{"id":4392,"date":"2020-08-26T19:01:05","date_gmt":"2020-08-26T17:01:05","guid":{"rendered":"https:\/\/tekmart.co.za\/t-blog\/?p=4392"},"modified":"2020-08-26T19:01:06","modified_gmt":"2020-08-26T17:01:06","slug":"how-to-go-back-to-the-office-safely-and-securely-amid-the-covid-19-pandemic","status":"publish","type":"post","link":"https:\/\/tekmart.co.za\/t-blog\/how-to-go-back-to-the-office-safely-and-securely-amid-the-covid-19-pandemic\/","title":{"rendered":"How to go back to the office safely and securely amid the Covid-19 pandemic"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time-approximately:<\/span> <span class=\"rt-time\"> 6<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>\n<h3 class=\"wp-block-heading\"><strong>Security teams should be used to supporting remote workers effectively by now, but what\u2019s going to happen when people start returning to their offices? We look at the risks and how to address them.<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-2018.jpg\" alt=\"Alex Scroxton\"\/><\/figure>\n\n\n\n<p>By<\/p>\n\n\n\n<p><a href=\"https:\/\/www.techtarget.com\/contributor\/Alex-Scroxton\">Alex Scroxton,<\/a>\u00a0Security Editor<\/p>\n\n\n\n<p>The office has been deep cleaned and set up to comply with social distancing recommendations, and \u2013 against all the odds \u2013 enough of the workforce is willing to brave public transport to go back to work. It\u2019s time\u00a0to try to get back to business as normal.<\/p>\n\n\n\n<p>Most of us won\u2019t be there just yet, but in the next few months, as\u00a0the Covid-19 coronavirus pandemic\u00a0begins to subside, more and more offices up and down the UK will find themselves in this scenario.<\/p>\n\n\n\n<p>Unfortunately, reintroducing employees to the office as lockdown regulations ease will expose security teams to a heightened level of risk that has never really been seen before, or so says Joseph Carson, chief security scientist at\u00a0Thycotic.<\/p>\n\n\n\n<p>\u201cIt\u2019s essential to put in place measures to mitigate and manage the potential risks so that the corporate network is not overwhelmed with new threats,\u201d he says. \u201cOrganisations will have to consider that systems which have been taken out of the office with limited security controls will need a mandatory security review in place.\u201d<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Worried CISOs<\/strong><\/h3>\n\n\n\n<p>Rich Orange, UK and Ireland vice-president at\u00a0Forescout, tells Computer Weekly that his customers are already asking him about the potential for problems here.<\/p>\n\n\n\n<p>He says: \u201cWhen everyone downed tools and went to work from home,\u00a0the VPN became popular\u00a0and sexy again, which is fine, but the not-so-obvious threat which most organisations are realising now they\u2019ve had thousands people out working from home is addressing, \u2018How do we safely get these users and devices that have been remote and outside of our typical corporate security controls back in now?\u2019<\/p>\n\n\n\n<p>\u201cDevices are not sitting behind layers of enterprise security, they\u2019re sitting at home behind a BT router for 12 weeks, customers haven\u2019t been able to do a vulnerability sweep on them and haven\u2019t been able to\u00a0auto-push any patches to them\u00a0because they need to be connected to the network. How do they safely bring these devices in, making sure that they still meet corporate policy?\u201d<\/p>\n\n\n\n<p>But this isn\u2019t just a problem that affects major corporate enterprises \u2013 any business of any size that has implemented universal remote working during the pandemic is at risk.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cOne of our main concerns around this is for less cyber-savvy companies with people working remotely and just getting by how they can,\u201d says\u00a0Redscan\u00a0head of threat intelligence George Glass. \u201cMaybe they\u2019re sharing files via email, or maybe their VPN solution can\u2019t support the throughput of the entire company working remotely, and therefore they\u2019ve reduced the amount of connectivity they have between their remote devices and the internal network.<\/p><\/blockquote>\n\n\n\n<p>\u201cAdditionally, those devices that are being used remotely may not be getting antivirus updates because certain companies may require a connection to a centralised server to push those, therefore those devices could be compromised with little knowledge to the organisation. If they\u2019re not running an\u00a0endpoint detection and response\u00a0(EDR), they may not know that there\u2019s been a compromise on a device until it returns to work and plugs directly into the network.\u201d<\/p>\n\n\n\n<p>Nor does the problem only affect devices that have been out in the wild. As Zeki Turedi, Europe, Middle East and Africa (EMEA) tech strategist at\u00a0CrowdStrike, points out, security teams will also need to make sure that on-premise IT equipment is able to deal with people coming back to the office.<\/p>\n\n\n\n<p>\u201cIf you\u2019ve got desktop systems that have been shut down for the past three months and not been used, do you know if they have been updated correctly? There\u2019s probably thousands of desktop computers in offices all across the UK that have got huge vulnerabilities that need to be mitigated and looked after before people start utilising them,\u201d he says.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Lying in wait<\/strong><\/h3>\n\n\n\n<p>Perhaps even more worrying is the fact that this problem doesn\u2019t end with basic patching and antivirus hygiene \u2013 it has the potential to be much more sinister, as a recent alert issued by Redscan revealed, warning that having successfully inveigled their way onto employee devices\u00a0through targeted phishing attacks, organised cyber criminals are now lying in wait to connect to corporate networks and wreak havoc.<\/p>\n\n\n\n<p>Since the UK\u2019s lockdown began on 23 March, Redscan\u2019s\u00a0security operations centre\u00a0(SOC) has observed a significant rise in cyber criminals targeting remote workers, including a surge in malware spam, external scanning attempts to find weaknesses in remote access tools, and credential stuffing attempts on public cloud accounts.<\/p>\n\n\n\n<p>The firm says that many businesses understandably rushed to introduce remote working\u00a0without doing their research\u00a0and implementing sufficient controls to minimise the risks that malicious actors pose to workers and devices when they\u2019re beyond the corporate perimeter.<\/p>\n\n\n\n<p>Glass believes that with a wearisome inevitably, this lack of attention will lead to an uptick in incidents as employees log back onto the organisational infrastructure and dormant hackers launch their attacks by moving laterally through the network in seeking elevated domain admin rights, or launching a ransomware attack, for example.<\/p>\n\n\n\n<p>After all, it is no skin off a determined cyber criminal\u2019s nose\u00a0to wait around for a bit. Carson at Thycotic says: \u201cCyber criminals will no doubt be playing the long-term game, using compromised devices at home to get one foot in the door, and when those devices return to the corporate network they will have two feet in the organisation\u2019s network, now potentially with remote access and deciding the next malicious action.<\/p>\n\n\n\n<p>\u201cRemote working has provided the perfect opportunity to plant the cuckoo\u2019s egg of attacks on edge devices, to launch later once workers go back to the physical workplace and connect to the corporate network.\u201d &nbsp;<\/p>\n\n\n\n<p>Glass adds: \u201cOur concern revolves around exactly this. Big game hunting cyber criminal gangs are more than happy to sit around for as long as they need to, as long as they feel they can avoid detection, it could be weeks or even months. We\u2019ve seen dwell times are certainly on the increase, and we know, specifically with things\u00a0like Maze ransomware, cyber criminals will gather as much intel and data as they can and use that as leverage.\u201d<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Practical advice<\/strong><\/h3>\n\n\n\n<p>Fortunately, the return to work need not necessarily be a disaster for security teams, as long as you plan ahead, says Glass, and one helpful tool that most businesses will already have in place is\u00a0a guest wireless network.<\/p>\n\n\n\n<p>\u201cConnecting employee devices that are\u00a0returning to the office\u00a0to a guest network first limits the risk of an immediate spread to the rest of the corporate network, to network-attached storage [NAS],\u201d he says.<\/p>\n\n\n\n<p>\u201cOver the past weeks and months, people have learnt to quarantine themselves and limit interactions to the people they immediately live with to contain the spread of the coronavirus,\u201d says Orange at Forescout.<\/p>\n\n\n\n<p>\u201cThis approach of isolating individual elements of a system to avoid cross-contamination isn\u2019t unique to virology; it is just as effective when it comes to cyber security.\u00a0Segmenting a network\u00a0into different, independent parts continues to be a cyber security staple that, in case of a breach, prevents bad actors from laterally moving across an organisation\u2019s network.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Just like hospitals are sealing different sections off and controlling who goes in and comes out of them, organisations need to do the same with their networks<\/p><p><strong>Rich Orange, Forescout<\/strong><\/p><\/blockquote>\n\n\n\n<p>Besides network segmentation, whether done on a rudimentary basis or more formally, organisations should also put in place comprehensive network compliance policies ahead of a return to work, just as national governments are closing their borders to visitors from badly hit countries.<\/p>\n\n\n\n<p>It is also recommended to ensure firewall rules are up to date with\u00a0the latest threat intelligence information\u00a0to try to catch some of the more well-known command and control servers.<\/p>\n\n\n\n<p>For the endpoint devices themselves, Glass recommends first conducting a vulnerability scanning exercise to pick up missed software patches and operating system updates \u2013 something a competent security officer should be doing anyway \u2013 and then increase monitoring of endpoints going forward.<\/p>\n\n\n\n<p>\u201cNot all companies are going to be able to immediately roll out EDR solutions across their entire estate, I understand that, but increasing monitoring could definitely help catch actors that are trying to move laterally,\u201d he says.<\/p>\n\n\n\n<p>Security professionals should also take the opportunity\u00a0to resurface basic security training, helping staff understand the risks that they might face when they go back to work, and remind them of standard guidelines around spotting phishing emails, and so on.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Security overhaul<\/strong><\/h3>\n\n\n\n<p>CrowdStrike\u2019s Turedi cautions that for a while \u2013 possibly even permanently \u2013 offices are not going to be running at anything like their pre-pandemic capacity, so it is also important that\u00a0chief information security officers\u00a0(CISOs) maintain whatever measures they put in place to safeguard their remote workers. It is also worth their while to formalise remote-working policies that were drawn up in haste in March.<\/p>\n\n\n\n<p>\u201cThis is a much more complex stage because the return to work is not just about turning on devices and patching updates, it\u2019s about identifying what the core mechanisms are that are used to secure the environment, and making sure the tools and technologies in place are actually able to provide full security, no matter where employees are,\u201d he says.<\/p>\n\n\n\n<p>\u201cAs you come into the post-lockdown world, people maybe will not want to go and work from an office or will maybe not be able to work in the office because those offices can only be at 20% capacity, so they may start opting to work from a cafe or work from the park or from a shared space that at least enables them to be outside of the home. That will change the security environment.\u201d<\/p>\n\n\n\n<p>In the mid- to long-term, Orange at Forescout says that the return to work is a good opportunity to consider\u00a0implementing zero-trust policies, establishing minimum security requirements that devices must meet before they connect to the network. For example, should a vulnerability in an older operating system be identified, any device running it can be denied access until it has been updated or patched.<\/p>\n\n\n\n<p>\u201cIf such policies already exist, it is essential to review and update them now as the threat landscape is constantly changing. Cyber criminals won\u2019t stop looking for potential exploits in common operating systems just because a global pandemic is going on,\u201d he says.<\/p>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time-approximately:<\/span> <span class=\"rt-time\"> 6<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>Security teams should be used to supporting remote workers effectively by now, but what\u2019s going to happen when people start returning to their offices? We look at the risks and how to address them. By Alex Scroxton,\u00a0Security Editor The office has been deep cleaned and set up to comply with social distancing recommendations, and \u2013 against all the odds \u2013<\/p>\n<p><a class=\"more-link\" href=\"https:\/\/tekmart.co.za\/t-blog\/how-to-go-back-to-the-office-safely-and-securely-amid-the-covid-19-pandemic\/\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17,18,32,58,3],"tags":[],"class_list":["post-4392","post","type-post","status-publish","format-standard","hentry","category-cio-resources","category-contracting-and-legal","category-covid-19-global-responses","category-endpoint-security","category-industry-news-and-expert-advise"],"_links":{"self":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/4392","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/comments?post=4392"}],"version-history":[{"count":1,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/4392\/revisions"}],"predecessor-version":[{"id":4393,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/4392\/revisions\/4393"}],"wp:attachment":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/media?parent=4392"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/categories?post=4392"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/tags?post=4392"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}