Coronavirus turns up the heat on cybersecurity projects
By Teri Robinson
Cybersecurity projects – even important ones – often languish, due to budget constraints, scarce resources or simply because they’re just lower priority in the long list of things that need to be done. But for all the havoc it’s wreaked, the Covid-19 pandemic has pushed many of these initiatives to the forefront where they’re gaining traction.
“We are entering a period of major economic transition, and even if things go back to exactly the way they were – which is unlikely – the transition period marks a point in time where there are distinct opportunities for a new and more aggressive type of cyberattack that is more interested in damaging or slowing business rather than the traditional goal of skimming money from many parties,” said Thomas Hatch, CTO and co-founder at SaltStack. “This makes NOW a much more critical time to harden the security of our systems.”
Indeed, as Joseph Carson, chief security scientist and advisory CISO at Thycotic, noted, “As most of the world is waking up to find themselves quarantined or social distancing, technology has given hope for many to stay connected and stay secure in light of the current situation,” contending that “any technology available today that helps employees with this transition to working remotely is going to see a huge acceleration and new innovations to help with likely see this becoming the new norm.”
Cloud migration. Still hesitant about moving to the cloud? Get over it. Managing a company and remote employees – and pushing out updates and apps – to a remote workforce is much easier and likely more secure from the cloud. “Obviously, the move to cloud-based applications, such as Azure Active Directory and Office 365, will reduce your reliance on your office VPN, but if your office-based staff haven’t had to use them remotely, then check that they have the authenticator application for the two factor authentication on their phone,” says Tim Rawlins. “And then test the systems before you have to rely on them in earnest.”
Locking down the supply chain. Most security teams worry about the security of supply chains – with good reason. Third parties have been the entry point for hackers into larger, more data rich companies. With all the companies connected along the supply chain, the risk grows greater. Now is the time to tighten requirements. Rawlins says start with asking “your suppliers what they might do to maintain their security in the meantime and encourage them to make incremental improvements in other areas to compensate – increasing logging. improving their patching, ensuring multi-factor authentication and enhancing their own.”
Recruitment. If it seems like the only companies hiring these days are food, grocery and delivery services, think again. While many organizations are trying to keep costs way down and have implemented hiring freezes, the security challenges raised by working through the pandemic might strengthen the pitch to aggressively pursue skilled cybersecurity professionals to add to your roster. But, that might be easier said than done. “New team members you had hoped to recruit may not be available, so think about how you might make up the numbers you need with virtual, remote, part time and contract staff,” said Rawlins.
Identity and access management. “For security, the increase need to authenticate and verify employees working from home, to ensure they have access to the applications and systems they need to keep the business operating, has seen the urgent need for Identity and Access Management (IAM), Multiple Factor Authentication (MFA) and Privileged Access Security become even more essential,” says Steve Durbin, managing director at the Information Security Forum (ISF).
Building in efficiency. “With the downturn in the economy due to COVID-19, we will see an extreme focus on efficiencies within an organization. The chasm between operation and security teams will quickly be removed as organizations eradicate the lack of efficiency that leads to on-going residual risk where an exposure has been identified, but because the tools used by security teams can’t remediate, they go unfixed,” says Alex Peay, senior vice president of product at SaltStack. “Moving into this time of contraction security and operations teams will need to work together to speed mean time to remediation, both to protect the business and also to drive down costs. This will require a cultural shift where these teams work more closely together and consolidation on tools that can both identify the risk and eradicate it.”
Expanded corporate network support. For the first time for many organizations corporate network support “is now completely in the wild,” says Durbin. “Triage saw security professionals supporting the roll out of remote access, remote set up, password distribution and authentication along with rapid implementation of VPNs and review of BYOD policies for home working and remote worker support across a worker population, many of whom had never worked from anywhere other than an office location.”
Patch management. The already thorny challenge of patch management just got even more difficult to do remotely even as the organizations and the data and employees security teams are charged with protecting come under increasing attack. The virus has obliterated any justification for procrastinating. Time to come up with an improved and comprehensive patch management strategy – top management doesn’t want to be a headline, especially in this sensitive time, after an unpatched vulnerability is exploited by miscreants. They’re more likely to loosen the purse strings to support your plan.
Security awareness and cyber hygiene. Both terms get thrown around a lot but in truth many companies have given them short shrift, not wanting to pump dollars into training employees and establishing good habits. Now that employees are working remotely, the importance of both is undeniable. Expect these to include access management and security awareness.
Threat monitoring. “As the cybercriminal fraternity also ramp up their efforts to make a dollar out of the crisis, security will need to be even more vigilant around threat monitoring and unauthorised access and unusual behavior on networks,” says Durbin.
IoT security. “With many coffee shops and restaurants now having closed, the access to corporate systems from public Wi-Fi issue will diminish but will be replaced by potential sharing of devices in the home and the need to ensure that basic cyber hygiene principles are being followed – router password changes, home assessment of IoT devices all jump onto the agenda along with a requirement for security to trust that suggested measures for access are actually being followed,” says Durbin. “Trust, but verify now becomes the new normal in this remote working world that we’ve been forced to embrace.”
Securing remote computing. “It’s likely that many companies will be working to implement secure remote working strategies as part of long-term planning as a result of the pandemic,” says Charles Ragland, security engineer at Digital Shadows.
Zero trust networking. Lots of buzz has surrounded zero trust and the industry is moving in that direction. The pandemic offers the chance to accelerate its adoption. “It is one set of solutions that may start to gain more traction with the increase of remote workers,” says Ragland.
Social media compliance.Even the tightest social media policy might be challenged as the bulk of the workforce works from home. “There is a growing movement of showing off your ‘work from home’ setup on social media, and this can lead to operational security issues,” says Ragland.
While cybersecurity initiatives are rising to the forefront, companies must proceed with caution. “They key takeaway right now is that implementing large scale changes in uncertain times may be difficult,” says Ragland. “Even large companies like Google are having trouble doing business as usual, having just announced a delay for security updates on some of their most popular products.”