Work-from-home dangers:
Watch out for cybercriminals waiting to pounce on the innocent
With more Jamaicans working from home, and more likely to do so in the coming months and years, Dr Evan hemans, head of Digital Business and technology Services – Fujitsu Caribbean, examines the thorny issue of how cybercriminals can affect organisations practising remote working globally:
The novel coronavirus pandemic is proving to be the biggest-ever test of how modern and flexible working practices are enabling employees to stay productive and work anytime, anywhere, on any device. Consequently, this increase in remote working poses a challenge not only to workers, but has also impacted the cyber-risk profile of organisations globally.
According to the Society for Human Resource Management’s COVID-19 Business Index, between 62 and 64 per cent of Americans are now working from home, compared to seven per cent before the emergence of pandemic. Accessing data outside the secure network perimeter opens up unprecedented “attack surfaces” for cybercriminals and creates a huge amount of additional vulnerability for organisations. With this in mind, what are the risks that businesses need to look out for when they deploy remote working practices, and how can they be mitigated?
CAPACITY ISSUES
Capacity might sound like a simple consideration, but it is significant. Mobile workers use virtual private networks (VPNS) to access corporate networks, but VPNS put considerable strain on organisational resources, necessitating having enough licences for secure remote access.
During business continuity and disaster recovery planning, organisations should carefully consider capacity factors, including licensing and bandwidth availability, so that they are prepared for any unexpected surge in demand.
To securely allocate web traffic to cloud applications, IT decision-makers should consider using Cloud Access Security Broker (CASB) solutions to manage the demands, while maintaining security monitoring and security policies to ensure that users and applications are properly protected.
Enterprises may also wish to leverage the security functions they already have available to them through the existing services that they already consume, such as Microsoft Azure, as some of these may help to quickly alleviate challenges.
UNSECURED DEVICES
Today’s frequency of mobile security software updates requires devices to be regularly patched to maintain enterprise-wide security. This is especially relevant in bringing your own device (BYOD) scenarios, where native mobile device security software might not live up to organisational standards. Patches and updates address known security problems, which means that ignoring them opens new attack vectors for cybercriminals.
Businesses need to make sure proper patching processes are put in place to ensure devices are kept secure. This requires visibility of what is connecting to the network and a view into the state of health of those devices, including how recently they were last updated. Aligned to this, the process needs to have visibility of new updates coming from the hardware and software vendors to ensure these are applied as soon as they become available.
Another consideration is Zero Trust Network Access (ZTNA), which utilises several varying principles and technologies and adopts a holistic approach to network security. According to Gartner, “Recent movements to largely remote workforces have accelerated the adoption of Zero Trust Network Access to address the hardware and bandwidth limitations of traditional VPN access.”
In short, ZTNA provides security on three levels. Firstly, the login, where the sender’s log-in credentials are authenticated. Secondly, there is a health parameter check, where the device that is being used to access the network is checked to ascertain if the security patches are up to date and that the device has not been compromised. And, thirdly, encryption, the user only gets to this stage after they have successfully passed the previous stages, where encrypted data is sent to the user with public key; therefore, this information is accessible only to the user. In other words, only the user with the keys will be able to decrypt the data.
SUSPICIOUS BEHAVIOUR BECOMES DIFFICULT TO MONITOR
As remote working, by definition, takes place outside
the confines of the corporate security perimeter, it disrupts the baseline working patterns that enterprise threat analysts need to look for. If logging in at 11:00 pm is an option, then security analysts need to be aware of this pattern “as a new normal” when analysing suspicious behaviour. This will allow them to reset the baseline of normal access behaviour, instead of flagging remote access that’s outside of the “old normal” as suspicious.
Restricting employees’ flexible access patterns while they are trying to work remotely is counterproductive. Instead, organisations need to consider how to monitor behaviours in a way that can compensate for unusual but legitimate remote access situations.
User and Entity Behaviour Analytics (UEBA) tools provide enhanced visibility and reporting of user behaviour. These tools also deliver the contextual awareness that threat analysts require to establish whether or not a given behaviour is suspicious, freeing up analysts’ time and resources to deal with the real threats quickly and effectively.
ATTACKERS EXPLOIT MOBILE DEVICE USAGE BEHAVIOUR
Research shows that users are more likely to respond to phishing e-mail on a mobile device. This is possibly due to the limited device screen size, as this makes it harder to spot the tell-tale warning signs of a phishing e-mail. This could also be due to behavioural attitudes, where users tend to use mobile devices on-the-go to check and respond to e-mail.
Phishing and smishing (phishing via SMS) attacks also tend to exploit users’ trust of native and commercial social networking apps. In light of the current global events, an increasing number of cyber campaigns are currently being launched through SMS and consumer apps, like Whatsapp, to exploit the fears of vulnerable mobile users who are anxious for more information about the coronavirus outbreak.
Moreover, because most mobile users tend to have multiple e-mail accounts on one device, any oversight of phishing attacks on personal e-mail accounts could adversely impact organisational networks if the enterprise device gets compromised.
Since the risk with social engineering lies primarily with the people using mobile devices, the solution is clear — rigorous education around mobile device usage policies, with clear guidelines on the acceptable use of consumer applications and personal e-mail accounts on corporate and BYOD resources.
PHYSICAL DEVICE BREACHES
Using a mobile device for work — handy and practical as it sounds — also carries the risk of being lost, stolen, or compromised. Devices lost or left unattended in public spaces, even with strong encryption and protection, present a direct and significant security risk to enterprise data, both on the device itself and on organisational networks further afield.
As with protection against phishing, when it comes to physical device safety and security, mobile device users need to be educated on company policies and the responsibilities that come with using devices that have access to critical corporate data. Strong device encryption methods will provide some protection should a device become compromised or jailbroken, while remote device management capabilities would automatically remediate with a remote lock, device or enterprise wipe or other quarantine controls.
MALICIOUS APPS
As our personal and professional lives converge on mobile devices, users will inevitably download apps for personal use on corporate-owned devices. In addition, because barely anyone spends the time to read consumer apps’ privacy policies, there is a real risk that mobile users might inadvertently expose these devices to spyware and security vulnerabilities that can be exploited to access corporate data and systems.
Mobile device usage policies need to outline the acceptable terms of use to prevent data loss with app sharing permissions, app-level password enforcement and if required application whitelisting and blacklisting. Security teams should also routinely monitor devices to search for known malicious applications, and direct users to delete them immediately.
There is no doubt that enabling remote access to corporate resources while safeguarding the integrity of organisational systems is a tough balancing act for most IT decision-makers. However, leveraging the intelligent mobility management tools, analytics and insights that are available today, enterprise IT and security teams are now better equipped to provide their work colleagues with a secure remote access model, where the employee mobile working experience is optimised, productivity is maintained and the strain on organisational IT resources is contained.