The COVID-19 pandemic prompted many organizations to rapidly move to a remote workforce, which often required IT teams to quickly expand the available network bandwidth and to modify the “normal” operating model to keep the business running. In supporting significantly more remote workers, IT teams may have bypassed their normal processes and procedures, thereby likely violating, weakening, or eliminating their IT and security policies.
In implementing their remote working solutions, organizations have inadvertently increased operational risk, especially in cybersecurity. Bad actors have been quick to capitalize on these risks, exploiting common VPN vulnerabilities, directing phishing campaigns toward users of popular communication and collaboration platforms, targeting Microsoft’s Remote Desktop Protocol (RDP), and standing up infrastructure to support malicious campaigns (see figure below).
Pre-pandemic, cyber incident breach response (CIBR) plans assumed the majority of employees would be working on-site in corporate-controlled environments. Now, many — if not most — employees are working remotely in a wide variety of settings. These non-corporate environments can introduce a host of new threats that IT and cybersecurity teams must prepare for.
As IT and cybersecurity teams tighten up their organizations’ cybersecurity, they may not have considered their CIBR plans and how to adapt them to the “new normal” and the cyber incidents that may yet occur.
Security weaknesses are inherent in many home networks, which are typically “plug-and-play” and designed to operate with few configuration options when users deploy them. Physical security cameras, appliances, light switches, light bulbs, stereo components, baby monitors, and other common devices are generally set up to automatically connect to any available home network; these devices use a wide array of protocols and ports to communicate with manufacturers and users to provide convenient — yet insecure — services. And these same networks that are burdened with peripherally connected applications are the very same ones that remote workers are using to connect to corporate IT networks, which may or may not be connected to VPNs.
As large-scale remote work becomes part of the new normal, it’s important that IT and cybersecurity teams prepare for the potential exploitation of new remote infrastructures. Specifically, you should consider:
When planning your response to a potential CIBR incident while your workforce is largely remote, it’s important that you:
Preparation, planning, and conducting cybersecurity tabletop exercises — both technical exercises and those involving senior management — will go a long way in helping your organization tap into the benefits of your remote workforce while being prepared to efficiently and effectively deal with cyber incidents.