New Digital Security Concerns in a Post-COVID-19 World
The first quarter of 2020, in which the spread of the COVID-19 virus quickly became a pandemic, has taught us a lot about the way we live:
- We’ve learned that many of the industries we took for granted, such as trucking and grocery, are integral parts of the very fabric of society and need to be better protected.
- We’ve learned that the healthcare system can become overwhelmed more easily than we might have thought and will require some changes to ensure it’s ready for the next spike in capacity.
- We’ve also learned that many jobs that are not traditionally associated with remote work can, in fact, be performed remotely. As organizations realize the cost benefit of employing a remote workforce, a large number of these jobs will remain full-time remote.
The urgency of the COVID-19 pandemic dictated that we move quickly to expand healthcare, grocery, and trucking capacity and build infrastructure for remote workers. We did not have the luxury of time for a thorough design process and more often than not, corners were cut. In this emergency situation, cutting corners was an absolute necessity. Moving forward, we must take a look back and ensure we put the right controls in place to protect what we’ve built. After all, we will be relying on these new systems into the foreseeable future.
Security was often an afterthought even in the pre-COVID-19 world and in its aftermath, many companies are left with lowered revenue streams. The tendency will be to push security even further down the priority list, but those who wish our systems harm will not suddenly have a change of heart, and our hastily built solutions present new opportunities for these threat actors. Fortunately there are measures to take that do not require much capital and can vastly improve security; it’s a matter of basic security hygiene.
Our biggest security challenge will simply be identifying and properly documenting everything we built during our mad dash response to COVID-19. If we have a system providing a critical function but we are unaware it exists, we can’t patch it, monitor it or build defenses around it. These types of systems are easy pickings and prime targets of opportunity. We should deploy tools to identify assets and not just rely on the memory of those who built the environment. There are many tools that offer free trial periods, such as Network Performance Monitor from SolarWinds. The free trials can be used to gather initial data about new assets and from there, organizations can determine if continued use warrants the ongoing cost.
Once the newly-built systems have been identified they need to be managed and patched. The knowledge that a system exists is only useful if we take action to protect it. Ensuring that the system consistently has updated patches removes it from the “target of opportunity” hitlist. In the world of patch management, there are some fantastic options available. Tenable.sc is one such solution, but it can be pricey for smaller organizations. Manage Engine and PDQ cater to more cost conscious organizations and offer free limited use licenses.
The expansion of the remote workforce during the COVID-19 pandemic is perhaps the biggest new security threat we face. In many cases, VPN solutions were built or expanded rapidly to meet the overnight need. Remote users were allowed to connect to the new VPN infrastructure with nothing more than their corporate username and password, but these credentials are extremely vulnerable. Studies have shown that around one-third of end users reuse credentials across multiple platforms. When credentials are stolen from one platform they can be used to gain unauthorized access to the new VPN systems we’ve put in place. We must educate our end-user population about the dangers of weak credentials and encourage the use of password managers like LastPass or 1Password. Additionally, we need to enforce multi-factor authentication on all remote connections. There are a myriad of free options available for multi-factor authentication with Google Authenticator and Cisco DUO as two of the most common.
The COVID-19 pandemic has caused the rapid expansion of technology in a number of areas. These expansions will ultimately benefit mankind by making our healthcare system stronger, beefing up our ability to get necessities like groceries and medicine, and making our lives easier by allowing us to work remotely more often. It is important to apply basic cybersecurity principles to our new infrastructure while it is still in its infancy. Protecting this new environment now will be much easier than retroactively building controls while they are under attack in the future.
Published on 04.13.20