Here we are and yet another week of the Coronavirus. From what I hear, it is supposed to get far worse in the coming weeks, but then, hopefully, things should start to settle down. Probably one of the best pieces of news will be if businesses can start to open their doors again.
This begs another question; is how do you maintain the balance from keeping the American economy from collapsing but yet to trying the best possible to contain the spread? I’ll leave that one up to the experts.
In our blogs from last weekend, we touched upon two areas in how Cybersecurity is being affected by the Coronavirus:
*The number of spoofed attacks that are taking place;
*The importance of Disaster Recovery, Incident Planning, and Business Continuity and the differences between them.
In today’s blog, we deal with the issue of remote working. Millions of workers are now displaced to work from home, or in another place where there is not a lock down. There have been a ton of articles and news stories about this, so I am not going to repeat what has already been said so many times.
But there is one topic in this realm that has not been covered, and that is the issue of software patches and upgrades. So here we go.
When times were normal just barely a month ago, businesses and corporations, if they were abiding by their Security Policy, pretty much had a normal schedule of checking for patches and upgrades, downloading them, and testing them in a sandbox environment.
If all proved satisfactory, they were then deployed into a production environment, such as the corporate servers, workstations, and wireless devices.
But now with everybody working remotely, this process has obviously changed around by a complete 360 degrees. So just what are some of the hurdles that the IT Security team is facing now in this regard? Here is a sampling:
*Because of the strain in the IT sources with the remote work environment, there is not much time to patch:
Because of the sheer amount of employees now working from their homes that happened so drastically, the Virtual Private Networks (VPNs) and the bandwidth that has been required to support them as well as the network lines of communication has come close to reach their breaking points. Really, nobody is to blame for this, as nobody was this expecting this pandemic. The bandwidth and the network resources were built to handle an optimal number of employees from working form home, not a huge, sudden explosion in them. As a result, many businesses and corporations are now scrambling to keep up with this, so that employees can still work from and be productive in their daily job tasks at the same time. Because of this, deploying the needed software patches and upgrades has literally taken a back seat to all of this, so now there are many devices out there that are wide open prey to the Cyberattacker. They know this and will at some point in time take advantage of it. But for right now, their minds seem to be on launching Phishing attacks and tearing apart Zoom. Also keep in mind that many of these devices that have been issued to employees to work from home were hastily configured, and thus they may not have many of the needed security protocols on them, making a grave situation even graver.
*There is a much-reduced visibility into the networks that the remote employees are logging into:
When an employee is working remotely, there is no telling where they might be working from. Unless you ask them directly, you will not know. But then of course, this could also be considered as an invasion of privacy. For example, they could be using an insecure Wi-Fi public hotspot, or logging in from another network connection which is also not secure. But given the circumstances right now, most remote employees are probably working from home, and using their home networks, which for the most part has some layer of security to it. But the downside of this is that the IT Security staff cannot gain access into these so-called private networks, unless they have been given the network name and the related password so that they could log in. But, depending upon how large the business or corporation is, this could mean many of them. And given the threat environment that exists today, nobody in their right mind is going to do that. As a result, it is almost impossible to even deploy the needed software patches and upgrades on an automated basis from a different location. Because of this, the attack surface for the Cyberattacker is increasing exponentially, in a very rapid period of time. This quote sums it up nicely:
“[I]t becomes incredibly hard to have any visibility or direct access into employees’ home networks due to the routers and firewalls in place that an organization does not control . . . this means it can be impossible for traditional patch management tools, which typically have administrative access to target systems and unrestricted access to the network segments corporate systems live on, to deploy patches to these remote systems.”
*There is a tendency for employees to use their own devices:
This phenomenon is also known as “Bring Your Own Device”, or “BYOD” for short. This is where employees use their own wireless devices and/or Smartphones in order to conduct their daily job tasks. Under normal circumstances, this kind of usage of personal devices is not well looked upon by Corporate America, but there are some organizations that have allowed it. But given the environment that we are in now, there is a much greater probability that your employees could be using their own, personal devices. As one can see, this poses a grave security threat, especially as confidential corporate files are transmitted back and forth, and as video conferencing takes much more of a precedence than ever before. The bottom line is that many of these personal devices simply will not have the adequate layers of protection on them that are typically needed.
*An excess use of Remote Access tools:
One of the most popular tools that have been used by both IT and Network Administrators has been the usage of the Windows based Remote Desktop Protocol, or “RDP” for short. This is where when somebody can access a remote computer, and virtually, gain access to the desktop in order to do any troubleshooting for the employee. But since late last year, the RDP (it is also network protocol) has come into the cross hairs of the Cyberattacker, in fact according to the FBI, is used about 70%-80% of the time when it comes to deploying Ransomware based attacks. This is also clearly exemplified by the use of Zoom. While it was a popular business tool to be used to remote meetings, it has now seen a level of usage that it has never seen before, and at unprecedent levels. Because of this, now this application is being pounced upon by the Cyberattacker. In an ideal world, the RDP should be used behind the wall of a VPN but given how the things are changing on a daily basis, this may not happen all of the time, resulting in a sloppy work being done. Also, this quote sums it up quite nicely:
“Without proper security measures, such as the principles of least privileges and proper MAC or IP filtering, the use of remote access tools can be… like leaving your house door closed but unlocked.”
My Thoughts On This:
One solution to be used here is the Cloud. Given the likes of both Azure and the Amazon Web Services (AWS), an IT Security team can quickly configure a Virtual Machine (aka VM) in order to push out the needed software patches and upgrades.
In fact, they can even be deployed across different devices; all the IT or Network Administrator needs to do is to get those devices registered into the VM. But then this brings up a whole new issue:
How to deploy your workforce remotely in a quick and expedient fashion if something like this ever happens again? This all comes down to preparedness, and practicing the plans as detailed at the beginning of this blog.
But in terms of technology, Corporate America will now be greatly awakened to using either Azure or the AWS for their entire IT Infrastructure, instead of having everything all On Premises.
The advantages to this abound, but one of the key ones is that all employees from a business or corporation can access everything they need to from one central place, with all of the security measures put into place.
But to the C-Suite and managers, now is not the time to be scolding your employees if they do not maintain the proper levels of “Cyber Hygiene”. This moment in time is a trying one for everybody, so just work with them, be their partner, and be their best friend to work out any issues or conflicts.