A Distributed Workforce...."The New Normal"
As we all know by now, this Covid-19 pandemic is a game-changer. This is the biggest paradigm shift in both business and social norms that we have seen in our lifetime. The workforce has shifted from the office buildings, which are now desolate and empty, to the bedrooms and the living rooms. Our houses and our apartments are the new offices. And this wasn't voluntary or thoroughly planned out, this was a desperate attempt to survive, to ensure out continuity and to keep from obliteration. As fleeting as we'd hope this situation to be, we must accept, adhere to, and prepare ourselves, because this "distributed workforce" or this "work-from-home" culture is here to stay according to experts. And a lot of us have done a great job of adjusting our businesses this rapidly, amidst such uncertainty... but at what cost?
As an entrepreneur, business owner, and manager, one thing we need to understand, few corporate systems and infrastructure was primarily designed to operate such a large distributed workforce. A hastily designed distributed workforce massively impacts the pre-existing risk profile of any enterprise. It opens up new attack vectors and further burdens the ones having to defend the enterprise, which is a hard enough job, given any condition and environment. This rapid and unplanned shift to a remote environment has exponentially increased the threat landscape and we need to acknowledge this early on.
Over the past few weeks, there has been a volatile up-spike in cyber attacks. In recent weeks, we have seen many such data breaches and system compromises that can be attributed to this shift to the distributed workforce. Threat actors (bad hackers) are doing what they do best, taking advantage of this chaos and uncertainty and attacking more and more systems. Recently, even a few new APT (Advanced Persistent Threat) groups, also known as cybercrime groups, are sprouting up.
The distributed workforce has even changed the day-to-day interactions we do for business, both at technical and operational levels. This surge in a remote work environment has forced us to increase our usage and dependencies on a number of potentially vulnerable services. Just recently, just as people were becoming dependent on it, the popular video conferencing platform, Zoom, has had a massive data breach where hackers have dumped over 500,000 valid Zoom accounts on different hacker forums for less than a $1, and at times, even for free. This leads to, what is now known as a "Zoom-bombing" prank and other malicious activities. This is just an example of how severely and suddenly these hackers can affect us if we are not careful from the start. According to reports, Zoom is still the best and safest to use considering the steps they have taken to mitigate their vulnerabilities.
Now that we are working from our homes, we still need to access the company IT infrastructure, for various reasons. We needed to create a Virtual Private Network into infrastructure, for employees that we didn't initially ever think would be anything than on-premises. Many companies have gone from having to use absolutely no VPNs, or very limited VPNs, to having to establish hundreds, even thousands, of new connections practically overnight in a desperate attempt to adapt to this new environment. How many of these new overnight connections have compromised the enterprise's security posture? Recently the US Department of Homeland Securities (DHS) has warned that recently a lot of VPN software vulnerabilities were discovered and that threat actors (bad hackers) are actively exploiting publicly known VPN vulnerabilities and other remote working tops.
One other thing we should be careful about is that we now have to give access to the VPN for a wide range of remote employees. Regardless of what their access privilege is, multiple layers of employees will most likely be using the same VPN connection to gain access into the enterprise infrastructure, and not all devices will be company-owned. Not all of the employees sharing the same connection may be equally aware of their security posture. This presents a lot of new vulnerable points that may be exploited to gain entry into the enterprise IT infrastructure.
Our company's security is in our hands, it always has been. We are prioritizing Business Continuity and Disaster Recovery and playing out contingencies, as we should, but I believe that we need to consider the long-term risks along with the short-term gains. Even before Covid-19 came to being, everyone knew that enterprise IT infrastructures were always at risk with their cybersecurity and this situation, through no fault of our own, has increased the threat to our enterprises multifold.
Prioritize security along with business continuity and disaster recovery, always. It will pay off eventually. In cybersecurity, it always pays off to be proactive, rather than being reactive.
Stay Home - Stay Safe.