Bill Sieglein
Founder, CISO Executive Network
As the COVID-19 pandemic exploded in March of 2020, cyber criminals were ecstatic. Bad actors saw the shift to work-from-home as an opportunity to exploit additional entry points to their intended targets — corporate and government computer systems.
Typically, corporations and governments have numerous layers of protection around the devices their employees use. Phones, laptops, tablets, and other mobile devices often have security applications on them and are monitored on the corporate network.
But the speed at which companies had to transition to remote work left them exposed from a data security perspective. Many had to allow workers to use personal devices and laptops with no corporate protections on them. Those devices were likely to be shared with family members and were on unsecured home Wi-Fi networks.
Additionally, at-home workers worried about the pandemic might be more tempted to click on an unfamiliar link if it promised information about the COVID-19 virus, where to buy masks, and access to the latest information from state officials. The weakest link of all security controls happens to be humans.
During this time, some alarming data breaches have surfaced, including ransomware attacks, a preferred method of hackers. Companies may have to pay the ransom to get access to their own data in order get back to business, and they will probably pay regulatory penalties and likely legal claims from class action lawsuits.
And the attackers are not small-time activists or teenagers. They are nation states. Russia, China, North Korea, Iran, and many other countries are actively trying to exploit computer networks in the United States. In the third week of December, we learned of a massive attack allegedly conducted by Russian hackers against the U.S. computer company SolarWinds, which makes the computer networking and security software that many corporate and government agencies use. The attackers used the security software to breach networks undetected for almost two years.
With all this bad news, what can the typical end user working from home do to help? What can the information security team at your company put in place to lower the risk of successful attacks?
The number one method attackers have successfully used to gain unauthorized access to systems and networks is compromised user accounts. If they get your userID and password, they can simply login and look like a legitimate user, which makes them less suspicious.
Security solutions that track account behavior are aimed at this problem. User and Entity Behavior Analytics (UEBA) software can alert when a user account seems to be doing something unusual. Since so many attackers are using email phishing scams to obtain user credentials, UEBA is a good investment to track compromised accounts.
Users can do their part by not clicking on emails that look suspicious. Attackers are getting much better at crafting emails that look dangerously legitimate, fooling a lot of people. It only takes one person to fall for such an email to open the gates for attackers.
Overall, work-from-home has become the new normal for nearly all U.S. organizations. Securing this broadened attack surface will just add to the complex job CISOs have. The great news is that they are up for the challenge.