Global Disruptions: Closing the cybersecurity gap quickly
Global disruptions like the COVID-19 pandemic has had a dramatic impact on Australian businesses and government organisations of all sizes. As Australian government legislation changes almost hourly, employees are being directed to self-quarantine and maintain social distance to limit the spread of the infection. Ultimately, that has led businesses across all industries to implement mandatory work-from-home protocols.
Thankfully, we live in a country with fairly generous internet access and we have the technology to work remotely in many cases with minimal disruption. However, the sudden spike in remote workers resulting from the Coronavirus response poses some unique cybersecurity risks for companies of all sizes and risks compliance breaches including the “Notifiable Data Breaches Scheme”.
Maintaining visibility and effective cybersecurity for an increasingly mobile workforce is crucial for many organisations already struggling to deal with the complexity of a hybrid or multi-cloud environment. Companies face a hugely expanded perimeter with the subsequent surge in the number of users connecting and accessing sensitive data from home over the public internet via sudden, unsecure remote working arrangements.
As the number of people logging in remotely or connecting to cloud-based SaaS (software-as-a-service) applications rises, the attack surface broadens. Organisations have an exponential increase in the number of endpoints across BYOD, cloud, mobile and desktop channels.
Cyber adversaries are not slowing down due to the COVID-19 pandemic. Much to be expected, significant increases in cyber-attacks are happening daily with adversaries capitalising on the chaos.
Closing the Cybersecurity Gap;
Assuming you suddenly have a large number of employees working from home, your risk profile runs across compliance, data governance, cyber-attack and multi-cloud environments. You may have provided some basic cybersecurity awareness training at some point, but this is likely no longer relevant.
What will an attack on my remote workers look like?
Aside from a broad range of average attacks, cyber criminals take advantage of the situation by crafting phishing messages that look like warnings from the company, or external vendors that are part of the communications thread of the company. The combination of the unique aspects of suddenly working from home and the infinite amount of fear-inducing material will create confusion amongst your employees. Quick solutions to these are implementing a multifactor solution which will provide frontline defense.
Some basic rules to follow include:
- Remind users to be suspicious of emails from unknown sources and to not open file attachments or click on links. Stress to your employees that they are currently vulnerable to attack, and to have relevant protocols in place;
- Make sure that computers—whether company-issued laptops or personal home PCs—are patched and updated against the latest threats. Alternatively, look at a 24/7 Security Operations Centre solution that will patch your entire environment and run active endpoint detection and response;
- Verify that the devices used to connect to network resources or access company data have a multifactor or secure access token. As a Platinum Partner of RSA, we are able to offer a free SecurID MFA solution to new customers; and
- Emphasis to employees the importance of ensuring their home Wi-Fi router is not using the default password, and that they tether or use a secure wi-fi service before transferring crucial IP data.
If compromised or in a general maintenance state, the ability to quickly analyse an overwhelming volume of signals and data and identify traffic or actions that seem suspicious or unusual will enable IT teams to avoid alert fatigue and ensure that issues that require attention don’t slip through the cracks. Cybersecurity tools, machine learning and standard testing can cover this, however, it is not enough. The human element is imperative as well. You need cybersecurity experts with the skills and experience to recognise threats and malicious activity—to provide context and prioritise the issues that are most urgent. You also need to monitor around the clock because bad guys don’t keep normal business hours.
At a Glance; Cybersecurity starts at Home
Start by reviewing cybersecurity policies, training and standard procedures. Ensure all remote teams are briefed almost daily based on recent attacks, or government and/or company changes. Ensure that any devices, whether they be company issued or personal, have endpoint protection and multi-factor authentication. Consult with some specialists or look to leverage machine learning or user behaviour detection systems to actively look for suspicious or unusual activity.
The current situation has caught many companies and employees off guard across Australia. As we all come together as a global community to limit the spread of the virus and reduce the global impacts, organisations will have to adapt quickly to a new model with a mostly—or completely—remote workforce. With a focus on the basics and roll out of an efficient strategy, you can ensure that your workers remain productive without sacrificing security.
From cyberattacks to natural disasters to outbreaks of illness, business disruptions come in all forms. It’s why RSA and Loop are offering new customers the ability to securely extend the convenience of working remotely to their employees. For a limited time, you can get mobile multi-factor authentication (MFA) from RSA SecurID Access for free. You can now leverage push notification, biometric and one-time password authenticators to secure access to your cloud applications, on-premises systems, legacy systems, privileged accounts and more at no cost for 6 months.
RSA and Loop are in the business of offering peace of mind with its security solutions to help businesses move forward in times of business disruption.