?
editor’s question
AMIT SERPER, VP OF
SECURITY STRATEGY
AND PRINCIPAL
RESEARCHER AT
CYBEREASON
I
n every corner
of the world,
COVID-19 has
had an impact.
During these
unprecedented
times, there
seems to be little honour among
thieves as they continue to prey
on unsuspecting individuals and
organisations, including hospitals, first
responders and governments.
With much of the world in lockdown
and most businesses operating with the
new norm of a remote workforce, it’s
important to evaluate how businesses
are securing their infrastructure. When
sending people to work remotely, a new
set of security challenges arise.
A business may have sound security
measures in place to protect normal
course of business, but they cannot
simply be ‘cut and pasted’ and applied
to an increasingly remote workforce.
Telecommuting presents its own
unique set of security challenges,
including a number of environment
changes and increased reliance on the
digital world, all of which must come
into consideration. What devices will
employees be using and where will
they be using them? Could others have
easy access to information either in
physical proximity or through a shared
Wi-Fi connection? How will we share
information with each other and is that
source being proactively secured?
Let’s look at the challenge of
securing a remote workforce in
the form of a checklist:
VPNs: Many (if not most) organisations
are providing their employees with
VPN access to the company’s internal
network. While IT staff usually maintain
the network and keep it secured and
patched, people oftentimes neglect
VPN servers/appliances. We have all
seen this happening fairly recently with
multiple vulnerabilities discovered in the
summer of 2019 in PulseSecure VPN.
Giving your employees VPN access
helps maintain business continuity
but can also be disastrous if they are
misconfigured or unpatched. Make
sure that your VPN configurations,
Just like the
Coronavirus isn’t
taking a break from
infecting people,
neither is malware.
policies and software/hardware are
properly configured. Implement strong
identify verification and authentication
techniques and enable 2FA.
Raise Awareness: Attackers have
released many malware campaigns that
exploit the panic around Coronavirus.
As an example, one campaign is
masquerading as a Coronavirus infection
map. Remind your team that there are
plenty of websites, including the World
Health Organisation’s official website,
where you can get all of the necessary
information without having to download
any ‘software’. Make sure your employees
can tell which emails are officially sent
from company management.
Be Ready to Respond: Just like the
Coronavirus isn’t taking a break from
infecting people, neither is malware.
The Cybereason Nocturnus team has
already observed malware campaigns
leveraging the Coronavirus panic to
spread. Threat actors are crafting
ransomware campaigns around the
COVID-19 panic. It’s important to
double and triple check that all of your
backups are in place and that your
company has a rapid response program
that will allow you to recover quickly in
the case of a ransomware attack.
28 Issue 25 | www.intelligentciso.com