Our last issue of Security Buyer looked at the need for stronger cybersecurity. With the lockdown and the increased necessity for remote working, cyber security risks have heightened and organisations must be vigilant to keep their data secure
The global pandemic of the Coronavirus, followed by the lockdown has forced businesses to re-evaluate the way in which they work, the structure, processes and security. When offices were told to close and remote working became the norm, we were thrust further into a virtual age.
A huge number of businesses have shifted their offices from buildings to home. But while remote working is great for allowing work to continue almost like normal, it does come with security risks. Using personal devices for work and connecting to unsecured networks are just two of those risks and possibly the biggest ones.
Offices aren’t just going to be able to return to normal as soon as lockdown is lifted. There’s guaranteed to be a transition of some kind, perhaps where half the workforce is in the office and the other half works from home and they alternate. That’s just one of the solutions being floated amongst senior management. But regardless of whether home working is a temporary, permanent, part-time or full-time solution, if it plays any part in a business’ return to work plans, then management needs to think about how they are going to keep their equipment and data safe from outside sources.
One issue involves a lack of authentication and authorisation. Because people are not seeing each other face-to-face, there is an increased need for two-factor authentication, monitoring access controls and creating strong passwords. There’s also a risk of increased attacks like phishing and malware, especially since employees will now likely receive an unprecedented amount of emails and online requests.
Moreover, remote working can effectively widen an organisation’s attack surface. This is because employees who use their own devices for work can introduce new platforms and operating systems that require their own dedicated support and security. With so many devices being used, it’s likely that at least some will fall through the security cracks.
Finally, these same security considerations apply to an organisation’s supply chain. This can be challenging, because often smaller companies lack the necessary know-how and human resources to implement necessary security measures. Hackers are aware of this and can start targeting third-party suppliers with the goal of penetrating upstream partners.
The Implications of human error
With less effective communication, organisations are unquestionably more prone to human error. When you’re not sitting next to the person you work with, the chances of making configuration mistakes that will expose security gaps are much higher. These cyber gaps can then be exploited by malicious actors.
IT departments are especially prone to error because they are changing routine and must open internal systems to do external work. For example, because of the shift to a remote workplace, IT teams may have to introduce network and VPN configurations, new devices, ports and IT addresses. Such changes effectively result in a larger attack surface and create the possibility that something may be set up incorrectly when implementing these changes.
The fact that people are not working face-to-face exacerbates the situation: Because it’s harder to confirm someone’s identity, there’s more room for error.
Eliminating third-party security gaps
As part of their third-party security strategy, organisations should take the following steps:
- Map all vendors along with their relationship to the organisation, including the type of data they access and process. For example, some vendors store and process sensitive data, while others might have access to update software code on the production environment.
- Prioritise vendors’ criticality. Some vendors are considered more critical than others in terms of the business impact they pose, the technology relationship with an organisation or even regulatory aspects. For example, a certain supplier might be processing all employee financial information while another supplier might be a graphic designer agency that runs posters of a marketing event.
- Gain visibility and control over vendors. This can be accomplished by using a solution to thoroughly assess vendors, preferably with a combination of scanning the vendor’s attack service along with completion of security questionnaires. With the shift to remote working, organisations should also be sure to include questions that assess vendors’ preparedness for working at home.
- Continuously monitor vendors’ security posture. Visibility and control require a scalable solution for the hundreds or even thousands of suppliers that organisations typically engage with these days. Organisations should ensure that their solution alerts of any changes in cyber posture and that they respond accordingly. For example, organisations may decide to limit access, or even completely close connections between the supplier and the organisation’s environment.
Aside from the remote working issues that have arisen, other forms of cyber attacks and threats have come to light, one of which is the Magecart style attack on tween retailer Claire’s. Cath Goulding, CISO Nominet comments on the issue and identifies why these attacks have become more frequent.
“Magecart style attacks have swept through the online retail world, Claire’s is only the most recent following British Airways and Ticketmaster, among others. Typically these attacks steal data entered into compromised online payment forms and, in this case, the cyber criminals had registered a malicious domain to appear as the original website but contain the malicious code. Particularly worrying here is the fact that the code was reportedly added to the website in April and remained there until June. This period coincides almost exactly with the height of lockdown measures and consequently many more customers than usual may have been visiting the website. This could have caused a much higher proportion of customers to be affected.
“To avoid these types of attacks it is essential for businesses to carefully monitor their network and proactively block suspicious incidents. They should also monitor their website for changes and maintain an inventory of the domains that they own. Brands can also monitor for similar domain names to their own, to allow them to more quickly respond if a malicious domain is set up to take advantage of their identity. Finally, for consumers, now is the time to change passwords and keep a close eye on your account. Until Claire’s has done its investigative work, impacted consumers may not be aware that their credentials have been compromised.”
See more news here.