Markus Apfler, August 2021

The “Pandemic” security problem – what is it and what can you do?

The “Pandemic” Security Problem

How cybercriminals benefit from the new home-office culture.

Due to the rise of the COVID virus many companies have taken the decision to allow their employees to work from home. This decision was often a management decision made on the spur of the moment without taking the time to evaluate current or future technical requirements. Large enterprises have been struggling in many cases to provide necessary IT services for remote work and collaboration on very short notice, and at scale. The most important objective for IT departments in the first days of “the new normal” was to ensure that employees could work as efficiently as possible in their new environment – their home. At that point nobody thought about the vast number of implications this new way of working would bring from a security perspective.

Security Silos Are Open

IT departments usually spend a good deal of their time securing internal company systems against threats from the outside. Tools and applications for remote work have been around for years and their security risks are well known. Managing them for a small number of accounts was a feasible and in combination with strict security policies this possible attack vector for cybercriminals could be kept to a minimum. But running those services at scale for all employees is a completely different story.

The attackable surface in terms of IT services was quite small and well protected, even for large enterprises, with only a few external devices with permission to connect to internal systems at all. However, since last year the situation has changed drastically! Since the advent of home-office working many more clients, such as laptops and mobiles, are being used outside of the regular offices and each one of those increases the surface that cybercriminals can use to initiate harmful attacks. Security teams are becoming more aware of this fact and are trying to find the best possible balance between business needs and closing everything down.

Running internal IT systems which are kept up-to-date and are configured to the best-known security practices is a task that can certainly be achieved by a competent IT department. Attackers will have a hard time trying to find a direct way in into such environments but creative as they are, they will search for “help”. Help in the guise of company employees opening phishing-mails or downloading something from a webpage that turns their client device into an entrance point for criminals. The best security concept will often fail when the human-factor is introduced. As the personal interaction has been cut off by everyone working from home, the digital communication has increased massively and so has the chance to hit a malicious link while skimming through hundreds of unread mails.

Digital “Wild West”

Since the Pandemic forced everybody home cybercrime has skyrocketed. There has never been so many successful attacks that have been reported in the last one and a half years. From global acting enterprises to small businesses and even private Laptops, nobody has been spared so far and the likelihood to become a victim is higher than ever. Like in the “Wild West” everybody must be very careful from whom they accept messages and what sites they visit in the digital world.

Cybercriminals have adopted to the new situation very quickly and it seems they exploit newly discovered security vulnerabilities in IT systems faster than ever. When vendors bring out patches to fix vulnerabilities in their products, Malware targeting these vulnerabilities already exists and is often widely available through the web.

The best thing a company can do is have multiple independent security layers in place which provide proactive protection against any sort of attack, and to train employees how to recognize malicious mails and websites. But since criminals constantly look for new ways to infiltrate networks, steal data or create other destruction, experts already predict that budgets for the necessary security measures will need to be increased dramatically. Only then will it be possible to stay ahead of the game.

Shared Experience

It was common practise for large companies to usually handle security issues on their own and were mostly uncommunicative in terms of sharing information from attacks they experienced. In the light of the newest events a movement has started to gain momentum where security departments of multiple companies are working together to find common security best practices and to speak openly about the resulting damage these targeted attacks. Sharing exactly what happened and creating joint strategies to protect against similar attacks is the most valuable outcome of this collaboration.