The COVID-19 pandemic has forced organisations, without any pre-warning, to adapt to different operating circumstances, and quickly. Some organisations were prepared, whilst others struggled to get ready for a remote work force who needed to access private company information from home.
Security professionals use the perspective of CIA (Confidentiality, Integrity and Availability) as a holistic method to manage security. During the COVID-19 period, most organisations focussed on the A (availability) and rightly so. Having employees ready working remotely was the key priority.
Although organisations may have bedded down their remote working methods, we at NEC know that security never sleeps, and have changed our focus onto Integrity and Confidentiality.
As part of Integrity and Confidentiality, we constantly monitor our servers and endpoints using our Cyber Operations centre and report back to our corporate IT manager on findings and recommendations. We have observed that security incidents have increased over five times during the COVID-19 months of March and April. Having seen this alarming increase, we then investigated the causes of these changes and are sharing our insights and recommendations with you as we believe our customers will be seeing similar trends.
Our recommendations for improving cyber security
VPN (or Virtual Private Network) is the concept where a secure connection is established between the organisation and the user’s endpoint device to communicate securely from home. Some organisations force all company and internet-based traffic from workstations through the company’s protection systems over the VPN tunnel. Other organisations allow internet traffic to break out at the workstation and only company-destined traffic to go over the VPN tunnel – this is referred to as Split-Tunnelling.
Organisations allow split-tunnelling for remote connected users to save on network bandwidth and improve user experience. This simply means that a user can access anything on the internet without going through the corporate network or its security inspection profile.
What is often forgotten is that the workstation now sits between the internet and the organisation’s network – a perimeter device that is susceptible to malicious threats from the internet. Threats that are not stopped at the workstation are now transferred over the VPN to the trusted corporate network, threats such as Malware or Ransomware.
Reduce the risk with security threats with Split-Tunnelling. There are many options and solutions that can complement the VPN security. NEC can help with configuration and complementary methods to protect your ICT services.
NEC has observed that many customers fall into the trap of deploying cloud-based services and think of these as an external environment and not an extension of existing trusted ICT services in existing buildings and data centres.
By not properly assessing Cloud services and the data stored in them, security monitoring and controls are neglected. This makes Cloud services without adequate protection, an easy picking for a hacker or bad actor to target cloud-based services to gain access to a company’s trusted network.
Cloud services must have an architecture with security by design. This will reduce the risk of having the cloud-based service as weakest point in the trusted network.
Cyber criminals are exploiting the COVID-19 pandemic by using well-crafted phishing emails. NEC has seen a significant increase in COVID-19 related phishing emails. Working from home means that employees may be able access private email systems from their workstations at home, or accessing work emails remotely without the sufficient security protection that was in place previously to block the threat.
Email is still the most common way that ransomware and other malicious threats are distributed across an organisation.
If your organisation's security policy does not allow employees to access personal emails on company devices, either block or remind users not to do so. Explain to employees why email is dangerous. It’s the same as social distancing during COVID-19 - one infected employee can infect the whole organisation.
Regular testing of your email security is a good way to test against those malicious individuals exploiting COVID-19.
Similar to phishing emails, cyber criminals have found ways during the COVID-19 pandemic to exploit vulnerable individuals and organisations. These exploits including donations for fictitious charities, or obtaining personal information such as usernames, passwords and other personal information.
Having regular security updates, messages and bulletins sent to your employees will help prevent this exploitation. A security awareness training program is more important than ever in reminding employees that these threats are real – the training should teach what to look for and how to respond.
As organisations rapidly responded to get all their employees ready to work from home, we’ve seen a rise in the use of free or untested software. Providing security patching and upgrades to work endpoints (laptops, tablets, phones) is difficult to manage remotely and can easily get neglected or be put into the “too hard” category.
It is just as important to test and validate software tools to avoid any unwanted embedded malware infecting your endpoints. Use sandboxing and deep scanning methods to test software before rolling it out to users.
Regular security patching of operating systems and application is crucial. Follow vendor best practices and use a central database to control and manage updates and patches. Use ITIL Change Management processes to assess and manage the impacts of different patch categories.
Complying with a security standard (for example ISO/IEC 27001) does not protect a company’s network and IT environment. A framed certificate on a wall in the boardroom does not guarantee the protection of your organisation’s ICT systems and data.
A framework is a guideline for organisations to follow and implement appropriate security controls for all company ICT systems. If followed correctly, and at all times, it will reduce risks to your organisation. These frameworks are, arguably, more relevant as users work from home during COVID-19. They are based on best and tested practices.
During the COVID-19 crisis, NEC has observed organisations ignore their compliance frameworks when implementing solutions. These frameworks are even more important today and ignoring them creates opportunities for a malicious individuals and groups to breach an organisation.
Testing against frameworks specifically designed for your organisation needs to be done on a regular basis and are more relevant during COVID-19. For example, security awareness training can form part of these frameworks. Getting users to attend a web-based security refresher, especially around phishing and malware, is very relevant and a good way to reduce risks from COVID-19 related security threats.
We understand that following these frameworks can be tough and challenging – the Cyber Security team at NEC have been following the common industry security frameworks for many years.
Contact us if you need advice or a provider that can ensure you remain compliant during COVID-19 and beyond.