adopt anti-malware and security solutions: organizations should install anti-malware and security software for the computers used by their staff. In this way is it possible to protect employees from generic and low-level attacks. Organizations have to adopt new technologies that can implement deep protection of endpoint and adopt strong authorization processes.
- Implement and adopt a formal strategy for the use of cloud services: a growing number of organizations will move their infrastructure into the cloud to reduce the cost and improve efficiency and resilience. This process could expose the organizations to cyberattacks if they lack a formal strategy that considers “security” a pillar.
- Adopt Threat Intelligence solutions: medium and large enterprises should use cyber threat intelligence to rapidly identify attack pattern and indicators of compromise (IOC) to mitigate cyber-attacks.
- Use a VPN: employees have to use Virtual Private Networks while accessing corporate resources.
- Periodically conduct vulnerability assessment and penetration testing of resources inside the corporate perimeter: organizations have to periodically scan their infrastructure for vulnerabilities in its systems.
- Keep up to date business continuity and crisis plans: organizations have to keep their business continuity plans updated, including a detailed analysis of possible attack scenarios.
- Create an incident response procedure and keep it up to date: organizations have to define an incident response process that has to evolve as the organization grows, and have to consider introducing changes to internal processes post-COVID (i.e. working from home, increase of surface of attack due to increased number of mobile devices used by the organization).
- Implement Zero Trust paradigm: only authenticated and authorized users/resources are granted access to applications and data.
- Review supply chain partners and third party service providers: organizations have to review third-party agreements to ensure they meet the new posture of the organization in a post-COVID19 scenario.