Staff layoffs and business downsizing exercises may hurt cybersecurity more than expected. Here’s one expert’s recommendations for tightening vigilance.
As the world is faced with unprecedented change due to the COVID-19 crisis, the threat landscape is once again on the precipice of a paradigm shift.
At the start of 2020, the threat landscape was already significantly different from that of the same period last year. CrowdStrike’s 2020 Global Threat Report outlines an ever-changing eCrime ecosystem that continues to mature and increasingly target enterprises, while nation-state adversaries are more relentless than ever.
Advanced cyber-threats are not unfamiliar to Southeast Asia. In May 2020, more than eight billion internet records of users on Advanced Info Service, Thailand’s largest network, were reportedly leaked. The following month, an overseas aerospace subsidiary of a major company based in Southeast Asia reported a massive data breach after hackers stole more than 1.5 terabytes of confidential information.
These incidents come after the cyberattacks on Singapore healthcare system SingHealth in 2018, which affected more than 1.5 million patients and was the largest data breach in the country’s history.
Digging into the source of cyberthreats
Threats typically come from nation-states and eCrime actors exploiting citizens’ fear surrounding COVID-19. This is achieved through social engineering campaigns to steal data and financial information. However, a third and major threat is beginning to emerge through corporate insiders—either unintentionally or worse yet, maliciously.
As a direct result of the COVID-19 pandemic, a vast majority of the workforce is now either working remotely or in a hybrid working model. The door has been opened for a whole new world of vulnerabilities to be exploited: insecure public Wi-Fi networks, outdated and unpatched personal devices, and non-compliant user access and permissions.
CrowdStrike’s 2020 Work Security Index also revealed that 54% of senior business leaders in the Asia-Pacific region believed that their companies are more likely to experience a serious cyber-attack during the COVID-19 pandemic than they did previously.
Additionally, businesses will begin reassessing operational expenditures to stay afloat during the health crisis, which may unfortunately lead to employee lay-offs or furloughs.
Disgruntled or desperate employees have always been a source of insider threat. However, with more employees facing uncertainty and fearing layoffs, the current working environment is more likely to generate unhappy workers who may seek to get back at an employer they feel is not treating them well.
These threats are a challenge to detect, prevent and investigate, and without proper security measures in place, they can put sensitive company data at risk.
Enterprises can take three steps to ensure they put their best foot forward in mitigating risk during these tumultuous times.
1. Boots in the cloud, when not on the ground
The first step to securing a remote workplace is to be able to effectively operate in a remote workplace. Even if a worker has patched devices, virtual private networks (VPNs), regulated access permissions, etc., the risk of a breach is still ever-present, especially with malicious insiders.
When these incidents occur, it is important that your security team can identify, investigate, and remediate the breach without the need for ‘boots on the ground’. This is especially vital amid the COVID-19 crisis, as travel not only delays remediation time but also puts people’s health at risk.
The key to securing a remote workforce is the Cloud. The cloud gives security teams visibility across the company regardless of the number of home offices the workplace comprises. It allows the team to remain agile when responding to incidents, enabling them to immediately deploy solutions to compromised devices and monitor from afar.
Lastly, the cloud drastically simplifies security compliance across all devices—both personal and professional—as security teams can deploy patches and access permissions from the safety of their own homes. From a process perspective, security and IT teams can remotely evaluate the access their employees have to sensitive information to ensure a ‘least privilege access model’. This ensures employees only have access to what is required to do their job, and in the event of a layoff, enables companies to quickly and efficiently turn off access for affected employees.
2. Combining the power of humans and data
When dealing with malicious insiders, one of the biggest challenges is discerning between normal work activity and possible malicious actions before it is too late. The distinction is not like finding the proverbial needle in a haystack, but rather something akin to finding “a needle in a stack of needles,” as the insider’s actions may seem legitimate on the surface while masking ill intent underneath.
Malicious insiders are a ‘people’ problem, and these sorts of problems often require human-staffed solutions. A company’s IT and security teams need to be adequately equipped to proactively monitor and track down suspicious activity before a major breach occurs. Their toolbox can contain solutions that prevent the use of thumb drives for data exfiltration, or more granular logging on email systems to flag emails containing corporate IP redirected to personal email addresses.
At the end of the day, humans know humans best, so a team of threat hunters—whether internally staffed or externally contracted—is a must-have in this world of remote work to cover your bases. These teams of threat hunters can detect ‘living off the land’ techniques and possible ill intent by complementing existing big data and AI capabilities.
3. Coordinated business leadership to prevent breaches
Protecting a company from malicious insiders goes beyond the sole responsibility of the IT security team. As C-suites and boards of directors find ways to protect the bottom-line while navigating their newly-remote workforces, there needs to be a united front across IT, human resources, and business unit leaders.
Business unit and HR leaders must partner to strategically inform and educate their boards of directors about these evolving risks to secure adequate investment in security practices, tools, and resources necessary to protect a company.
Regardless of what team they are on, all employees in one shape or another have privileged access to the company’s network, systems, and sensitive information. Establishing a business-level understanding of the privileged access an employee has, the types of confidential information they handle, and the processes required to offboard an employee, is all-important for preventing a breach from within.
Avoiding internal and external threats
The COVID-19 crisis is uprooting normalcy in day-to-day business as we know it. However, that does not mean the processes you put in place to protect your business are lost in the wind. With the proper technology, people and processes, businesses can consider the aforementioned steps to achieve and maintain a solid front of security against both external and internal threats.
In the event that a lay-off does occur, having these solutions in place will ensure a former employee’s home office transitions back to a normal living room without complications, allowing both the business and the employee to move forward in getting through these trying times.