Protecting the “New Normal” in the Post Covid-19 World: The World Has Changed
It has only been about 20 weeks since January 2020 that the first containment measures were implemented in Wuhan, but the emergence of the Covid-19 pandemic has since reshaped our entire work culture. The changes were global, rapid and widespread, compressing in just a few weeks several years of IT changes:
1. Telework is the “new normal” – As governments around the world imposed containment measures, businesses were transforming so that a majority of employees could work from home and access corporate resources through a secure access (eg VPN). In Check Point’s case, in just two weeks, 99% of the company started working from home, for the first time in its history. It was not an isolated example. When we asked our employees about this “new normal”, 78% of them said that their productivity was the same as before, or even higher. In a recent Gartner CFO survey, 74% of companies said they intended to make telework a sustainable reality. Facebook recently announced that 50% of its employees will telework permanently.
This “new normal” will therefore simply become the norm for many companies and many employees.
2. The use of collaboration tools is booming – As face-to-face meetings were not possible, companies turned to the use of collaboration tools such as Zoom, Teams and Slack more than never before. Zoom, for example, had 10 million meeting participants daily in December 2019. In April 2020, that number rose to over 300 million, an incredible growth of 3,000%!
3. Accelerating digital transformation and transition to the Cloud – A recent survey by Fortune magazine showed that 75% of CEOs of the world’s 500 largest companies said that the pandemic had forced their company to accelerate its technological transformation, with the cloud resources in mind. At the same time, they had to add additional elements to support their activities, forcing their IT department to implement them urgently. And as we all know, when projects are accelerated to meet a demand for connectivity, sometimes shortcuts are taken. In other words, if you go too fast, you are more likely to break things. Weakening the security posture is not “normal” behavior that companies can afford to cultivate. They need to quickly fix what’s broken.
Rapid changes mean security can’t keep up
In its analysis report on COVID-19, the world economic forum found that out of 350 professionals most at risk, 50% are concerned about cyberattacks and fraud resulting from a lasting change in working methods.
The new changes described above produce several elements that influence a company’s security risk and posture. Here are the main things you need to consider:
1. Social engineering attacks exploiting fear, uncertainty and doubt – The World Economic Forum recently reported that “the need to learn about the new virus, accompanied by fear, confusion and even the boredom during containment has increased the opportunities for cybercriminals to spread malware, ransomware and phishing attempts. ” In April, a Check Point survey showed that businesses were hit by a veritable storm of cyber attacks, when they had to manage the massive and rapid changes made to their networks and to the working practices of their employees during the pandemic. 71% of respondents reported an increase in the number of cyber attacks in February and March 2020, and 95% reported that they faced additional security challenges with the introduction of large-scale remote access for employees, and the use of non-sanctioned IT tools (shadow IT). The Covid-19 has not only caused a health pandemic, but also a cybercrime pandemic.
2. Attack areas have grown exponentially – With the rush to allow remote access to their resources, many companies have enabled connectivity from unmanaged personal PCs that, for the most part, do not not conform to simple hygienic practices such as applying up-to-date software patches, using updated anti-malware or any type of protection. Our new survey on the readiness of companies to exit containment has shown that while 65% of respondents say that their company prevents unmanaged PCs from connecting to the corporate VPN, only 29% deploy protection on employees’ home PCs, and only 35% carry out compliance checks.
Considering the confinement imposed almost everywhere in the world, many critical services have been provided by employees who have remote access to critical infrastructure management systems (eg water, trains, elevators, lights traffic, etc.). Personal mobile devices are more than ever allowed to access networks, and many applications are migrated to the Cloud for large-scale use. However, many Infosec and DevOps teams that have rushed to the Cloud have not adapted their security posture to the level of their traditional Datacenters. This gap represents a dangerous opportunity for hackers.
3. Employees are now their own RSSI – With the radical change that makes it possible to work from home, we are faced with a reality in which our living room is now part of the company’s perimeter. Your 8 year old is like a new employee who has access to your own network and files. In this situation, the data is more than ever in motion. Each company must now rely more on each of its employees to protect its essential data and network identifiers. Not surprisingly, our new survey found that 75% of those surveyed said that their biggest security concern after confinement for the coming months is the increase in the number of cyber attacks, especially phishing and social engineering attempts, and 51% expressed concern about attacks on unmanaged personal workstations.
Pandemic will subside but its effects on cybersecurity will not
As we have already mentioned, Covid-19 not only caused a health pandemic, but also a cybercrime pandemic. Its effects have radically changed the way we work, and these changes are here to stay. The accelerated pace of digital transformation, the remote access infrastructure, the drastic transition to the Cloud … all of this has already caught the attention of cybercriminals. We must therefore adapt security to the “new normal” of working methods. Here are our main tips:
As we all know, vaccination is better than treatment. Also in cybersecurity, preventing threats in real time, before they can infiltrate the network, is the key to blocking future attacks. 79% of those questioned in our new survey said their priority was to strengthen the security of their network and to focus on preventing attacks.
PROTECTION OF ALL ABOUT US
Each element of the chain is important. The “new normal” requires companies to review and verify their level of security and the relevance of their network infrastructures, their processes, the compliance of mobile devices and connected PCs, connected objects, etc.
The increased use of the Cloud means an increased level of security, especially for technologies that secure workloads, containers and serverless applications in multi-cloud and hybrid environments.
CONSOLIDATION AND VISIBILITY
All of these changes in corporate infrastructure provide a unique opportunity to validate your security investments. Are we getting everything we really need? Are we protecting the right resources? Do we cover all blind spots? The highest level of visibility achieved through consolidation will guarantee the best efficiency. You need unified administration and full visibility into the risks to your entire security architecture, which can only be achieved by reducing the number of solutions and providers.
Your cybersecurity solutions need to be simple to use and easy to implement if you want to get the best protection. Here is a useful matrix that you can use to better protect your networks and data.
Changes Effects Risks Main processes / technologies to be mitigated (partial list)
Teleworking Computers and personal cellphones provided access to corporate networks
Data leaks (eg keyloggers, screen recorders on PC / mobile) 1. Implementation of workstation safety and hygiene with verification of compliance (up-to-date patches, up-to-date AV …)
2. User awareness of cybersecurity (eg phishing attempts simulations)
3. Defense against threats on mobile
Rapid evolution to the Cloud Rapid deployment at the expense of security Basic security controls can lead to data loss and manipulation
1. Investing in Cloud Security Administration
2. Deploy workload protection for containers and serverless applications.
3. Real-time threat prevention with IaaS security
Critical infrastructures Allow remote access to critical infrastructures Security vulnerabilities in critical infrastructures
1. Security for connected objects
2. Strengthen network security via simulations with teams of opponents …
3. Security of operating technologies (eg Scada)
Increased network capacity Higher throughput is needed to process moving data Interruption of service
The network is down
1. Invest in network security that adapts to needs
2. All protections must be activated while preserving business continuity
3. Secure and scalable remote access
In summary, as we have all learned in the past few months, in times of crisis, we must be agile and act quickly. The pandemic may be fading, but its consequences are here to stay, and the best way to stay connected is to protect ourselves. The “new normal” demands that we continue to transform ourselves and adapt security to our new working methods.