Introduction
The concept of the Remote Workforce has now become a reality
for the long term, going well into 2022, and possibly even beyond. While most
Cyber experts were predicting that a near 99% Virtual Workforce was possible in
a 4-5 years, it came to fruition in just a matter of two months, right when the
COVID-19 pandemic started.
Many businesses across Corporate America were not prepared
for the sheer gravity of this situation, and as a result, new Cybersecurity
issues have sprouted, especially concerning the intermingling of home networks
with corporate networks. As a result, this has exposed confidential information
and data to being easily heisted by malicious third parties.
There are other data security issues as well that have come
about recently, and this is the focal point of this article.
The Main Issues
1)
The use of the Virtual Private Networks
(VPNs):
The VPN has normally been one of
the most relied upon tools in which to transmit confidential information/data
across a network connection. While this technology has been designed to support
a workforce that works remotely about 20-30% of the time, it simply has not
been able to keep up with the magnitude that became necessary beginning in March
of 2020. Because of this, the total number of brute force attacks has escalated
to levels never seen before. For example, these kinds of security breaches now
make up for at least 45% of the cases that Incident Response teams must respond
to (SOURCE: 1). This kind of attack is carried out in almost the same fashion
as it would be against a server. For example, the Cyberattacker targets a
specific portal that is associated with a VPN, and completely overwhelms it
with hundreds of phony authentication requests, making use of an already
heisted list of credentials (most likely purchased from the Dark Web). Once the
right username/password combination has been found, the Cyberattacker then has
a quick and covert way to access into the lines of communication and hijack
proprietary information/data that is in transit. Worst yet, this point of entry
can be used to leverage lateral movements into other corporate networks, in an
attempt to hijack the Personal Identifiable Information datasets of employees
and customers for further exploitation.
2)
Lack of company issued equipment:
In the rush to get employees to
work remotely as quickly as possible, many organizations were under a severe
time crunch in order to issue equipment that had all the necessary protocols
installed onto them. As a result, many devices were not set up properly, or
remote employees were not given anything at all. Because of this, during the
interim, people have been using their own personal devices or smartphones to
conduct their daily job tasks. This, of course, has been a huge security risk
because of the lack of security controls that are on them. It could also mean
risking further exposing confidential information and data to levels that are
totally unacceptable.
3)
The use of the Cloud:
Over the course this year, many
businesses have also realized some of the strategic benefits of using a Cloud
based platform (such as that of the AWS of Microsoft Azure) in which they can
move their entire On Premises Infrastructure into. While these providers do
offer an extensive suite of tools that a company can use to protect their
virtual databases, the problem now comes to a matter of proper configuration. In
these cases, the default ones are used, which are often not compatible with the
security requirements of the organization, thus offering a new backdoor for the
Cyberattacker to penetrate into, to heist confidential information and data.
4)
The use of insecure networks:
When restrictions were eased up during the summertime,
many remote employees started to work in public places, such as that of
Starbucks or Panera Bread. While these venues do offer internet connectivity,
they are very often insecure, as they offer no level of encryption whatsoever. Rather
than using a secure connection, the tendency was to use these public
connections in order to carry out work related duties. As a result, all the
information and data that was transmitted back and forth were done so in a
clear text format, making it quickly visible to the outside world. Or worst
yet, these venues are also the perfect places in which a Cyberattacker can
leverage a Social Engineering attack. For example, a Cyberattacker can easily
pose as a patron, and engage in a conversation with a remote employee. Even if
a secure network connection was established, a data packet sniffer could easily
be covertly hidden in a clothing pocket so that the data packets can be
captured, and the information residing in them could be exfiltrated at a
subsequent point in time.
5)
The lack of proper patching:
Before the COVID-19 pandemic hit,
companies (for the most part) maintained a fairly normal schedule of applying
the needed software patches and upgrades to all of the servers, databases, and
employee devices. But with many remote employees now using their own home-based
networks in order gain access to shared resources, it has almost become
impossible for IT Security teams to deploy these patches. After all, you cannot
force a remote employee to install something onto their home network if they
don’t want to. Many organizations are still trying to find a fix to this grave
issue, and in the meantime, the Cyberattacker has yet another easy way to get
access to your most critical information and data. This is due to the fact that
many remote employees still have not upgraded the security levels of their home-based
networks and rely upon just one password to protect them.
Conclusions
Overall, this article has examined some of the key areas in
which your mission critical information/data can be covertly hijacked without
even you knowing about it, until it is too late. But if your company is
unfortunately hit with a security breach, you still owe it to your key
stakeholders to conduct a thorough examination of what has happened and
ensuring it can be mitigated in the future.
One way to do this is to conduct a Forensics investigation,
led by a team of experts.
No comments:
Post a Comment