As states deal with re-opening and in some cases, re-closing, the reality is that for many organizations, remote work will play a significant role in business through 2020 and beyond. And so will increased cybercriminal activity, as demonstrated by a 131 percent increase in viruses and about 600 new phishing attacks a day when the pandemic started.
Initially, we saw a number of phishing attacks directly related to COVID-19 (including ones purporting to be from the Centers for Disease Control and Prevention). Later, these attacks centered on stimulus packages and unemployment insurance, before evolving to subjects like vaccines and the stock market. Now, attackers are using a variety of relevant subjects –everything from “staycations” to boat rentals and food deliveries. And they aren’t just using email for these attempts – online ads and mobile apps are just a couple of other tactics used.
Even if organizations have created more flexible remote-work policies to better accommodate the needs of their employees in the short term, these businesses must ensure that their teleworker strategies can support and secure remote connectivity long-term.
Clarity from Crisis
Due to the pandemic, CISOs initially faced the incredible pressure of maintaining business continuity with almost 100 percent of the workforce shifting to working from home, in just a couple of days. Many successful approaches that we have seen for this are based on a careful analysis of existing capabilities, so that instead of rushing to add new technologies, they leveraged the potential of the solutions already in place. The beauty of assessing what you have in light of those business imperatives is that you end up asking the right questions about what processes, data and apps actually are critical to maintain the business.
This healthy response to crisis created some “Aha!” moments and consequently unified security practices across the branches (i.e., the core and cloud-based infrastructures). Many organizations simply did not know about some of the weak spots and bottlenecks in their infrastructures. Most knew that phishing emails were a threat, but they may not have expected corporate laptops be at risk if someone else in the same household clicked on a link while chatting and playing online games. To address these issues once they became apparent, some businesses made changes and additions to their environments in a manner and speed that made it impossible to understand the downstream effects.
Making the Transition
Though it may have seemed initially daunting, at least from a technical standpoint, implementing a robust and secure remote-worker program wasn’t necessarily as difficult as many organizations thought it would be. However, it did require the correct policies and openness to embrace change, in order to pull it all off effectively and under a tight deadline.
Some organizations took common VPN approaches, while other organizations are building robust and scalable cloud, SD-WAN and network access control (NAC) solutions. Scaling solutions was made easier when businesses already had the correct infrastructure in place to begin with. With careful planning and the right technology partnerships, some organizations were able to get over the hump and execute on or expand their teleworker strategy.
Moving forward, remote work may be a bigger part of corporate strategies. The experience of the pandemic has made businesses realize that the reasons to retain, or possibly expand, their remote-work strategies quickly outnumbered the reasons against remote work becoming a standard part of an organization’s business process going forward.
Lessons Learned and Next Steps
To one degree or another, remote work is here to stay. A Gartner survey of 317 CFOs and finance leaders in late March found that 74 percent will move at least 5 percent of their previously on-site workforce to permanently remote positions post-COVID 19. And almost 25 percent of respondents said they will shift at least 20 percent of their on-site employees to permanent remote positions.
Consequently, zero-trust network access will become increasingly important. There is now a major emphasis on this concept because companies are recognizing that, for one, they have many VPN tunnels that need to understand and confirm who the users are; and two, they have users on all different types of devices that now have access to the corporate network. Organizations will be looking at their security vendors and OEMs to implement the best functions of zero trust in a way that’s both manageable and increases the organization’s overall security posture. It’s not unreasonable to think that organizations will take different zero-trust strategies for different parts of their business, such as cloud, remote and data centers.
This is where the ability to understand and see everything on the network has become critical. With a few months of remote work under their belts, organizations are able to take a step back and evaluate whether they put every security measure needed in place so that their remote-work solutions are effective long-term. As a result, many of them are shoring up their zero-trust capabilities so they know exactly who and what is on their network well into the future as employees continue to work remotely.
Another upshot is that the need for more tightly integrated network and security functions will grow. Network infrastructure needs to support and enable other aspects of the business. It must allow for dynamic change and new technology integrations, and must have integrated – and automated – security functions to reduce complexity and increase efficiency. This needs to extend from branch to edge, and from the data center to the cloud, with a cohesive policy and centralized visibility and management throughout.
Now that businesses are rapidly acknowledging the cloud as an extension of the data center, it becomes critical for network and security policies to seamlessly expand into these environments and maintain the same ease of deployment (and security maturity) as their more traditional physical counterparts.
The Long-Term Perspective
As the pandemic has unfolded, it’s becoming increasingly clear that remote work isn’t merely a temporary solution. We’ve seen a dramatic shift in the last few months both in the business community’s ability to adapt and in the cybercriminal community as it follows trends to increase its attack cycles. Network visibility and zero-trust capabilities become key enabling ongoing, secure remote work. In short, the pandemic has brought home the need for agility, both in business continuity and in network infrastructure; may these lessons be heeded as we move forward.
Aamir Lakhani is lead researcher and cybersecurity expert at FortiGuard Labs.
Enjoy additional insights from Threatpost’s InfoSec Insider community by visiting past contributions.