COVID-19 Demands a Move from Reactive to Proactive Security

By Dixie Fisher, Senior Product Marketing Manager | August 21, 2020

Share:

Cybersecurity

Tips for Your Organization’s Transition from COVID-19 Crisis Mode to Proactive Security in the "New Normal"

The move to cloud computing and a highly remote workforce has been on the horizon and building momentum for decades; with COVID-19 as an accelerant it looks like organizations won’t be throttling back.

Here are three things to do now to secure your reshaped IT ecosystem:

Identify all of your assets – especially those in cloud environments
Understand the security risks across your attack surface
Pay extra attention to remote access and VPN gateways – areas of rapid expansion for many organizations

As sheltering-in-place restrictions took effect, some organizations went from 0 to 100% in terms of their remote workforce. And now a full 74 percent of organizations plan to shift some employees to remote work permanently, according to a Gartner survey.¹ This surge of permanent remote workers will also lead to an increase in cloud-hosted virtual desktop infrastructure (VDI), desktop as a service (DaaS), and remote access VPN that was considered a dying technology until the necessities of COVID-19 and sheltering in place revived it, according to Gartner.²

A flood of public announcements reinforce working from home as status-quo, with many major organizations keeping their teams out of the office until at least the new year. Meanwhile Nationwide Insurance has decided to close its buildings entirely and have its 4,000 employees telecommute permanently.³

As this shift to digital resiliency becomes the new normal, the ongoing challenges of securing a cloud-based and remote workforce environment haven’t gone away. As the still-growing push to the cloud continues, a critical business need — cited by 65% of the respondents of the O’Reilly Cloud Adoption in 2020 study — are more IT workers who are fully-trained in cloud-based security for migrating applications and implementing cloud-based infrastructure.⁴

"Data from the CyCognito platform shows that increased cloud usage increases IT risk significantly. Public cloud assets harbor a disproportionate share of an organization’s critical attacker-exposed risks, with critical issues in cloud assets occurring at 3 to 6 times the volume of critical risks in on-premises assets."

And data from the CyCognito platform validates that concern: showing that increased cloud usage increases IT risk significantly. Public cloud assets harbor a disproportionate share of an organization’s critical attacker-exposed risks, with critical issues in cloud assets occurring at 3 to 6 times the volume of critical risks in on-premises assets.

The United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) caution that the surge in teleworking with the increased use of potentially vulnerable services, such as virtual private networks (VPNs), amplifies the risk of cybersecurity threats.⁵

COVID-19 forced everyone’s hand, but that doesn’t mean your organization has to play into attackers’ hands. Here are three key tips:

01

Make sure that you have identified all the cloud environments and assets that may have sprung up — and will likely continue to do so.

"Larger enterprises average around 700 software as-a-service solutions, with thousands of potential users connected to each,” says Rob Gurzeev, CEO and co-founder of CyCognito.

Even pre-COVID-19, cloud implementations were commonly spun up outside the knowledge of the IT and security teams and that practice may also be on the rise. Misconfigurations are common with shadow IT implementations and introduce risks that can create substantial data loss to your organization.

On the flip side, with hard hit businesses who may be scaling down their cloud usage (e.g., reservation systems in travel-related industries), it’s important to avoid abandoned workloads and identify and deprovision unused cloud resources appropriately.

02

Understand the security risks inherent in your organization’s radically expanded and reshaped IT ecosystem as you continue to straddle a hybrid model of in-office and at-home collaboration, on-premises and in-the-cloud infrastructure.

Attackers are agile as a rule and they aren’t missing the increase in exposures that hasty working-from-home infrastructure implementations provide.

CISOs have long recognized that they need automation to help them address what even well-funded security teams, processes and chained solutions aren’t solving. The new normal makes taking a comprehensive and large-scale approach to identifying your organization’s risks more imperative.

03

Continue to review the security of all your gateways, especially your VPN and remote desktop protocol servers, which will remain an area of interest to attackers.

It’s not by chance that CISA and the NCSC called out VPN technology as particularly vulnerable. CyCognito research shows that a number of enterprises continue to have a well-known vulnerability on VPN gateways that will allow an unauthenticated remote attacker to gain access to private keys and user passwords.

In short, the risks to your changed — and changing — extended IT ecosystem continue to accelerate the need to shift from a more reactive approach to security to one that is proactive. Our experience shows that staying ahead of attackers requires large-scale automation to uncover and prioritize the potential weaknesses in your attack surface from an attacker’s point of view so that you can mobilize quickly and eliminate them before attackers discover and exploit them.

REFERENCES

1. https://www.gartner.com/en/newsroom/press-releases/2020-04-03-gartner-cfo-surey-reveals-74-percent-of-organizations-to-shift-some-employees-to-remote-work-permanently
2. https://emtemp.gcom.cloud/ngw/globalassets/en/insights/coronavirus/workforce_resilience_eye_of_pandemic.pdf
3. https://www.nytimes.com/2020/05/08/technology/coronavirus-work-from-home.html
4. https://www.oreilly.com/radar/cloud-adoption-in-2020/
5. https://www.us-cert.gov/ncas/alerts/aa20-099a