By Glen Maloney
COVID lockdowns resulted in major changes to the way office networks are accessed and used and there are significant security implications for businesses, writes Glen Maloney, ANZ Regional Sales Manager, ExtraHop.
Does your company’s head office remain an empty shadow of its former bustling self? If so, you’re far from alone. Across Australia, thousands of premises are sitting empty, or operating with reduced occupancy as companies continue to play it safe by keeping their staff working from home, at least some of the time.
Roy Morgan figures released in July 2020 showed more than 50 per cent of finance and insurance, public administration and defence workers were out of the office while the pandemic raged, along with 47 per cent of the communications profession.
All up, just under a third of working Australians have been toiling from home since the COVID crisis struck. That’s an extraordinary 4.3 million people and their absence from the office has altered the ‘behaviour’ of corporate networks significantly.
For starters, there’s been a steep decline in the number of devices connecting directly. Global research by ExtraHop shows laptop and smartphone connections down by 64 per cent and 69 per cent respectively. Use of digital assistants has also plummeted. Not that these devices disappeared, they’re just connecting from all over the place via VPNs, using SaaS apps, or leveraging other remote access options. Enterprises that haven’t had to secure such a range of connectivity options across a wide geographic area are quickly learning that the shape of their attack surface has changed. The bad news is that attackers are learning it too.
Smile, you’re on candid camera
At the same time, there’s been an unsurprising surge in the use of Internet Protocol (IP) cameras. As companies have switched off the lights, figuratively and literally, they’ve switched on the cameras.
Doing so is a smart move, on the surface at least. Empty and under-occupied premises are prone to vandalism and break-ins. A connected array of security cameras can be a deterrent for thieves and other individuals looking for opportunities to run amok.
Unfortunately, they can also provide easy entry for a quieter but no less deadly and destructive collection of assailants and enemies.
The easy ‘hackability’ of IP cameras is no secret. The much publicised Mirai botnet of 2018 took down a string of institutions, including Rutgers University in New Jersey and Deutsche Telekom, by harnessing an extraordinary string of online consumer devices, including IP cameras and home routers.
The fact that many were still using the default passwords they came with made the task of guessing and hijacking their credentials child’s play. The rest is history – and it’s history that’s all too likely to repeat itself, if businesses and organisations don’t learn from the bitter experience of others and strengthen their security posture accordingly.
A good first step is to make the IT security team responsible for configuring cameras before they are deployed, rather than allowing employees who lack specialist expertise to add them to the network willy-nilly.
Overhauling your security posture in the out-of-office era
The heightened level of cyber-risk faced by Australian businesses since the advent of the COVID crisis has been well documented. In the past year, a number of major businesses and organisations have succumbed to attack, among them dairy and beverage giant Lion. Meanwhile, the federal government has stepped up its efforts to help them protect themselves, with the announcement of the $1.67 billion Australian Cyber Security Strategy 2020.
If you haven’t already done so, now is a good time to review your security arrangements more broadly, particularly if remote working is set to remain part of your organisation’s modus operandi in the long term. One of the items on your agenda should be to determine how best to protect devices – and the corporate network – when employees log on from home, using company equipment or their own devices.
Protecting VPN connections, monitoring Remote Desktop Protocol usage, and assuring that any device that connects to the corporate network has the appropriate security technology installed are just the first steps. Embracing technology which provides visibility of the entire network can help you to identify abnormal activity swiftly, wherever it occurs, and take steps to mitigate it before critical systems and data are compromised.
Time to act
The COVID crisis has forced businesses of all stripes and sizes to explore new ways of working and accelerated a wave of digital transformation that’s making it possible for them to do so. Cyber-security practices need to evolve apace. Taking steps to strengthen your organisation’s posture and boost its ability to detect and withstand attack will see it better placed to address whatever operational and business challenges lie ahead in 2021.