For many employees, the COVID-19 pandemic brought about something they dreamed of for years: the possibility to eschew long commutes, business attire and (finally!) work from their home.
Companies were forced to embrace the work-from-home switch and many are now starting to like the cost savings and the possibility to hire employees from a wider, non-localized pool of applicants.
But for IT security teams, the switch meant even more work and struggling finding new ways to keep their organization and their employees secure from an increasing number and frequency of cyber threats.
The pressure to deliver security is on
A recent LogMeIn report has also revealed that the transition to remote work for the majority of businesses has impacted the day-to-day work of IT professionals.
Aside from the expected technical tasks and an increased number of web meetings, over half of them have been forced to spend more time managing IT security threats and developing new security protocols. In fact, the percentage of IT professionals who are now spending 5 to 8 hours per day on IT security rose from 35 in 2019 to 47 in 2020.
“In terms of defensive tactics, the first two months of the pandemic shifted the previous network-centric thinking to endpoint and remote access. Many firms lacking endpoint detection and response or endpoint protection (next-gen AV) sought to roll out these services across their distributed organization. They also focused on IAM and VPN or SDP services,” Mark Sangster, VP and Industry Security Strategist at eSentire, told Help Net Security.
“The other shift moved thinking from BYOD to BYOH: Bring Your Office Home. Firms were faced with the challenge of securing connections from home offices made through consumer-grade networking gear provided by employee ISPs. These systems are not as hardened as commercial-grade internet devices and were often misconfigured or left in factory settings with default administrative credentials and wide-open Wi-Fi services. This effort required IT teams to help non-technical employees harden their home routers, better understand password security and embrace the necessity for multi-factor authentication and VPNs.”
Solving the security puzzle
Companies’ tech priorities have shifted as well, with many increasing spending for security.
But the need to implement new technology, the widening attack surface, and the onslaught of ransomware-wielding gangs have forced some companies to accept the limits of what they can do with in-house IT security staff and technology, and to seek additional assistance from outside detection and response experts.
The threat of ransomware is insidious and be particularly destructive, delivering a potentially fatal blow to some (often smaller) organizations.
“Firms need to understand the risks and prepare with proactive defenses (threat hunting), hot-swappable back-ups and fail-over colocation systems. The real trick is catching unauthorized activity quickly, before criminal groups are able to plant ransomware throughout the organization, steal data and then launch a synchronized attack to cripple the organization. This means being able to monitor VPN traffic (connections) and remote administrative activities to detect unauthorized movement,” Sangster explained.
“Criminal groups steal credentials to then access the business using remote tools. This MO is detectable, but it requires proactive hunting and constant monitoring of these services. We have stopped multiple attacks of this nature. In those cases, the ransom attack was either isolated to a single device (and quickly recovered in less than an hour), or it required coordinate defenses to block remote attacks through remote admin tools like Microsoft RDP or PowerShell. In these cases, machine learning flagged suspicious activity for further investigation by security analysts. This quick response meant dwell time was only minutes and prevented the criminal gang ransomware from metastasizing throughout the organization.”