Tackling the cybersecurity challenges of our new normal
by Vincent Goh, Senior VP, Asia Pacific and Japan, CyberArk
Within a short time, business as usual has become anything but the usual. Millions of workers worldwide have shifted to remote work. Many have been redeployed to focus on evolving business priorities, and others face general uncertainty about the future of their jobs.
In March 2020, Singapore's Ministry of Manpower announced that companies that do not allow telecommuting wherever possible may be issued a stop-work order* as a means to enforce remote working. As IT teams work around the clock to execute business continuity plans, cyberattackers have been working just as hard to exploit weaknesses in the current environment.
CIOs and chief information security officers (CISOs) must find the best ways to manage the current situation, while keeping employees safe and productive. As they navigate this new normal, three fundamental areas are emerging as key priorities for security leaders across people, processes and technology.
Securing people
While remote work was growing in popularity before it became a necessity, there are still many people across industries including government, finance and education who have never had to work in this manner before. They are forced to navigate a completely different way of getting their jobs done. At the same time, they are homeschooling their children, caring for aging parents, poring over the Internet for the latest news on the unfolding situation, and trying to snag an elusive time slot for grocery delivery. Needless to say, with everything else on their minds, security can be an afterthought, and attackers know this.
Attackers have launched a wave of phishing, ransomware and social engineering campaigns, taking advantage of the confusion and distractions. Some attacks that made headlines recently include scammers impersonating World Health Organization (WHO) email addresses to shift donations to a fictitious fund and fake emails claiming to come from Singapore Prime Minister Lee Hsien Loong asking for donations for COVID-19.
Securing devices and applications
IT teams had a very small amount, if any, time to prepare for the acute spike in remote workers. Some employees were able to take their office computers home with them, while others are working at home with their own technology.
This surge in personal device use has created a host of new challenges, particularly for those organisations that did not have an existing bring your own device (BYOD) policy in place. In the rush to get connected, misconfigurations abound, and leaving new devices in their default (i.e. insecure) factory settings can put companies at risk. Attackers look for these situations to gain a foothold in organisations. The Singapore Computer Emergency Response Team (SingCERT) shared that opportunistic cyberthreat actors are capitalising on the current situation to conduct malicious activities by exploiting vulnerabilities in solutions, or unsecured networks, to gain unauthorised access to users' data or the organisation’s network.
In addition, as we rely more on messaging and conference calling applications to keep us connected, attackers are exploiting vulnerabilities in these systems too. Whether it is “Zoom bombing” attacks, where uninvited attendees break into and disrupt Zoom meetings, or targeting application credentials stored in web browsers, compromising popular web-based applications has become a dangerously organised effort by attackers. Singapore recently suspended the use of Zoom by its teachers for a brief period following, “a very serious incident” during a home-based online class activity.
Securing connections and access
Many organisations have never stress-tested their systems for an event like this. As hundreds of thousands of employees try to connect using virtual private networks (VPNs) to send and receive data, they log into their VPNs using home Wi-Fi networks, which are often unsecured and unmonitored. Attackers can easily infect these Wi-Fi routers with malware, making all of the household’s connected devices vulnerable. To plug such gaps, Singapore’s Cyber Security Agency (CSA) has proposed introducing a Cybersecurity Labelling Scheme (CLS) for home routers and smart home hubs as part of their efforts to increase awareness about using secured products.
At the moment, security teams struggle to maintain visibility into what these users access (e.g. at what time and for how long) from various remote locations. Many organisations have also shifted responsibilities and deployed workers to perform additional or different tasks to cover departments that may be shorthanded. Some of these workers have been given elevated privileges that they have never had before, often without the requisite security policies in place (i.e. automatic provisioning and de-provisioning credentials). This makes it easy for attackers to exploit the access typically granted to a powerful insider to gain control of the overall infrastructure.
The security issues CISOs in Singapore and across the world face today are not new, they are more acute than ever before. While we often talk about this “new normal” as temporary, it is very likely that it will persist long after the current situation has passed.
No matter what the future holds, the actions taken by organisations today will inform what our collective tomorrow looks like. Start by remaining hyper-vigilant and maintaining strong cybersecurity practices. From there, security leaders can begin planning for the long term by redefining how to approach risk across people, processes and technologies.
*Stop-work orders are legal requirements for a business to cease operations.
Within a short time, business as usual has become anything but the usual. Millions of workers worldwide have shifted to remote work. Many have been redeployed to focus on evolving business priorities, and others face general uncertainty about the future of their jobs.
In March 2020, Singapore's Ministry of Manpower announced that companies that do not allow telecommuting wherever possible may be issued a stop-work order* as a means to enforce remote working. As IT teams work around the clock to execute business continuity plans, cyberattackers have been working just as hard to exploit weaknesses in the current environment.
CIOs and chief information security officers (CISOs) must find the best ways to manage the current situation, while keeping employees safe and productive. As they navigate this new normal, three fundamental areas are emerging as key priorities for security leaders across people, processes and technology.
Securing people
While remote work was growing in popularity before it became a necessity, there are still many people across industries including government, finance and education who have never had to work in this manner before. They are forced to navigate a completely different way of getting their jobs done. At the same time, they are homeschooling their children, caring for aging parents, poring over the Internet for the latest news on the unfolding situation, and trying to snag an elusive time slot for grocery delivery. Needless to say, with everything else on their minds, security can be an afterthought, and attackers know this.
Attackers have launched a wave of phishing, ransomware and social engineering campaigns, taking advantage of the confusion and distractions. Some attacks that made headlines recently include scammers impersonating World Health Organization (WHO) email addresses to shift donations to a fictitious fund and fake emails claiming to come from Singapore Prime Minister Lee Hsien Loong asking for donations for COVID-19.
 |
| Goh. |
IT teams had a very small amount, if any, time to prepare for the acute spike in remote workers. Some employees were able to take their office computers home with them, while others are working at home with their own technology.
This surge in personal device use has created a host of new challenges, particularly for those organisations that did not have an existing bring your own device (BYOD) policy in place. In the rush to get connected, misconfigurations abound, and leaving new devices in their default (i.e. insecure) factory settings can put companies at risk. Attackers look for these situations to gain a foothold in organisations. The Singapore Computer Emergency Response Team (SingCERT) shared that opportunistic cyberthreat actors are capitalising on the current situation to conduct malicious activities by exploiting vulnerabilities in solutions, or unsecured networks, to gain unauthorised access to users' data or the organisation’s network.
In addition, as we rely more on messaging and conference calling applications to keep us connected, attackers are exploiting vulnerabilities in these systems too. Whether it is “Zoom bombing” attacks, where uninvited attendees break into and disrupt Zoom meetings, or targeting application credentials stored in web browsers, compromising popular web-based applications has become a dangerously organised effort by attackers. Singapore recently suspended the use of Zoom by its teachers for a brief period following, “a very serious incident” during a home-based online class activity.
Securing connections and access
Many organisations have never stress-tested their systems for an event like this. As hundreds of thousands of employees try to connect using virtual private networks (VPNs) to send and receive data, they log into their VPNs using home Wi-Fi networks, which are often unsecured and unmonitored. Attackers can easily infect these Wi-Fi routers with malware, making all of the household’s connected devices vulnerable. To plug such gaps, Singapore’s Cyber Security Agency (CSA) has proposed introducing a Cybersecurity Labelling Scheme (CLS) for home routers and smart home hubs as part of their efforts to increase awareness about using secured products.
At the moment, security teams struggle to maintain visibility into what these users access (e.g. at what time and for how long) from various remote locations. Many organisations have also shifted responsibilities and deployed workers to perform additional or different tasks to cover departments that may be shorthanded. Some of these workers have been given elevated privileges that they have never had before, often without the requisite security policies in place (i.e. automatic provisioning and de-provisioning credentials). This makes it easy for attackers to exploit the access typically granted to a powerful insider to gain control of the overall infrastructure.
The security issues CISOs in Singapore and across the world face today are not new, they are more acute than ever before. While we often talk about this “new normal” as temporary, it is very likely that it will persist long after the current situation has passed.
No matter what the future holds, the actions taken by organisations today will inform what our collective tomorrow looks like. Start by remaining hyper-vigilant and maintaining strong cybersecurity practices. From there, security leaders can begin planning for the long term by redefining how to approach risk across people, processes and technologies.
*Stop-work orders are legal requirements for a business to cease operations.
Comments
Post a Comment