Developing immunity: IT security in the era of remote working

By on 03/07/2020
Photo by Soumil Kumar via Pexels

Since the outbreak of COVID-19, IT teams have had to grapple with a vastly increased threat: cyber-attacks. Keeping civil servants’ often sensitive work safe from hackers is both imperative and a not insignificant challenge but as those watching a Tripwire webinar – now available on demand by completing the form below – learnt, protection is largely about embracing a back to basics approach.

In the last few months, desk-bound employees have had to adjust to working from home and embrace unfamiliar working practices, whether they feel comfortable with them or not. For organisations’ IT teams, enabling employees to work remotely has meant working furiously behind the scenes to shore up networks and manage the increasing threat of cybersecurity as criminals prey on weaknesses in IT systems now supporting a distributed workforce.

“The unplanned expansion of business network boundaries has compelled organisations to quickly source additional hardware, reconfigure their access controls, identify and implement new, and sometimes unfamiliar tools, and provide users with some level of training,” Paul Edon, director of international services at global cybersecurity provider Tripwire, said during his presentation.

As a consequence of these fast-track changes, many organisations are less secure – and at a time when cyber criminals are capitalising on the crisis.

Indeed, a survey of North American and EMEA security professionals conducted by Tripwire in April found that 94% were more concerned about IT security than they were pre-COVID. Not only that but 2% of respondents said they been breached in a coronavirus related attack and 61% had seen unsuccessful attempts. Meanwhile, the FBI is reporting approximately 192,000 pandemic related cyber-attacks every week. The threat is clear.

According to the FBI, around 90% of the attacks it’s seeing start with a phishing email – “many of them impersonating the World Health Organization, the United Nations, or some other official organisation working within the COVID-19 arena,” Edon said. Often, such emails carry subject lines like ‘COVID-19 daily update’ or ‘New confirmed cases in your area’. These trick users into clicking on infected documents or links, enabling malware to be downloaded onto their computers. The majority of malware being deployed, Edon explained, are either keyloggers, which capture passwords, or ransomware, which threaten to publish data or block access to it unless a ransom is paid.

Multi-layered, ‘defence in depth’ approach

Civil service IT professionals will be glad to hear that protecting the workforce from such threats is in large part a case of ‘back to basics’.

“To improve your resilience and prevent your domain from being used for spoofing, you need to employ a multi-layered, ‘defence in depth’ approach,” Edon said, including ‘anti-spoofing’ and adopting protocols such as Domain-based Message Authentication (DMARC), Domain Keys Identified Mail, and Sender Policy Frameworks.

When it comes to phishing, Edon said IT staff should educate users about their digital footprints and encourage them to use blacklisting and other such tools that block or filter suspicious emails. Then, in the background, IT teams should be looking at malware detection, configuration management, and file integrity monitoring solutions.

“Make sure you only use supported versions of applications and that your patching is up to date, use two-factor authentication where possible because that reduces the risk of any stolen credentials being useful on your network, and set admin rights,” he added.

As for ransomware, Edon recommended undertaking regular offline back-ups so that data is stored elsewhere – and can thus be accessed even if it’s being blocked on the main network in the event of an attack – and blacklisting malicious sites using proxy services such as the National Cyber Security Centre’s UK Public Sector DNS service.

The security of virtual private networks (VPNs) have been pushed to the forefront as people have been forced to work from home and should be another key consideration. “It’s no surprise to find that VPN now forms a critical part of most organisations’ IT communications backbone,” Edon said. “Security – by which I mean confidentiality, integrity and availability – must be one of the key focuses of any IT team.”

Cyber criminals are preying on weaknesses in IT systems now supporting a distributed workforce. (Photo by Yan via Pexels).

Edon pointed out that according to the National Cyber Security Centre, state-sponsored hackers are targeting healthcare research labs and universities that are involved in national or international COVID-19 research – and that those attacks are aimed primarily at misconfigured or unpatched VPN solutions and unpatched applications such as Citrix.

He recommended teams make sure that they’ve scaled VPN concentrators, portals, and gateways to cope with the additional remote connections, and that remote devices be managed centrally.

“Employ constant monitoring of your VPN performance and availability,” he said. “Now that the VPN is acting as a critical gateway into your network, it’s likely that cyber criminals are going to look at targeting it, by way of a distributed denial-of-service (DDoS) attack for example, which could exhaust your VPN system resources and crash the servers.”

And then there’s the security around communication tools to consider. As Edon pointed out, the need to maintain good communications in a distributed workforce has pressured individuals and organisations into installing unfamiliar platforms in a compressed timeline.

“In the past three months there’s been a huge increase in cyber criminals taking advantage of vulnerabilities in the misconfiguration of applications like Zoom, Microsoft Teams, Google Meets and others,” said Edon. “The vendors have been quick to react and I believe that all of the known vulnerabilities have now been mitigated with software updates or patches. However, misconfigurations may not have been and that could be a major issue.”

Avoiding risk through training and support

When deploying new applications that employees may not have used before, he advises making sure all users receive adequate training so that not only do they get the most benefit out of the solution but they aren’t creating any additional business risk.

He recommended that an out-of-hours emergency phone number be available to staff, and that weekly or fortnightly town hall sessions be organised to share updates and information on new and emerging threats and how the risks can be avoided.

Paul Edon

As well as the technical aspects of any IT resilience plan and educating employees on new tools and cybersecurity threats, Edon also advocated cross-broader collaboration as an additional defence against hackers.

“In the UK, we’ve got very good relationships across most of Europe, with the US, Canada, Australia, New Zealand and with a lot of the Asia Pacific countries as well. We all need to be working together to fight this – the more people you can get working together, the more people collaborating, the stronger our defences should be.”

Going back to Tripwire’s survey, Edon cited several statistics that appear to reflect that security professionals’ primary concerns match what’s being experienced more widely on the ground. It found that 58% of respondents are more concerned about employee home network security now than they were before the pandemic; 45% are more concerned about increased ransomware, phishing and social engineering attacks; 41% about remote system configuration; 38% about keeping remote systems compliant; and 38% about securing and analysing the traffic coming through VPNs.

It seems governments and other organisations are making progress in all of these areas – since the outbreak of COVID-19 they’ve had to – but how should IT teams ensure that the good work that’s been done do far is not lost, particularly when, as many predict, working practices are likely to have changed forever?

“What organisations need to do now is consolidate,” said Edon. “They need to look at what they now have that is no longer within their network boundary and they need to make sure the solutions they’re using are configured correctly because a lot of the cybersecurity risks are down to misconfiguration. When you’re working with a new solution that you’ve never used before and you’ve got to learn quickly and deploy it quickly, there are bound to be mistakes. So now what’s key is to go back and do due diligence.”

And he reiterated: “Education, good housekeeping, sound processes and strong policies are vital.”

Protecting against cyber-attacks is no mean feat but with a thorough and common-sense approach, civil services can rest safe in the knowledge they’ve done all they can to head-off potential threats.

View the webinar on-demand, access the presentation slides and download Tripwire’s cybersecurity survey by completing the form below. By watching the full webinar, you’ll learn more about:

  • How to protect against and respond to state-sponsored attacks
  • Protecting home-working civil servants handling sensitive information
  • Employee training and support
  • Mitigating communication tool risks
  • The benefits of employing ethical hackers and offering bug bounties to assess the security of computer systems
  • Leveraging private sector cyber skills
  • Phishing emails: the tell-tale signs
  • How to build on good cybersecurity practices

For further information, please email [email protected], call +44 (0)1628 775850, visit LinkedIn, or go to the website here.

About Partner Content

This content is brought to you by a Global Government Forum, Knowledge Partner.

Leave a Reply

Your email address will not be published. Required fields are marked *