One of the key challenges that companies had to deal with quickly was the need to ensure information security for staff working from home. At a meetup organized by the Skolkovo Technopark, leading specialists in the field of information security discussed the key problems of the transition to remote operation, the associated risks, and the ways to minimize them in the future.
Corona circumstances
The mass transition to working remotely shaped the new requirements for corporate security systems. A survey by Check Point showed that 56% of companies encountered problems associated with organizing remote work and security, while 55% weren’t satisfied with the current means and instruments as well as the possibility of scaling such solutions.
95% of respondents (400 information security specialists from 500 companies around the world) stated that they faced issues when organizing remote work for their staff. Most of those had to do with ensuring the security of remote access to companies’ resources and documentation, staff members’ low awareness of cybersecurity and the use of personal computers equipped with software and services not approved by IT specialists.
The same survey showed that in the beginning of the self-isolation period, the number of cyberattacks grew: a large number of them had to do with newsletters and websites that pretended to contain essential information on the virus, or disguised themselves as popular services like Netflix.
Transition issues
Ivan Novikov, the co-founder and and CEO of Wallarm, spoke about the company’s own study in which 23 heads of corporate IT security services were asked about the main challenges of transitioning to remote work.
The first issue had to do with providing secure access to staff members. The companies that didn’t have VPN networks of their own had to quickly create them — and teach their employees to use them correctly. Those who’ve already been using VPN, but only on work PCs, had to solve the issue of giving access to personal devices and managing them.
The second issue had to do with introducing new systems, especially security and control systems. The urgency of it all made the task even harder, as everything had to be done quickly yet meticulously, as cybercriminals can easily make use of any vulnerabilities.
This led into the third issue: due to the increase in overall traffic, the increased number of people online, and the vulnerability of the recently-installed systems, the number of cyberattacks grew more than twice. The targets also changed during the pandemic: attacks were aimed at corporate websites and companies’ intranet systems, file storages, VPN services and corporate mail, electronic documentation systems, and portals for suppliers and contractors.
The fourth issue had to do with the increased load on the existing protection systems that weren’t ready for it, as well as on internal services that were rarely used before.
Andrei Bajin, the director for information security at VTB Capital, added that the human factor has become an additional problem: personnel who do not possess sufficient knowledge of cybersecurity are susceptible to the tricks that hackers use: for example, they often follow unsafe links in emails sent from addresses disguised as corporate ones. The risks of fraud from inside the company have also increased: both from staff members who received access to valuable documents and data and their housemates and neighbors.
The expert also mentioned the risks of losing access to critically important team members, like system administrators and information security specialists, when urgent need arises. In those times, they may happen to have problems with internet access, their computer, or power supply.
Another problem he mentioned has to do with logistics, namely the delivery of components from China, which is a key manufacturer and supplier.
Cyberattacks
Mikhail Pribochiy, the Managing Director of Kaspersky Lab in Russia and CIS, expanded on the risks associated with the human factor, and the new tendencies in cyberattacks. The threats are becoming more personal — hackers aim to gain access to personal data so that they can manipulate people and extort money. They’ve also become more targeted: hackers choose a specific target (persona or corporation), write code that matches it best, and are ready to spend a lot of time on it.
The key source of malware infection is still links in emails — 33% of cases. What’s more, people have started to fall for them more often due to factors like stress, cases of actual compensations, and the increase in the number of emails that is associated with transition to remote work.
Another growing source of contamination are website that purport to provide information about COVID-19: it turned out that about 75% of such sites have been created by hackers. Instances of phone fraud have also increased by 25%.
The main problem is that people don’t pay enough attention to security issues: they don’t install antiviruses on their smartphones and computers, open unsafe links, and download files from questionable sources. TV sets using the Smart TV system are also a threat — many use them for web surfing, much as smart speakers and other devices connected to IoT systems. These devices don’t have any built-in protection and can be hacked easily – and being connected to a common network, they become a vulnerability that hackers can easily use.
For this reason, business owners have to launch compulsory information security courses for all employees and regularly test them (for example, send out newsletters to see how many employees would follow an unsafe link). They should also check that all devices used for work, personal devices included, are protected with antivirus software.
Available solutions
In conclusion, Aleksander Mitusov, a manager for the introduction of digital solutions at Megafon, spoke about the top means of protecting a company from key threats.
When transitioning to remote work, most companies use three technologies: remote desktop services (RDS), virtualization desktop infrastructures (VDI), and content management systems (CMS) — the latter are used as the basis for such popular solutions as Bitrix24 and amoCRM.
The problem is that these solutions don’t guarantee security: for example, a protocol that’s used in RDS contains critical vulnerabilities that can grant hackers full access to a computer. Nevertheless, most companies that can’t provide all of their staff with corporate computers for remote work choose this option as the simplest and the cheapest one.
Then again, corporate workstations protected by VPN and clients like Cisco AnyConnect can also become a target. For example, specialists from Positive Technologies identified vulnerabilities in OpenVPN and Cisco products – and other means of protection that might seem reliable.
For this reason, every company has to introduce several essential technologies.
First are data leak prevention systems, which allow for monitoring employees’ activities and quickly identify the source of a leak.
Second are web application firewalls that make it possible to filter traffic and block network attacks. This technology is especially relevant for companies that focus on e-commerce and IT services.
Third is database and master data protection software — things that usually interest hackers the most. Major corporations should also conduct penetration tests, especially those using social engineering methods, and set up “sandboxes” for testing questionable links, code strings and so on.
In conclusion, Aleksander Mitusov once again mentioned the threats associated with smartphones and the need to teach employees the basics of information security. As the number of operations — work-related, financial, routine — that we do using smartphones is constantly growing, protecting their content becomes an essential task. Miscreants can easily gain access to phone data via public Wi-Fi networks, email clients, or specific apps, as 70% of apps contain vulnerable libraries.
You can see the full recording of the meetup (in Russian) here.