Securing the ‘new normal’ – protecting the post Covid-19 world

By, Moti Sagey, Chief Evangelist

The world has changed

It’s only 20 weeks since the first lockdown measures were implemented in Wuhan, in January 2020, but since then the emergence of the Covid-19 pandemic has reshaped our entire working culture. The changes were global, rapid and widespread, compressing several years’ worth of IT changes into just a few weeks:

 

1. Remote working is the ‘new normal’ – as Governments worldwide mandated lockdowns, organizations transitioned to a majority of employees working from home and accessing corporate resources through secure access (e.g. VPN) , Here at Check Point, for example. In just two weeks, 99% of the organization moved to work from home, for the first time in our history. And this was not a rare example. When we asked our employees about this “new normal”, 78% of them reported that their productivity was the same as before or even higher. In a recent Gartner CFO survey, 74% of companies said they intend to shift employees to work from home permanently. Facebook recently announced it will permanently shift 50% of its employees to remote work.

So this ‘new normal’ will simply become normal for many organizations and employees

 

2. Use of collaboration tools is ‘zooming’ up – as face -to-face meetings were not possible, organizations switched to using collaboration tools such as Zoom, Teams and Slack more than ever before. Zoom, for example, had 10 million daily meeting participants in Dec. 2019 and by April 2020 they reported over 300 million – a whopping 3000% growth!

3. Accelerating digital transformation and the move to cloud – A recent survey by Fortune magazine showed that 75% of Fortune 500 CEOs said the pandemic forced their companies to accelerate their technological transformation, with cloud resources at the top. At the same time, they needed to add more elements to support their business operations. This created a “Just Do it” mindset as a new, pressing directive for their IT Departments.  And as we all know, when projects are accelerated to meet the burning demand for connectivity, sometimes corners get cut. Or to put it another way, if you move too fast, there’s a greater of risk of breaking things.  Having a weakened security stance is not a ‘new normal’ behavior organizations can afford to keep – so they need to fix what’s broken, and fast.

Rapid changes mean security can’t keep up

In its insight report on COVID-19 the world economic forum found that out of 350 of the world’s top risk professionals, 50% are worried by cyber-attacks and data fraud resulting from a sustained shift in working patterns.

The ‘new normal’ changes described above produce several elements which influence the risk and security posture of an organization. Here are the main ones you should consider:

1.Social engineered attacks exploiting fear, uncertainty and doubt – The World Economic Forum recently reported that the “demand for information on the new virus, accompanied by fear, confusion and even the boredom of confinement, has multiplied opportunities for cybercriminals to deliver malware, ransomware and phishing scams”. In April, a survey by Check Point showed that organizations were being hit by a ‘perfect storm’ of increased cyber-attacks, while having to manage the massive and rapid changes to their networks and employee working practices during the pandemic. 71% of respondents reported an increase in cyber-attacks during February and March 2020, and 95% said they faced added IT security challenges with provision of large-scale remote access for employees, as well as managing shadow IT usage.  Covid-19 not only caused a health pandemic, but a cyber-crime pandemic too.

2. Attack surfaces grew exponentially – With the rush to enable remote access to corporate assets, many companies allowed connectivity from unmanaged home PCs that most of the times lack basic cyber-hygiene such as updated software patches, updated anti-malware or any kind of protection. Our new survey of organizations’ readiness to emerge from Covid-19 lockdowns showed that while 65% of respondents said their company blocks unmanaged PCs from corporate VPNs, just 29% deploy endpoint security on employees’ home PCs, and only 35% run compliance checks.

Given the lockdown restrictions imposed almost globally, many critical services were handled by individuals which were granted remote access to critical infrastructures’ management systems (e.g. water, trains, elevators, traffic lights, etc). Personal mobile devices are allowed access to networks more than ever, and many apps are moved to cloud for scale purposes. However, many Infosec and DevOps teams rushing to the cloud did not scale their cloud security postures to the level of their traditional data centers. This gap, in simple words, presents a dangerous opportunity to hackers.

 3. Employees are now their own CISO – With the drastic shift to allow work from home, we face a reality where our living room is now part of the company’s perimeter. Your 8-year-old is like the new employee who has access to your own network and files. In this situation, data is more in motion than ever before. Every company now needs to rely more on each one of its employees to guard its data and critical network credentials. It’s no surprise that our survey found that 75% of respondents said their biggest security concerns in the coming months as we emerge from lockdown is an increase in cyber-attacks, especially phishing and social engineering exploits, and 51% cited concerns about attacks on unmanaged home endpoints

The pandemic will fade:  its effects on cyber-security will not

As we mentioned earlier, Covid-19 not only caused a health pandemic, but a cyber-crime pandemic too.  Its effects have dramatically changed the way we work, and these changes are here to stay. The accelerated pace of digital transformation, remote access infrastructure, the drastic move to the cloud – these have already gotten the attention of cybercriminals. So we must adapt security to the new normal ways of working. Here are our top tips:

REAL TIME PREVENTION

As we all know, Vaccination is better than treatment. In cyber security as well, real-time prevention of threats, before they can infiltrate the network, is the key to blocking future attacks.   79% of respondents to our new survey said their main priority is tightening their network security and focusing on attack prevention.

SECURE YOUR EVERYTHING

Every part in the chain matters. The “new normal” require organizations to revisit and check the security level and relevance of their network’s infrastructures, processes, compliance of connected mobile and PC devices, IoT etc.

The increased use of the cloud means an increased level of security, especially in technologies that secure workloads, containers and serverless applications on multi and hybrid cloud environments.

 CONSOLIDATION AND VISIBILITY

So many changes in the company’s infrastructure present a unique opportunity to check your security investments. Are we getting what we really need? Are we protecting the right things? Did we miss a blind spot?  The highest level of visibility, reached through consolidation, will guarantee the best effectiveness. You need unified management, and complete visibility of risk across your entire security architecture; and this can only be achieved by reducing the number of point product solutions and vendors.

Your cyber security solutions must be simple to use and easy to operate if you want to achieve the best protection. Here is a useful matrix for you to use to help better protect your networks and data.

 

Change Effect  Risk Top Process/Technologies to mitigate (partial list)
Working from home Personal mobile and computers provided access to corporate networks Data breach (e.g. key logger, screen logger on pc/mobile) 1.     Implementation of endpoint security and hygiene with compliance check (latest patches, AV…)

2.     User training awareness (e.g. phishing simulation)

3.     Mobile threat defense on mobile

Rapid move to cloud Speed of deployment on the expense of security Basic security controls can lead to data loss and manipulation 1.     Invest in Cloud Security posture management

2.     Deploy workload security for containers and serverless apps.

3.     Real time prevention of threats with IaaS security

Critical infrastructure Allowing critical infrastructure remote access Critical infrastructure breach 1.     IoT security for IoT devices

2.     bolster network security posture with red team …

3.     OT security with SCADA enforcement

Increased network capacity More throughput is needed to address data in motion Lack of service

Network is down

1.     Invest in network security that scales according to needs

2.     All protections must be enabled while keeping business continuity

3.     Scalable secure remote access

 

To summarize, as we all learnt in the past several months, in times of crisis we need to be agile and act swiftly. The pandemic may be fading, but its after-effects are here to stay, and the best way for all of us to stay connected is by being protected. The ‘new normal’ requires us to continue to change and adapt our security to our new ways of working.

To read more what you can do about it with Check Point Security solutions visit our dedicated mini site with pragmatic tips and recommendations