Boy, its hard to believe that we are mid-way through May now. Even with the COVID19 craziness, time is sure going by fast. Hopefully with this, perhaps a sense of normalcy will also be returned quickly to the United States even before we know it.
Over the course of the last couple of months, I have been trying to write about security issues that have relevance to COVID19 but are not necessarily a pure regurgitation of what the news headlines keep repeating ad nauseum.
Yes, we have all heard about the Zoombombing, Phishing Emails, and Spoofed websites. That was long around even before COVID19 hit, and even after this pandemic starts to go down, these topics will still always be with us, for a long time to come.
But the work from home (WFH) still remains to be a puzzle has yet to be solved. Although this is nothing new either, the speed by which almost 90% of the American workforce had to be mobilized to WFH was totally unprecedented.
Of course, nobody could predict the actual severity of COVID19, but many businesses simply did not have the right plans in place in order to grip with this new reality. I would think that by now, many businesses across Corporate America will now understand the ramifications of having some sort of Disaster Recovery and Business Continuity Plan in place in order to deal with a huge emergency crisis like this, if it ever happens again.
I have talked to a number of my key clients as well as prospects who are now making the headway back to their physical offices, and they have even shared with me some of the stories of what they think should have been done before their entire company went, for lack of a better term, remote.
Obviously, they wish they had the latest security protocols installed onto their company issued laptops and wireless devices, but another area in which they focused upon was how secure their network communications with other coworkers and colleagues were made secure.
Sure, the use of Virtual Private Networks (VPNs) have been widely used, and that does actually provide a rather robust sense of security, in that the network flow between your computer, or wireless device, and even vice versa, is actually made secure because you are communicating over an Internet connection that is basically invisible to the outside world.
But, in this regard, mostly everybody has actually forgotten about the actual endpoints of these network connections. In other words, the point of origination as well as the point of destination from which the VPNs start at and end at need to be made secure as well.
In fact, this has been a grave security issue even well before COVID19 hit. But it never got the attention in the media, and it is not until now that the IT Security teams across Corporate America are now starting to fully realize the gravity of this huge security weakness.
Because, as just mentioned, since this has been such an overlooked area, the Cyberattacker has often preyed upon this area of vulnerability, with unfortunately, a great amount of success. For example, if they can break through these endpoints, then this is a very prime endpoint for them in which they can easily then use to gain further entry deeper into both your IT and Network Infrastructures.
From there, all sorts of damage can be done, very often until is too late to really do anything about it.
So, what can be done to address this issue? Well, the long and the short of this is that you simply beef up your defenses at these various endpoint connections with some reliable security technologies from a trusted vendor.
But keep in mind that this is a low easier said than done, just given how everything is interconnected these days, especially with the evolution of the Internet of Things (IoT). So, what further steps can be done to help further fortify your endpoints? Here is a brief list that could be of great help not only to your IT Security team, but even to your business as well. So, here we go:
*Deploy security that is dependent upon each employee and implement a Zero Trust model:
OK, it sounds like that there are two parts to this, and yes, there are. First, let us look at what we mean by “Zero Trust”. As its name implies, it basically means that you trust nobody, even the employees with whom you might even have a close, working relationship. Yes, this sounds a bit harsh, but the reality is that this is what the world is coming to these days. In other words, when you let your guard down, this is when the worst could possibly happen. Also remember that if you do develop a close working relationship with some of your employees, the same feeling may not be reciprocated in return. In fact, they could even be planning to launch an Insider Attack in order by taking advantage of the friendly relationships that you have established with them. Now, the second component is that of the creating a security profile for each employee. This actually gets away from the traditional security model which stipulates that all employees have the keys to gain access to the central part of the golden kingdom, which are essentially, your corporate servers in which all of the shared resources can be accessed from. This can all be done by eliminating the one factor authentication that you are using right now, which is using the password as the primary means of access. Instead, as just described, create a separate profile for each and every employee that you have, and strictly implement the usage of Multifactor Authentication (aka MFA). This may sound a lot harder to do, but it is really not. If you use a Cloud based platform like Azure, you can quickly create these profiles with just a few clicks of the mouse through Active Directory. By doing things this way, you are implementing a much more decentralized approach, as well as even implementing the Zero Trust model. By taking this kind of approach, the chances of being hit are lesser, because the points of security are much more spread out, versus the traditional centralized approach.
*Get away from the hardware approach to protecting your endpoints:
Although I did mention a little bit earlier in this blog that you should protect your endpoints by making use of the various security tools that are available, this does not mean necessarily that you should only deploy hardware based solutions, such as more Firewalls, Routers, etc. It also means that you and your IT Security team need to look at those security solutions that are also software based as well. Again, this may sound a lot harder to do when you first hear this, but it is really not. If you have an Azure or even an AWS account, these two Cloud based juggernauts already offer a huge suite of solutions that you can deploy almost instantly at your critical network-based endpoints. When you first log in and see all of these services, it may be a bit overwhelming at first, and in this regard, you should probably hire out a good Azure Cloud Solutions Provider (aka CSP) that can handle this for you. I actually have been dabbling more into Azure, and I am completely blown away by how much they have to offer. I know for sure that they have a whole suite of solutions just strictly designed for networks and implementing the needed security protocols for them. Heck, you can even build out your own Virtual Networks, doing away with VPNs all together.
*Make use of just one, unified console:
Along with the centralized model of security just described, another traditional approach (but is now fading) amongst CIOs and CISOs alike is to deploy the latest security tools and technologies all across your lines of defenses. Although you may feel in good in the total amount of stuff that has been deployed, on the contrary, it is quite the opposite. The primary reason for this is that you have just greatly increased the attack surface for the Cyberattacker with all of these latest tools/technologies, and not only that, you have just exponentially increased the among of alerts and warnings that your IT Security team now has to filter through and triage. This is just a sheer waste of time, because of these warnings and alerts are just false positives. And to make things worse, if you have a ton of stuff from many different vendors, this just means that you will have that many more security consoles to deploy, as each vendor will have their own per their product lines. So, what can be done here? The answer is do not deploy so many security technologies and tools, just implement them where they are needed the most. And consolidate the number of vendors that you make use of. Perhaps just use a couple of them. In other words, get away from the old-fashioned way of thinking that there is “Safety In Numbers”, and instead, think more rationally of what is needed the most instead, and deploy strategically that way. This should help you create a console that is much more unified, and that your IT Security team will be able to see what is happening immediately from just a bird’s eye view. Remember, they simply do not have the time to go through 10 different consoles to see what is going on. They need to see things within a matter of a few seconds so that they can respond quickly. In this regard, it is highly recommended that you make use of what is known as a “Security Information and Event Management” (aka “SIEM”) software application. This tool can be interconnected with all of your security devices that you make use of, and can create that one, unified management console that is so greatly needed today. Best of all, most of these are Cloud based as well, thus making it not only quick to deploy, but very affordable as well.