The COVID-19 pandemic has meant nothing but opportunity for hackers seeking to exploit vulnerabilities in corporate networks.
The closure of offices has pushed millions of workers into remote settings, where many rely on unsecured Wi-Fi networks and a mix of work and personal devices that are not protected by the usual firewalls. The result? An unprecedented spike in the number of phishing, ransomware and other cyberattacks.
During the first two months of the pandemic, 90% of companies in the U.S., U.K., France and Germany saw an increase in the frequency of cyberattacks, according to a Tanium survey.
The examples aren’t hard to find. Nefarious phishing campaigns have targeted users of Microsoft Teams, a collaboration hub that’s grown in popularity with the rise of remote work. Cybercriminals have also launched attacks against pharmaceutical companies aimed at stealing proprietary vaccine research.
None of this should come as a surprise. Even before the pandemic, the ability of organizations to fend off cyberattacks was strained, as major digital-transformation investments brought countless new endpoint devices onto their networks, creating new vulnerabilities.
You need asset discovery and management to know what devices exist and what they can access in order to apply security policies to them.
“Because employees are out of the office, they can’t rely on traditional protections, such as the corporate firewalls, which would otherwise block malicious traffic from unknown or unclassified websites,” says Andrew Jaquith, CISO of QOMPLX, an analytics and insurance software firm. “Instead, CISOs need to rely even more on their endpoint controls to maintain visibility and enforce web protections.”
As companies invest more in digital technology initiatives, they need to manage and protect endpoint devices more effectively and at scale. Here are five approaches companies should consider to help keep their networks secure.
Explore EM solutions
Enterprise endpoints have become a weak link in cybersecurity. About one-fourth (28%) of respondents in last year’s SANS Survey on Next-Generation Endpoint Risks and Protection reported that attackers gained access to their networks through endpoints in PCs, smartphones, tablets, printers and the ever-growing number of internet-connected devices.
“Having an endpoint security solution is by far the most important step an organization can take today for preventing systems from being compromised,” says Dan Dahlberg, director of security research for BitSight Technologies, a cybersecurity ratings company. “You need asset discovery and management to know what devices exist and what they can access in order to apply security policies to them.”
The SANS survey also showed that, while employer-owned devices like desktops and laptops are centrally managed 73% of the time, employer-owned mobile devices such as smartphones are monitored only 53% of the time.
That’s one reason why IT security professionals are increasingly implementing endpoint management (EM) solutions. These tools can help organizations secure and fortify vulnerable devices, helping IT to identify, protect, detect and respond to threats.
Endpoint devices, Dahlberg says, “are coming and going all the time, with huge security implications.” With millions of employees around the planet working remotely, a more unified approach to endpoint management is the only practical solution, he adds.
Map the entire IT environment
With increasing size and complexity of corporate networks, CIOs and CISOs need real-time endpoint visibility — a complete picture of how many devices are on the network at any given time, where they’re located, who owns and is using them and, perhaps most importantly, whether they’re adequately updated and patched.
“Companies with the best security approaches tend to have a good understanding of what normal access patterns look like and are able to flag behaviors that are outside the norm,” says Erin Edkins Ludert, a data scientist with email security firm Abnormal Security.
Most organizations aren’t there yet. It’s not that they’re ignoring the need for solutions to enable better endpoint visibility. Almost half (47%) of executives in Tanium’s survey plan to invest in such technology as people begin to return to the office in the months ahead.
One problem is that more than 9 in 10 CIOs and CISOs are making uncomfortable tradeoffs between security hygiene and operational priorities, according to a 2020 Tanium IT Resilience Gaps study. Often one or the other is shortchanged as overworked IT pros, charged with supporting distributed workforces, are short on bandwidth.
In fact, Tanium’s pandemic survey showed 93% of IT leaders have delayed or canceled cybersecurity initiatives to accommodate work-from-anywhere policies. As more workers accessed networks from a wider variety of devices (including personal ones), lack of visibility into these devices became a top concern with nearly half of respondents saying they had difficulties applying security patches.
“The need to keep work-from-home operations up and running seems to have diverted IT resources from meeting pre-pandemic patching SLAs,” says John Pescatore, SANS director of Emerging Security Trends. “The FBI and DHS have been warning about attackers exploiting unpatched Microsoft Exchange servers and several popular VPN servers, even though patches have been out since February or earlier.”
Declutter IT infrastructure
To bolster security during turbulent times, resilient organizations must retire outdated tools and technologies.
Legacy technologies are a common avenue for hackers to penetrate a network, in part because support for them may have lapsed, and hackers prey on those weaknesses. Dahlberg notes that even though old malware families like Conficker or BlueKeep may have been thwarted long ago, they are still lurking in older systems.
And because of poor network management, IT pros may not even know that such systems are still operational. “Unfortunately, it does happen more than you would think,” Dahlberg says.
Jump-start collaboration between security and IT teams
Many enterprise organizations struggle with IT assets that are dispersed across digital silos, each with their own admins or owners. The bigger companies get, the more that becomes true.
This situation invites risk, according to Tanium’s IT Resilience Gaps study. Fragmentation makes it harder for CIOs and CISOs to know if critical security patches are deployed effectively, leaving their companies exposed. At the same time, respondents would like to see IT operations and security teams uniting more often around actionable data for better visibility and control.
“In some organizations, security and IT operations don’t work well together and LOBs [lines of business] operate independently,” says Jon Oltsik, senior principal analyst with Enterprise Strategy Group. “This doesn’t scale and causes real issues.”
Oltsik recommends CIOs and CISOs speak to their staffs to “uncover friction and bottlenecks” that could lead to endpoint security problems and encourage them to “work together to break down barriers.”
Invest more in educating employees
Up to 83% of ransomware attacks occur when an employee clicks on a malicious link, according to estimates. That’s why many organizations view unwitting insiders as their biggest vulnerability.
That highlights the need for companies to invest more in security awareness, with well-planned and sustained initiatives. Current approaches are clearly insufficient: About 95% of working adults in a 2020 Proofpoint study said they had completed training for phishing awareness at work, yet phishing remains a leading cause of corporate breaches.
Experts say organizations must continually be in front of employees with information — which can be presented as part of entertaining games, videos or pop quizzes — about what to watch out for and how to stay vigilant.
Most IT leaders have adapted remarkably well to the challenges presented by the pandemic. They’ve kept the lights on and stayed productive. But operational focus is not enough. As an increasing number of devices access corporate networks, a unified management solution to track, control and secure endpoints, along with smart organizational and operational security practices, are needed urgently to keep attackers at bay.