In 2020, people worked from home in numbers greater than anyone could imagine due to COVID-19, and experts say that number will remain high even after a vaccine is available. Many employees enjoy the flexibility of remote work because the companies they work for have been hard at work shoring up security deficiencies and vulnerabilities that the pandemic brought to the forefront.
According to a survey from ISACA, 87% said the rapid shift to working from home increased the risk of data privacy and protection issues, and 58% said that threat actors will take advantage of the pandemic to disrupt organizations. That same survey noted that only about half are highly confident that their security teams can effectively detect and respond to cyberthreats during the pandemic.
There are many reasons for heightened vulnerabilities, including increased use of personal devices and tools, lack of effective monitoring and the tendency of companies to loosen application access rights.
“Working from home has opened multiple vectors for cyberattacks,” said James Kaplan, a partner at McKinsey in a recent post. “A broad shift toward work-from-home arrangements has amplified long-standing cybersecurity challenges: unsecured data transmissions by people who aren’t using VPN software, weak enforcement of risk-mitigating behaviors, and physical and psychological stressors that compel employees to bypass controls for the sake of getting things done.”
These factors have led to much greater vulnerabilities and attacks, including phishing and malware, credential stuffing, ransomware, remote desktop protocol (RDP) targeting and Distributed Denial of Service (DDoS) attacks. There has even been a rash of COVID and coronavirus-themed websites and more emails containing embedded URLs using keywords like COVID or Corona. According to Forcepoint, this is a serious problem; one week in March saw a 358% increase in these types of emails, versus the previous week. This uptick in cybersecurity threats has accelerated IT's need for measures like the zero trust model and stronger endpoint and network security.
Tackling COVID Cybersecurity Problems Head-On
While some companies had fairly good defenses in place before the pandemic, few had what it takes to truly protect their assets. As a result, companies have taken steps – some of them quite drastic – to keep their employees and corporate assets protected. According to Scott Crawford, a senior information security analyst at S&P Global Market Intelligence, almost half of large organizations have increased security spending specifically because of COVID-19.
Most of the security upgrades companies made this year were related to secure access. According to research from Cisco, secure access is the top cybersecurity challenge for most companies when supporting workers. Companies focused their money and time on these four areas in 2020:
The zero trust model: Instead of the traditional approach to user access, which basically allows users access to everything once they pass a few low hurdles, the zero trust model takes the opposite approach to access; it starts with access to nothing and widens that access as appropriate or required. This is a critical approach in remote work environments where so much is unknown. Nearly two thirds of organizations (60%) said they have accelerated implementation of a zero trust model during the pandemic, according to a report by Enterprise Management Associates (EMA). According to a Forrester report from October 2020, 76% of decision-makers said their organizations intended to accelerate their shift to the zero trust model in the midst of the COVID-19 pandemic.
Endpoint security: Along with adoption of a zero trust model, this has been a huge area of growth in 2020, and with good reason. Half of respondents to the Cisco survey said endpoints, including corporate laptops and personal devices, are difficult to protect in remote environments. Companies have addressed this issue in various ways, with most implementing some type of endpoint detection and response (EDR), managed detection and response (MDR), or extended detection and response (XDR). These technologies can enhance packet-level visibility across on-premise, hybrid and cloud infrastructure, noted Amy Blackshaw, director of product marketing at RSA Security.
Network security/secure connectivity: Ensuring secure connections to both on-premise and cloud resources are critical to effective cybersecurity. Because most home networks don’t have business-grade network security, many companies have turned to secure VPNs, which create a secure tunnel from the user’s device to the corporate network. Others opt for zero-trust network access (ZTNA), which is also described as a software-defined perimeter. ZTNA provides secure access to applications without requiring users to be on the network, using a broker to verify user identify, context and adherence to policies before allowing users to access assets. According to research from Enterprise Management Associates, the COVID-19 pandemic has prompted 60% of enterprises to accelerate their adoption of this technology. Finally, a smaller subset of companies are adopting secure access service edge (SASE) solutions, which combine wide area networking and network security in cloud-based service delivery model.
Processes and procedures: When it comes to secure remote connectivity, technology only goes so far. Human security practices – as defined by company procedures -- are also important. To bridge the gap, companies are insisting on multi-factor authentication and some are temporarily disabling unused services to reduce the attack surface and allow for more bandwidth. They are also upgrading and enforcing strict policies that include discouraging employees from using streaming services or social media through a corporate VPN.
As organizations continue to define their version of the “new normal”, they will inevitably continue changing their technology mindset to incorporate ongoing, long-term secure remote work. The zero trust approach is expected to factor heavily into future security plans. Other steps worth taking include enabling security operations teams to investigate issues regardless of where analysts are located and incorporating behavior analysis, Blackshaw added.