Ironic isn’t it. How can a physical human virus pandemic, potentially increase the threat of digital virus’s in our networks?
As the Corona virus continues to spread and expand throughout the world, more and more is being said about the impact to businesses and the economy at large. The front-line industries that are bearing the initial and most instant pressure are tourism, education, manufacturing and logistics. It’s the flow on affects however for business that depend on air travel, conference venues, international trade and in general human-human contact that could end up being severely impacted during, and beyond the pandemic. We ourselves have had to at least contemplate the impact to our business, with regard to remote working staff and projects being delayed or stopped completely. The unknown is difficult for us all to manage.
Many organisations over the past days and week have asked employees to stay at home in temporary isolation or to simply minimise the risk of infection or infecting others. Some large corporates right across Australia for example, have all but mandated working from home and ceased all domestic and international travel. We are already seeing this in talking to customers in the enterprise and government space especially and are moving into overdrive on their Business Continuity Planning in this space.
This creates a new situation where thousands of employees are working from home, accessing corporate systems remotely and routing data from or too different areas than usual. We will see Company’s open their internal systems to the internet in situations where they deem remote access too difficult. Whilst it’s obviously not an ideal solution, availability is more important than security for many. Overall, the attack surfaces will increase.
Generally speaking, the home environment is less secure than the office and corporate data is accessed and stored at these locations, creating a high-risk scenario. Like we see during long holiday periods, there is going to be a lot of noise and malicious actors that will try to take advantage of that. Playing on the hysteria of the situation and piggybacking off legitimate emails. Already we have seen many different forms of Phishing emails attempting to trick users into clicking on some bad stuff.
After Corona, there are going to be a lot of “things” which have been done poorly and not rolled back and this is going to potentially open a myriad of holes for potential attackers post pandemic.
Planning for G20 and the recent Commonwealth Games events was hard enough and arguably difficult to protect with a known date, budgets and resources. This event will cause suffering due to the lack of time and ability to scale quickly. Customers that use a lot of on-premise infrastructure will suffer the most as there will be enough panic that no one will be watching the security profile of business, rather putting all their efforts into keeping the network up to support the increase in VPN, Voice and Video type applications.
However, in this day and age with the technology and working methods we have at our disposal, we can all take some simple steps to reduce what may be a bad physical situation becoming in parallel a digital or cybersecurity incident. Below are some “tips” and advice from the Security team at RIOT that may help with your planning and overall approach in tackling what could be an unprecedented event we may all need to deal with in the near future.
- First step, as an interim measure – lock down all privileged accounts where possible to reduce potential damage and where possible implement Multi-factor Authentication (MFA) and logging that looks for changes.
- Advise/Educate staff off proper remote access procedures and a simple reminder to be a bit more vigilant when looking to click on random links.
- Leverage cloud services where you can – This will help reduce load on your network. Think O365, AWS, GCP and Azure type applications. Some of these services are already locked down however be aware of user/account security and always use in conjunction with MFA.
- Setup some type of basic visibility on both the network and security side of things to keep an eye on link saturation, application performance and abnormal events.
- Review and check your current VPN/Remote Access licensing. Speak with your supplier/service provider and make sure you can handle a quick increase in remote users.
One thing is for sure, if the outbreak of Coronavirus COVID-19 does actually cause mass infection and quarantine, we will all be affected one way or another. Look to your technology partners, vendors and service providers for help and assistance now so you can be as prepared as possible.
Rob Merkwitza is the Managing Director RIOT Solutions.