Organizations that rushed to implement WFH back-end solutions should dispense with the complacency and take stock of overlooked cybersecurity lapses.
在大流行开始时, as employees shifted from working in corporate offices to their homes, many companies rushed to expand their remote-working capabilities.
同时, threat actors were developing sophisticated phishing campaigns designed to take advantage of the fear and uncertainty caused by the pandemic.
展望未来, a significant number of people will likely continue to work from home on a full- or part-time basis. This reality is forcing cybersecurity professionals to review or reconsider their current cybersecurity operations.
技术转移
When employees use both personal and corporate devices to access corporate networks from disparate home locations, 网络安全产生了两个主要影响.
- 第一个, devices used to access corporate resources and information are dispersed across a non-homogeneous set of home networks, essentially creating untrusted network connections to the corporate network. This means that critical systems housing sensitive information are now potentially being accessed by personal laptops with limited baselines for virus checking, 安全更新或恶意程序或病毒. 此外, connectivity of these devices to the corporate network is not persistent, leaving less time (or inconvenient times) to execute security activities such as after-hours software patching.
- 第二个, the threat landscape may be evolving to increasingly target popular Internet-Of-Things (IOT) devices, 比如个人电脑和手机, to internet-connected appliances like smart TVs and smart cameras. The Work-From-首页/Anywhere environment has also increased opportunities for threat actors to use these devices to remotely gain access to personal or work-issued computers used.
In all the rush to implement remote-access solutions to enable remote-working, many cybersecurity considerations may have been accorded less priority over business survival. However, now is the time for organizations to review their current cybersecurity practices.
"By focusing on increased scanning and patching and multifactor authentication while reviewing anomaly-based monitoring capabilities and pandemic processes and controls, firms will be more resilient to future threats and risks."
四种后rush网络安全策略
While short term enhancements to remote-working ensured continued operations and minimized disruption at the onset of the pandemic, now is the time to fully assess the longer-term implications of current remote-working cybersecurity and business resilience levels.
- Increased scanning and patching of critical applications and infrastructure
Given the rise of employees that rely on virtual private networking (VPN), security professionals will want to identify and remediate hidden threats quickly. Prior to the pandemic, VPN access supported a small number of simultaneous users. The workforce displacement created by the pandemic has the majority of users simultaneously connected to this infrastructure. Any outage to this infrastructure has the potential to disrupt critical business operations.
- Considered strong or multifactor authentication for critical applications
Critical applications may be accessed through home networks with different threats and security 帖子ures. While the introduction of a new authentication scheme is not a trivial task, it should be considered as a possible addition to a company’s security toolkit to enhance protection of valuable information assets.
- 审查基于异常的监控解决方案
Increased VPN usage will change observed network traffic patterns and may require companies to develop new baselines for normal traffic. Cybersecurity professionals may need to re-evaluate the effectiveness of current monitoring strategies.
- 审查大流行过程和控制措施
The pandemic required some companies to onboard applications and services in an abbreviated manner to support the need for employee and business productivity. 另外, certain controls were relaxed to support employee requirements, such as home printing and remote-working applications were adopted to support meeting and conference needs. These new or modified processes and applications should be reviewed to fully understand where cybersecurity processes and controls can be enhanced to continually improve cyber-protection.
随着COVID-19大流行的肆虐, 网络安全风险和威胁将继续演变, and our ways of working will continue to develop over time.
By focusing on increased scanning and patching and multifactor authentication while reviewing anomaly-based monitoring capabilities and pandemic processes and controls, firms will be more resilient to future threats and risks.
本文首次发表于 CybersecAsia.