The global Coronavirus (COVID-19) pandemic is proving to be the biggest ever test of how modern and flexible working practices are enabling employees to stay productive, working anytime, anywhere, on any device. Today’s enterprise mobility technologies enable employees to remotely connect to the data and resources they need, whenever they need them and on whatever devices they choose.
Even more so, in view of the current global events, and with governments around the world mandating social distancing on their citizens, including reducing social and professional gatherings, remote working has become an organizational business continuity measure rather than a debatable perk.
But despite these virtues, remote access to organizational data and systems, via various mobile devices across multiple networks, has a dark side that keeps chief information security officers (CISOs) awake at night. Accessing data outside the secure network perimeter opens up unprecedented “attack surfaces” for cyber criminals and creates a huge amount of additional vulnerability for organizations. With this in mind, what are the risks that CISOs and IT decision makers need to look out for when they deploy remote working practices, and how can they be mitigated?
Capacity issues
Capacity might sound like a simple consideration, but it is a very tangible one too. Mobile workers use virtual private networks (VPNs) to access corporate networks, but VPNs put considerable strain on organizational resources, necessitating having enough licenses for secure remote access.
Additionally, IT decision makers need to consider how their secure access solutions would prioritize who gets priority bandwidth. One cause of low connectivity is when users try to upload or download large files that are non-business critical, as these files exhaust the bandwidth dedicated to the operation of critical corporate IT systems.
During business continuity and disaster recovery planning, organizations should carefully consider capacity factors, including licensing and bandwidth availability so that they are prepared for any unexpected surge in demand. To securely allocate web traffic to cloud applications, IT decision makers should consider using Cloud Access Security Broker (CASB) solutions to manage the demands, while maintaining security monitoring and security policies to ensure that users and applications are properly protected. Enterprises may also wish to leverage the security functions they already have available to them through the existing services that they already consume, such as Microsoft Azure, as some of these may help to quickly alleviate challenges.
Unsecured devices
Today’s frequency of mobile security software updates requires devices to be regularly patched to maintain enterprise-wide security. This is especially relevant in bring your own device (BYOD) scenarios, where native mobile device security software might not live up to organizational standards. Patches and updates address known security problems, which means that ignoring them opens new attack vectors for cyber criminals.
IT decision makers need to make sure proper patching processes are put in place to ensure devices are kept secure. This requires visibility of what is connecting to the network and a view into the state of health of those devices, including how recently they were last updated. Aligned to this, the process needs to have visibility of new updates coming from the hardware and software vendors to ensure these are applied as soon as they become available.
Suspicious behavior becomes difficult to monitor
As remote working by definition takes place outside the confines of the corporate security perimeter, it disrupts the baseline working patterns that enterprise threat analysts need to look for. If logging in at 11pm is an option, then security analysts need to be aware of this pattern “as a new normal” when analyzing suspicious behavior. This will allow them to reset the baseline of normal access behavior, instead of flagging remote access that’s outside of the “old normal” as suspicious.
Restricting employees’ flexible access patterns while they are trying to work remotely is counterproductive. Instead, organizations need to consider how to monitor behaviors in a way that can compensate for unusual but legitimate remote access situations. User and Entity Behavior Analytics (UEBA) tools provide enhanced visibility and reporting of user behavior. These tools also deliver the contextual awareness that threat analysts require to establish whether or not a given behavior is suspicious, freeing up analysts’ time and resources to deal with the real threats quickly and effectively.
Attackers exploit mobile device usage behaviour
Research shows that users are more likely to respond to phishing emails on a mobile device. This is possibly due to the limited device screen size, as this makes it harder to spot the tell-tale warning signs of a phishing email. This could also be due to behavioral attitudes, where users tend to use mobile devices on-the-go to check and respond to emails.
Phishing and smishing (phishing via SMS) attacks also tend to exploit users’ trust of native and commercial social networking apps. In light of the current global events, an increasing number of cyber campaigns are currently being launched through SMS and consumer apps, like WhatsApp, to exploit the fears of vulnerable mobile users who are anxious for more information about the coronavirus outbreak. And, because most mobile users tend to have multiple email accounts on one device, any oversight of phishing attacks on personal email accounts could adversely impact organizational networks if the enterprise device gets compromised.
Since the risk with social engineering lies primarily with the people using mobile devices, the solution is clear and rigorous education around mobile device usage policies, with clear guidelines on the acceptable use of consumer applications and personal email accounts on corporate and BYOD resources.
Physical device breaches
Using a mobile device for work, handy and practical as it sounds, also carries the risk of being lost, stolen or compromised. Devices lost or left unattended in public spaces, even with strong encryption and protection, present a direct and significant security risk to enterprise data, both on the device itself and on organizational networks further afield.
As with protection against phishing, when it comes to physical device safety and security, mobile device users need to be educated on company policies and the responsibilities that come with using devices that have access to critical corporate data. Strong device encryption methods will provide some protection should a device become compromised or jailbroken, while remote device management capabilities would automatically remediate with a remote lock, device or enterprise wipe or other quarantine controls.
Malicious Apps
As our personal and professional lives converge on mobile devices, users will inevitably download apps for personal use on corporate-owned devices. And because barely anyone spends the time to read consumer apps’ privacy policies, there is a real risk that mobile users might inadvertently expose these devices to spyware and security vulnerabilities that can be exploited to access corporate data and systems.
Mobile device usage policies need to outline the acceptable terms of use to prevent data loss with app sharing permissions, app-level password enforcement and if required application whitelisting and blacklisting. Security teams should also routinely monitor devices to search for known malicious applications, and direct users to delete them immediately.
There’s no doubt that enabling remote access to corporate resources while safeguarding the integrity of organizational systems is a tough balancing act for most IT decision makers. However, leveraging the intelligent mobility management tools, analytics and insights that are available today, enterprise IT and security teams are now better equipped to provide their work colleagues with a secure remote access model, where the employee mobile working experience is optimized, productivity is maintained and the strain on organizational IT resources is contained.
