2020 saw a major disruption in the way many work, learn, and socialise online. Our homes and businesses are more connected than ever. With more people now working from home, these two internet-connected environments are colliding on a scale we’ve never seen before, introducing a whole new set of potential vulnerabilities that users must be conscious of. Week 2 of National Cybersecurity Awareness Month will focus on steps users and organisations can take to protect internet-connected devices for both personal and professional use.
The remote access genie is out of the bottle and the longer it’s on the loose, the harder it’s going to be to put it back in. While many employees like their new-found flexibility, it’s created operational technology (OT) system security headaches for chief information security officers CISOs. COVID-19 has forced organisations to rethink traditional work environments, and many employees are loving it. No more long commutes or missing work to look after sick family members, and they can put in a load of laundry over the lunch hour. Whether you call it smart work or homework, it’s a trend that’s likely to stick around. Research by Eurostat showed that in 2018, only 3.6% of working Italians did so from home. But, more recently, a March 2020 Forbes article estimated that the number of Italian employees working remotely soared to 62% (8 out of 13 million), due to the pandemic.
In the United States, pre-coronavirus, statistics showed that 3.6% of employees worked from home half or more of the time, while 80% would prefer to work remotely at least sometimes. Just across the border, a March 2020 poll by Statistics Canada found that 4.7 million more people started working remotely that month, and 65% of those surveyed hoped to continue to do so after the pandemic is over. Fortunately, many employers are seeing the benefits of a remote work environment too. In a recent forecast, Global Workplace Analytics predicted that by 2022, 25-30% of the workforce will be working remotely multiple days a week.
Sounds great for employees, but all is not all so rosy for employers. The CISOs responsible for the resilience of OT systems now face an even greater dilemma: how do they keep these critical systems running 24/7 when employees are encouraged or mandated to work from home and are highly dependent on secure connectivity to function normally? Much of the answer lies in opening up systems that are traditionally closed to the outside world to allow for remote management. To achieve this, CISOs need to balance safety, productivity, and cybersecurity risk. Even the slightest oversight can open the door to cyber risks, and potentially cause harm to employees, company reputation, revenue, and much more. A large number of open connections from remote workers back to the enterprise or OT systems introduce cyber risks. Some corporate leaders may not be prioritising cybersecurity as they scramble to keep their businesses running; not realizing that threat activities carry on – and are sometimes even heightened – during times of crisis.
So, as the world sorts itself out during and post-pandemic, one thing is certain – remote working is here to stay. Fortunately, technology can provide the visibility needed to secure operational access, whether employees are working from the office or at home. While this level of flexibility hasn’t been so readily embraced in the past, secure remote access (SRA) is now being widely used to help companies survive and thrive. SRA is now being widely used to help companies survive and thrive. Visibility into remote devices, connections, and activity monitoring is key, however, as companies don’t have control over the home office infrastructure.
For example, we’ve heard of a plant engineer who is considered high risk due to a medical condition and needs to self-isolate. The company the engineer works for has to provide secure remote access, so the engineer can get “inside” the facility to manage their critical assets. The challenge is that by enabling remote access to critical operations assets, the company significantly expanded its attack surface. A big spike in the number of people working from home, and most likely continue to do so, has brought about a change in the micro view of how employees operate and in the macro perspective of how the industry could operate in the future. The pandemic has forced an industry that’s slow to change even the smallest of details into accepting supporting technology. Security was always thought of as a collection of people, processes, and technology, but the latter is now playing a bigger role in allowing businesses to operate via remote access. While it might be preferable for employees to be physically present, secure remote access technology allows organisations to manage remote access to critical systems in a responsible, secure way, providing situational awareness and auditability to see who is touching the business infrastructure.
To maintain resilience during COVID-19, we encourage organisations to include both IT and OT teams in cybersecurity planning. Here are some of my recommendations to strengthen an organisation’s security posture exposed by the sudden increase of employees working from home:
Increase visibility into the OT environment by using passive traffic monitoring to identify and baseline critical assets and operational states
Bolster detection capabilities with anomaly detection technology in IT and OT environments
Apply a health check to network infrastructure and ensure correct network segregation and firewall policies are in place
Ensure all devices and services are patched. It’s also important to shorten patch cycles, particularly for those that protect remote infrastructure. Where appropriate, use virtual patching to complement existing patching processes until a permanent patch can be conducted
Deploy a resilient backup policy that supports quick access to impacted files
Perform asset hardening to disable services used by ransomware for propagation
COVID-19 has brought wave after wave of personal and business challenges, and we will likely feel its repercussions for some time. It’s never been more important for organisations to prioritise OT and IoT cybersecurity and mitigate risk in order to recover and succeed in the post-pandemic era.