COVID-19 AND CYBERSECURITY 9: LOOKING BACK WHILE STILL MOVING FORWARDS
As we bring this blog series to an end the last 3 months has brought about some of the biggest transformations in the ‘ways of working’ perhaps even since the introduction of personal computers.
“We’ve seen two years’ worth of digital transformation in two months” – Satya Nadella, CEO Microsoft
In speaking with our customers those who were most prepared and have even thrived under the circumstances could demonstrate the following capabilities:
- Predominately issued laptops instead of desktops to employees
- A robust VPN with the ability to scale as required
- A VoIP service which is accessible from outside the office
- Predominately ‘paper free’ using electronic document workflows and digital signatures
- Systems (email/web portals/other services) that were either accessible from the VPN or served as SaaS
Others are now catching up having purchased the laptops needed for employees to work from home or are looking to alternatives like VDI and Remote Desktop Services as we described in our first blog post: https://www.ansecurity.com/sharing-knowledge/covid-19-remote-working.
However even the most prepared organisations hit some roadblocks most notably around bandwidth and latency in and out of their datacentres resulting in email signatures from IT teams being co-opted to share the message ‘don’t use the VPN unless you have to’.
‘Please do not use the VPN if you only want to use Microsoft Teams’
‘For the best experience disconnect from the VPN before joining a Zoom call’
This trend and in particular split tunnelling caught our attention early on (https://www.ansecurity.com/sharing-knowledge/covid-19-and-cybersecurity-2-web-filtering-and-split-tunnel-vpns) where investments in firewalls and web filtering were being sacrificed for the sake of expediency. For those who are truly bandwidth constrained our preferred approach has been to target bandwidth hungry applications (mainly streaming video) and exclude only those from the VPN – therefore keeping that robust security posture for all other services.
With a wider range of SaaS being adopted 2020 truly is the year of MFA (https://www.ansecurity.com/sharing-knowledge/covid-19-and-cybersecurity-6-2020-the-year-of-multi-factor-authentication-mfa); by introducing these strong protections attacks against identity can be thwarted just as attacks against your network are prevented by your perimeter defences.
Administrators should also be mindful of maintaining their activity and audit logs with the sad fact that we are only seeing the tip of the iceberg for COVID-19 related data breaches. By centralising logs from a variety of systems the activities of threat actors can be identified post breach making it significantly easier to prevent the same attack again in the future.
Today we ask
- If the same situation (perhaps not even caused by a pandemic) arise again, how would you act differently?
- What applications were the most challenging to deliver over remote working services?
- If you have adopted new SaaS services, what do you have in place to protect the identities that are used to access these services?
As a business we are committed to providing help, guidance and support to our customers, particularly those on the front line and in critical industries. We want to do our part to help, so if you have questions, want to chat some things through, you know where we are.
Image by jcomp on Freepik