On March 11, 2020, the world changed for good. That’s the day that the World Health Organization declared COVID-19 a global pandemic—one that would eventually go on to claim more than 2.6 million lives globally, including over 525,000 in the United States in one year, according to Johns Hopkins University.
A few short weeks after the WHO declaration, businesses around the world began sending their employees home; the great remote-work experiment had taken hold. A year later, many enterprise workers remain in home and remote offices, with some expecting to return later this year as vaccination timetables accelerate and organizations prepare for a “hybrid” workplace, with some employees alternating between home and an office.
During this time, the cybersecurity industry has faced numerous challenges, including company equipment, devices and data that suddenly left the confines of corporate headquarters. In the meantime, home offices have turned into unsecured and vulnerable parts of the corporate network.
Almost as soon as work-from-home began, security researchers started picking up increasing amounts of phishing emails that incorporated pandemic themes into their lures, switching tactics every few weeks to keep up with news and developments. More recently, analysts have noticed an uptick in malicious emails and domains using supposed information about vaccines to get victims to click.
Cybercriminals also began targeting vulnerable remote connections, such as VPNs and Microsoft’s Remote Desktop Protocol, to leap devices into the corporate network, which then gives them the ability to spread malware (such as ransomware) or steal data. Ransomware upped the ante by increasingly adding an extortion element to attacks.
And while shifts in attacks and cybercrime made headlines, CISOs and their security teams took this time to explore other ways to protect data and assets after employees left the confines of the corporate office. Identity and access management (IAM) and cloud security became critical, while concepts such as zero trust and secure access service edge (or SASE) earned serious consideration as a way to protect remote workers who are increasingly relying on SaaS-based applications to do their jobs.
“The shift to mass work from home, and the resulting much-larger enterprise digital footprint, required the mobilization of security teams to quickly adapt. Of course, bad actors have also been quick to adapt their methods to take advantage of an incredibly vulnerable situation,” said Yaniv Bar-Dayan, CEO and co-founder at security firm Vulcan Cyber.
With permanent WFH changes underway at many firms, here are five ways that cybersecurity has changed over the last 12 months, and what those might mean for the future of enterprise IT and security.
The Attack Surface Shifts Home
One of the more obvious ways that cybersecurity has changed over the last year is the dramatic shift of many enterprise employees from corporate or branch offices to home locations. This, in turn, greatly expanded the attack surface as employees brought corporate devices into unsecured or poorly secured home networks, or simply began using their vulnerable laptops and smartphones for work.
For fraudsters and cybercriminals, this shift to work from home opened up all types of possibilities to target employees, from phishing emails and social engineering techniques to harvesting credentials or planting malware on devices. At the same time, employees using unsecured or poorly secured remote access to connect to corporate networks allowed more sophisticated hackers a way to leap from home devices into larger infrastructures.
This, in turn, helped cybercrime grow as gangs targeted more organizations. In 2020, blockchain analysis firm Chainalysis found that ransomware gangs made $370 million in profits last year, a staggering 336% increase over 2019.
“Attackers continue to take advantage of the pandemic, leveraging an array of social engineering to make their attacks more successful. Everything from COVID-19 vaccine rollouts, to the return to work and school, or tax reliefs and furloughs,” Sherrod DeGrippo, senior director of threat research and detection for security firm Proofpoint, told Dice. “An additional area of concern is that many remote workers still consider their home a place of safety. As the pandemic continues, their mindsets must change, especially as their organization’s data is increasingly at risk. For example, many are using ancient hardware and home-configured networks that are optimized for easy access and use, but not security.”
Cloud Security
Along with home offices, the shift to work-from-home meant that more organizations are now relying more on cloud services and apps. Although the shift to the cloud was well underway before COVID-19, the circumstances of the last year helped accelerate this trend, especially around more powerful, cloud-based collaboration tools such as Zoom, Slack and Microsoft Teams.
Security teams continue to confront instances of employees who spin up cloud resources, such as Amazon Web Services S3 buckets, which are then misconfigured or poorly secured, leading to data leaks, breaches and hacking. All of these changes and the growing importance of cloud means that security needs to be rethought, said Limor Kessem, executive security advisor for IBM Security.
“Unlike physical networks, the cloud is defined by code, software, abstraction layers,” Kessem told Dice. “It has many inherent benefits to security, with an ability to scale and bolster security, but it definitely requires the right skills, tools, and a mindset open to building and doing things differently.”
These new skill sets require that security teams know what they are responsible for, and what the cloud provider will provide for protection under the service level agreement.
“Another important aspect is penetration testing in the cloud. In an environment made of code, you can bet that bugs and vulnerabilities should be found and remediated before an attacker gets to them,” Kessem said. “And if something did go wrong, the cloud has its merits in helping security contain the blast radius of potential incidents, but that means that security teams have set things up correctly, have controls in place, and are well prepared with an incident response plan that includes their cloud assets and workloads. Bottom line, cloud and cloud security require upskilling the IT workforce so that it can continue to support and enable operations, innovation, and future endeavors.”
The Perimeter Is No More
If COVID-19 and the shift to WFH revealed anything about the nature of corporate security, it’s that the traditional corporate perimeter is dead.
During most of the pandemic, organizations beefed up their use of VPNs to allow employees to connect with the network and access apps they need to conduct their work. This, however, turned into a cumbersome and somewhat inefficient process, said Michael Isbitski, technical evangelist at Salt Security.
“This is also the setup many workers love to hate,” Isbitski said. “It’s a heavyweight network connection, and depending on the industry or role of the worker, sometimes employees are also forced to work within the confines of a virtual machine—adding more latency. This typically results in high latency and diminished user experience.”
The connectivity and reliability issues with VPNs, including many security flaws found in this technology, are one of many reasons why organizations are rethinking their perimeter security. These concerns, in turn, are driving conversations around the zero trust approach and incorporating the framework into cybersecurity plans.
“Zero trust network access emerged as an evolution of software-defined perimeter as a modern alternative to VPN,” Isbitski told Dice. “These still promote the concept of network access control, but the segmentation they provide is informed by identity and application context. It also provides better support for modern, distributed operating environments that are common in many enterprises even prior to the big work-from-home push.”
Return of Shadow IT
During the year of WFH, the concept of “shadow IT” returned to the conversation, as some security and IT teams were forced to give employees a larger degree of flexibility than if they were working in traditional offices. This not only includes downloading apps to devices or spinning up cloud services, but also allowing unvetted devices to connect to the network.
Hank Schless, senior manager for security solutions at Lookout, noted that, in the first 100 days of work-from-home, his firm saw a 26 percent increase in activity on iOS devices.
“This meant that devices that were previously used only for personal reasons were now connecting to the corporate infrastructure,” Schless said. “Security teams had to loosen up access policies to allow employees to be productive from personal devices in a forced bring-your-own-device scenario. These devices had never been vetted, so there was a significant risk of them introducing malware into the corporate environment.”
Schless notes that mobile devices and smartphones are also increasingly tempting targets for fraudsters and cybercriminals looking to deploy phishing emails that can then collect victims’ credentials or plant malware. If these devices connect to the corporate network, it creates another layer of security concerns.
“Attackers took advantage of the fact that employees were attempting to access cloud services such as Google Workspace and Microsoft Office 365 in order to be collaborative and productive from home,” Schless told Dice. “Phishing campaigns were built to target mobile users accessing these platforms by leveraging social engineering.”
In Search of Greater Collaboration
Another significant shift in the COVID-19 and WFH era is the heightened collaboration between IT and security teams to ensure that vulnerabilities in software are addressed and mediated before attackers can exploit them.
This balance has never been easy, but Bar-Dayan of Vulcan Cyber says that the past year should make security teams, IT and development teams rethink their relationships with each other to provide better cybersecurity throughout organizations.
“Collaboration between security and IT operations teams has never been more important, but collaboration has never been more difficult. Security teams and their IT counterparts had to develop skills and use tools to automate and orchestrate a more collaborative approach to IT security operations, DevSecOps, and vulnerability remediation,” Bar-Dayan said. “For the first time, we’ve seen a widespread mandate for IT leaders to invest in platforms that provide visibility into the outcomes delivered by more collaborative teams. You can’t secure what you can’t measure. A confusing array of Excel spreadsheets and communication channels does nothing but create more risk for the business.”