Mapping the threat landscape in 2020

The global pandemic, COVID-19, has caused some of the most significant disruptions to the way we work and live that we’ve seen in generations. As one UN report found, close to a third (27 per cent) of workers in high-income nations have the capacity to work from home, and through the pandemic close to that entire demographic would have shifted entirely to remote work.

Furthermore, research shows that there will be no reset – these working shifts are permanent. Some workers currently working from home will return to office environments post-pandemic, or will shift to a hybrid model of spending some time working from home, and some time in the office. But others will not return to the office. Many simply will not want to, and Gartner found that 41 per cent of employees are likely to adopt remote work as a significant part of their working experience going forward.

On balance, this is good for organisations too. Benefits of enabling a flexible working environment include lower expenses, greater access to applicants, better productivity, improved employee satisfaction and retention, and better disaster preparedness and business continuity. And yet for these benefits there are also some very significant security risks that organisations need to face and, with the haste of shifting to remote working, organisations and CSOs have been scrambling to catch up to this challenge.

“In our view, some organisations have been more prepared for the shift than others,” Demetrios Georgiou, regional director for Bitdefender ANZ, said. “Many of the businesses that we work with globally already had some capabilities like patch management, VPN, email security, and EDR in place which gave them an advantage when working from home became the norm.”

Understanding the changing nature of work and security

Security professionals are feeling the pinch; Bitdefender research shows that 81 per cent of security professionals believe that COVID-19 is going to change the way their business operates in the long term. They are also reporting an increase in the number of attacks, and those attacks are occurring across a wide range of verticals. The top five sectors that are expected to experience the greatest increase in cyber attacks through COVID-19 are:

Financial Services (43 per cent) Healthcare and telemedicine (34 per cent) Public Sector (29 per cent) Retail (22 per cent) Energy (20 per cent)

The common thread across these sectors seems to be one of preparedness; a full half (50 per cent) of security and IT professionals reported that their organisations didn’t have contingency plans in place (or weren’t aware of any) prior to COVID-19 disrupting the business.

This has led to something of a scramble by CSOs to “catch up”, with the alternative to not working from home being that the organisation be unable to operate at all. For example, those organisations that have made changes to their security strategy in response to the remote work shift have focused almost entirely on enablement and policy:

  • Provided VPN and made changes in VPN session lengths (22 per cent)
  • Shared with employees a comprehensive guide to cybersecurity and working from home with pre-approved applications and content filtering (20 per cent)
  • Updated employee cybersecurity training (19 per cent)
  • Started providing additional IT support online (18 per cent)
  • Installed all the latest patches before people started working from home (17 per cent)

These were all essential steps in the immediate term for getting people able to work remotely in the first place, however, moving forward organisations and CSOs will need to take a deeper look at building more robust security environments.

“We’ve been fielding a lot of enquires from our partners and SMBs around best practice and what they should be doing to stay secure with the changes.” Georgiou said. “Some were more exposed than others and had a bit more of a learning curve, we’ve managed to assist on all levels by taking a look at what they’ve already implemented, what their environments looked like and what solutions could help them beef up their security.”

COVID-19: Exposing cybersecurity vulnerabilities of remote employees

It should come as no surprise that the biggest increase in cyber attacks that have been observed through the pandemic are phishing or whaling attacks (26 per cent), ransomware (22 per cent), social media threats and chatbots (21 per cent), cyberwarfare (20 per cent) and trojans (20 per cent). Efforts to attack the network itself, such as DDoS and cyberespionage, saw increases too, but malicious actors understand the opportunity that a shift to working from home brings them. It means a proliferation of consumer devices accessing the network, over off-the-shelf, consumer router/modems, and IoT devices with minimal security protocols, such as printers.

The idea that the employee is the target in this new way of working is further supported by the concerns that security IT professionals and executives have, in that four of the top five top concerns are all being directly concerned with the behaviour of workers:

  • Employees feeling more relaxed about security issues because of their surroundings (34 per cent)
  • Employees not sticking to protocol, especially in terms of identifying and flagging suspicious activity (33 per cent)
  • Employees falling prey to phishing and/or whaling attacks (33 per cent)
  • A serious data leak unwittingly caused by employees (31 per cent)
  • Bad actors targeting people working from home with malware and ransomware (25 per cent).

What robust remote security solutions look like

Shifting to remote work opens several potential security vulnerabilities. Some are obvious, but others are more subtle and potentially slip notice until it is too late. As a recent Bitdefender feature notes, some of the main vulnerabilities opened by remote work include:

  • Policy and human error: Ensuring that workers understand the importance of VPNs (and why they should use company-sanctioned VPN services), as well as the risks inherent to using consumer-grade technology at home for work is critical, particularly given that the IT and security teams aren’t able to be physically present at an employee’s home. Research shows that in 2019, close to one-fifth of security breaches were due to human error. That percentage is likely to increase as more people work from home.
  • The need to adopt cloud services: For remote working to be successful, organisations need to open their network up to remote access – and this includes data that is potentially highly sensitive and was previously held tightly within an offline network.
  • Collaboration vulnerabilities: Even with VPNs, the increased use of video conferencing and other collaboration tools open new vectors for attack. This is particularly the case if someone has logged into a public Wi-Fi hotspot.
  • Monitoring of the network: Many organisations have found that the awareness of what is occurring to the network is not up to the required standard in terms of real-time monitoring and analytics capabilities, and upgrading the network security solution to be continuous, real-time, and automated is a key priority in enabling secure remote work.

As Bitdefender research shows, the top five learnings that security and IT professionals will take away from the COVID-19 shift are the need to provide 24/7 IT support (31 per cent), increase the training in IT security for employees (31 per cent), developing better visibility of weak spots within infrastructure (28 per cent), following the implementation of new security policies as a higher percentage of employees will be able to work remotely (27 per cent), and to address the need for quick endpoint risk assessment tools (24 per cent).

Bitdefender solutions, such as Managed Detection and Response (MDR) and GravityZone Ultra, are tailored to meet the kinds of security challenges that organisations face as they shift to remote working environments.

“At Bitdefender we cover a wide gamut of security,” Georgiou said. “For example, one of the latest services that we’ve seen become increasing useful is our NTSA service which monitors networks for possible threats utilising machine learning and behaviour analytics to detect attacks early on and enable effective threat response.”

Learn more about Bitdefender MDR

Preparing for the next level of the cloud

The changes to the way that we work have been dramatic, but they are also nothing that was not already occurring. COVID-19 accelerated existing trends, rather than introducing new ones.

As a McKinsey report states: “For many companies, the only option is to accelerate their digital transformation. That means moving from active experimentation to active scale-up supported by ongoing testing and continuous improvement.”

So, even putting aside the shift to remote work, organisations are being pushed by market forces to move from siloed network environments to more flexible cloud-based environments as part of their digital transformation strategies. As a report on CIO notes, digital transformation “marks a radical rethinking of how an organisation uses technology, people and processes to fundamentally change business performance,” and one of the most common applications of that is to open up the collection and use of data across the organisation to drive a better customer experience in interacting with the enterprise.

This instantly raises red flags for security, however, as opening access to data also increases the risk that that data may become compromised. The challenge that CSOs face is that security is seen as an inhibitor to the very outcomes of digital transformation – that of business agility and access to data and applications.

A solution such as Bitdefender GravityZone is key here, in providing a new approach to datacentre security in a transformed environment. GravityZone is a server- and VDI-workload protection platform that provides robust defence to an environment while remaining compatible with the outcomes of transformation – specifically IT agility and operational efficiency. It’s with solutions like this, and the ability to move quickly to respond to the rapid changes in the threat landscape that Bitdefender was placed as a “leader” by Forrester in its Forrester Wave: Cloud Workload Security report last year.

“I think what we’re seeing implemented during the pandemic will be a standard moving forward. Cyber threats are continually increasing, and I think organisations are seeing more and more threats that they need to mitigate,” Georgiou said.

Learn more about Bitdefender GravityZone

Getting on top of the new wave of security challenges

Security concerns were one of the most significant inhibitors to many organisations adopting remote working practices. As Justin Harvey, global incident response lead in the security division of consultancy Accenture said in a feature on Financial Times: ““It makes [cyber security] a lot harder when your attack surface — the culmination of all the networks and systems you use for work — is sizeable.”

With fines in Australia being potentially as high as $2.1 million for a data breach, it’s not surprising that organisations – particularly those that work in sensitive fields such as health care or financial services – have been reticent in increasing the size of the “attack surface”. With no choice in the wake of COVID-19, the focus now needs to shift from the initial enablement of remote working to a renewed focus on best practices.

CSOs and other IT security professionals need to ensure that they have these four key priorities as a focus moving forward:

  1. A focus on asset management
    With the expanded network and more devices accessing it, it’s important to be able to identify, track, and manage the devices and the work being done with them. Being able to seamlessly manage permissions and implement asset discovery to identify problems remotely (and why they may be a problem) is key to being able to securely manage a disperse environment.
  2. Training, policy, and reporting
    The best security solutions are for nothing if the workforce is not trained to identify and avoid threats. Organisations that were a little lax on the security hygiene training of staff when everyone was in the same building and the IT security team was readily at hand can no longer afford to have a “weak link” that accidently gives access to the network. Building strong policy and reinforcing it through ongoing training is critical.
  3. Configuration management
    The VPN is your first line of security defence, so making sure that it is properly configured so that only permitted devices can access it is important. At the same time if everyone is connected to the VPN simultaneously then the system performance might degrade, so building the environment to account for how people are working as they work remotely is another thing the IT security team will need to consider.
  4. Maintain patches
    It goes without saying that patches should be rolled out as soon as they’re available, but many people put off patching for their home devices, so shifting the mindset of workers to remind them that if they’re connecting to corporate assets they can’t afford to be lax, or, better yet, automating the patching process for them, is a priority that shouldn’t be overlooked.

Overall, organisations that take a disciplined and focused approach to security, being sure the maintain best practices at all times, will be the ones that are able to continue to work without an increase in their IT risk profile. The good news is that the awareness of these issues is there, it’s just that organisations are looking for the helping hand to get their environments and users to that point.

“It’s great to play a part in helping organisations through these rough times,” Georgiou said. “Many businesses are struggling on many fronts and cybersecurity can be a very genuine roadblock for a business when we’re talking about threats like ransomware and hacks that result in the leaking of sensitive data.”

“Knowing that what we are offering is preventing that and enabling organisations throughout Australia and New Zealand to focus on their core business is a nice bonus.”

It is possible to have a remote working environment, with staff working from home, without compromising on your security or elevating your organisation’s IT risk profile. Good policy, backed by tools such as Bitdefender’s Managed Detection and Response (MDR) and GravityZone Ultra, will allow organisations to rapidly adapt to “the new normal” for work.

Resource Centre

  • Brandpost - Understanding the Risks of Remote Work

  • Report - Hacked Off

  • Report - The Forrester Wave™: Cloud Workload Security