Phishing, social engineering will persist in remote work setup

The sudden shift in business operations arrangement caught some companies off guard. Orders of immediate lockdowns didn’t give companies enough time to prepare the infrastructure so they could have a secure working environment especially now that communications — video, email, messages — are conducted over the internet or cloud.

ManageEngine’s product manager Ananthakrishnan Vaidyanathan shared with Back End News the current security landscape in the age of teleworking and what companies and employees can do to protect corporate data being exchanged over the cloud.

ManageEngine is the IT management division of Zoho Corp. that offers network and device management to security and service desk software.

ManageEngine launches privileged access security solution for enterprise IT

ManageEngine’s new products provide secure connections to remote systems

1. What are the major challenges of working from home/remotely in terms of security?

Teleworking has seen new cybersecurity gaps open up, in addition to the existing cybersecurity cracks. An example of the former is remote patching. Improper bandwidth handling or inadequate network hardware can contribute to irregular patching, not only for endpoints but also for network components such as routers, access points, and other vital components handling the sudden influx of endpoints connecting remotely. Failure in patching your remote devices opens the door for hackers to access your enterprise networks using the same VPN connection configured to prevent such attacks.

One other problem is the sudden introduction of BYOD. Organizations that were adept at dealing with a single OS are now exposed to different device types running different OSs, which most organizations are ill-equipped to manage. These devices might not have the enterprise-approved antivirus and firewall configured, which along with accessing corporate data on insecure networks, can be easily exploited.

2. What types of security attacks are you seeing or do you expect should companies decide on prolonged remote working?

When it comes to exploiting existing cybersecurity gaps, coronavirus-themed phishing and similar social engineering attacks have seen an exponential rise. These attack vectors have been the primary methods of injecting malware into enterprise networks; and now, even more, employees are falling prey.

Further, as more organizations move to the cloud to optimize remote working, instances of browser-based attacks aimed at exploiting poor authentication and access mechanisms are expected to increase.

With the advent of teleworking, there’s been an immense surge in the usage of VPN and RDP as well as extensive reliance on firewalls. Any misconfiguration in these components will have more impact on the current setup. Similarly, extensive usage of RDP, which has a history of security issues, can also lead cybercrooks to wreak havoc. Bluekeep vulnerability is an example of RDP being utilized for cyberattacks.

3. How can employees working from home contribute in terms of security for their companies?

Employees play an important role when it comes to teleworking security as they’re now beyond traditional enterprise security.

The most obvious way employees can contribute to security is by ensuring they strictly adhere to the organization’s teleworking security plan, which should include regular patching of enterprise-critical applications, OSs, antivirus and any other security apps as well as accessing corporate data only using VPN and secure networks. Furthermore, employees utilizing their personal devices must ensure these devices are secured in accordance with the organization’s security standards.

Next is preventing shadow IT. Usage of unauthorized apps and services is one of the primary attack vectors used by cybercrooks to gain entry into enterprises. With the current lack of visibility for enterprises, cases of shadow IT are on the rise, and employees must understand the hazards of shadow IT and refrain from it.

Exercise extreme caution when accessing any links or downloading any attachments, doubly so when using corporate devices. With spear phishing becoming more and more common, phishing attacks have moved from being generic to targeted, with attacks aimed at particular individuals. A suspicious email should be reported to the enterprise security team to ensure other employees are educated on the same.

4. What steps should organizations take in order to ensure corporate data privacy

Proper management of endpoints is required to ensure data security. The fundamental security measures to be enforced must include:

  • Regular patching of applications and OSs to fix any existing security vulnerabilities
  • Ensure devices do not access corporate data via public Wi-Fi networks
  • Prevent installation of any unapproved applications on devices accessing corporate data
  • Permit only approved devices to access enterprise mailboxes

Ensure peripheral devices including USB devices are properly managed to prevent unauthorized access of corporate data

These measures will ensure the devices accessing (and storing) corporate data are reasonably secure, minimizing the chances of being exploited by malicious actors to gain unauthorized access to enterprise data or enterprise networks.

5. What types of security solutions should companies invest given the uncertain future of the global economy because of the pandemic?

With the heightened dependency on cloud services, organizations with only local network-based security mechanisms need to now incorporate cloud security access brokers (CASB), Zero Trust models, and other additional security mechanisms.

5G and IoT, in addition to helping enterprises, are going to be new avenues for malicious actors to exploit and attack enterprises. To protect the organization at the end-user level, IT teams can adopt cybersecurity systems that support the least-privilege models for users. Teams can also configure a user and entity behavior analytics (UEBA) system that performs a comprehensive forensic analysis of APTs as well as ML-based static and dynamic analysis.

To provide protection at the endpoint level, endpoint protection (EPP) and endpoint detection and response (EDR) is a formidable combination. While EPP is mostly preventive and provides the first line of security, EDR is a level above EPP and provides much more granular insights when it comes to endpoint security.

6. Please explain the benefits of Access Manager Plus and Remote Access Plus for both companies and employees? Were these products/services already available before the pandemic?

Beyond the obvious benefits of it being available on cloud or on-premises and letting you manage heterogeneous operating systems, Remote Access Plus comes with an extensive diagnostic toolkit that lets you easily identify issues without requiring a session every time. Unlike RDP, Remote Access Plus comes integrated with file transfer capabilities and video/voice/text chat, which saves time and effort during a remote session. Lastly, as remote access software usually creates a lot of privacy concerns, Remote Access Plus logs each and every action performed by the technicians, and the log files can be exported as reports if need be.

Access Manager Plus addresses the problem of remotely managing infrastructures such as servers and databases. Access Manager Plus provides secure channels so such tasks can be carried out remotely. Unlike VPNs, it provides granular access controls, restricting users to the operations, files, and folders their job requires. With comprehensive auditing capabilities, it offers total visibility into all privileged access use and lets enterprises manage privileged user sessions in real-time, shutting the door on privilege misuse

Both Access Manager Plus and Remote Access Plus were available before the pandemic and with remote work becoming the new norm, we’ve decided to offer free licenses for both solutions in order to help SMBs.

7. What is the future of cybersecurity with this environment?

The three major components in any security setup are people, processes, and tools (or technologies). People tend to be the weakest link simply because they are human and fallible. With remote work being the future, we should see organizations place a lot of emphasis on employee education. It is imperative that organizations train and re-train employees on cybersecurity to reduce if not eliminate human errors leading to cyberattacks.

Also, organizations should look beyond the confines of the enterprise network and opt for a perimeter-agnostic security setup, whereby the objective is to secure employees and endpoints accessing enterprise data irrespective of their location.

Another aspect that is fast becoming the norm in enterprises is the adoption of the MITRE ATT&CK framework, which consists of a comprehensive list of techniques and tactics used to categorize attacks and understand how able an organization’s security setup is. This, along with embracing automation, will help SOCs become more capable when it comes to monitoring, identifying, and proactively acting on security alerts.

Lastly, we’ll see EDR evolve into XDR—X detection and response—where X represents any component that can be used by bad actors to attack enterprises. XDR goes beyond conventional endpoints and takes into account servers, cloud services, networks, and other parameters to proactively detect and respond to threats.