COVID-19 : How could organisations manage cyber security risks?

PUBLICATIONS

NIR SHAULI'S INTERVIEW : CYBERSECURITY EXPERT, HELIS

How to ensure your users are the ones connecting to your network and not someone else?

We are used to think of passwords as a solution to increase security when today they are in fact a vulnerability.

Phishing and credential stuffing are just a couple of the methods used by hackers to gain users’ credentials and when LogMeIn survey shows 59% of users use same passwords for multiple accounts it is not surprising that 81% of breaches are caused by credential theft.

To further the size of the threat, Microsoft alone reports over 300 million (!) fraudulent sign-in attempts a day to their cloud services, and they believe 0.5% of their customers’ enterprise accounts are compromised every month.

The current crisis forced CSOs to allow remote access for all users. However, they lacked time to consider implications and prepare in advance. Implementing such a change requires a thorough review of security policies, procedures and even network architecture.

In this context, the first order of business of any CSO should be to ensure MFA (Multi-Factor-Authentication) is enforced for all accounts on all platforms and to disable legacy authentication altogether.

Although MFA prevents 99.9% of these attacks, and although it has been around for quite some time, many organizations have avoided deploying it, from my experience mainly because of misconceptions and unfamiliarity with existing solutions. Recent technologies allow organizations to eliminate the usage of passwords altogether thus improving user experience while increasing security. With the right solution tailored for the organization, and with good planning, the transition can be swift, painless and quick.

How to allow your users to work remotely while preventing data leakage?

Now that all users are working from home, even if occasionally, organization data is liable to leak more than ever. In most cases, it takes more than three months to discover leaks. I therefore believe we will soon see a boost in data breaches statistics.

Today, organizations can no longer avoid deploying DLP (Data Loss Prevention). While many organizations already have some sort of DLP solution deployed, very few had managed to achieve a complete secure environment with cross-platform protection of sensitive data, both in use, in motion and at rest.

Indeed, DLP deployments can be very challenging as they require CSOs with a thorough understanding of their environments, of the work procedures of all users, and most importantly, of all the organization’s data down to its finest details.

Today’s increasing usage of AI by leading DLP solutions reduces the need of in-depth familiarity with the data, thus allowing CSOs to focus on cross-enforcement, with special attention to remote endpoints operated by users working from home.

What actions should your company be taking to prevent cyber-attacks?

Case in point, the recent cyber-attack on Grubman Shire Meiselas & Sacks Law firm hit the news because of the notoriety of their clients, but similar attacks are constantly carried out successfully and under the radar. While we do not know how these specific hackers managed to gain access, in similar investigations, the source of the breach often is a specific user or a specific endpoint.

As seen over and over, users can be a liability when not properly trained or made aware of potential risks. Therefore, companies should launch security awareness training programs. Users’ knowledge and understanding of information security and the organization’s policies and procedures are a crucial line of defense.

Over 90% of attacks start with phishing.

Concurrently to training, the focus should be on remote endpoints. Organizations should first start by reviewing their endpoints’ policies and block whatever they can with existing tools.

Then one should start a thorough review of security policies, procedures and network architecture considering the new situation.

How to solve remote users’ performance issues while increasing security?

Many users are experiencing performance issues since having to work remotely. In some cases, performance is hindered by slowdowns. Researches have shown that slowdown alone has a dramatic effect on a users’ productivity. For others, it may mean not being able to work at all, like in the case of users that heavily depends on VoIP or video, or users that must co-work on large files remotely.

While RDS (Remote Desktop Services) is relatively cheap and a simple-to-deploy solution, its performance has limitations. Also, in many cases it cannot be used due to graphic requirements.

VDI (Virtual Desktop Infrastructure) has been around for quite some time, yet despite very clear advantages, it has not been widely adopted. The technology is in use by most organizations, but its usage is often very limited.

The current situation is an opportunity for ITOs to review requirements and reconsider a wider use of the technology. Not only it can solve users’ performance issues, even over low bandwidth connections, it also offers many benefits, such as centralized management and control over the environment, and snapshots.

Moreover, VDI has clear advantages in terms of information security, primarily because it keeps organization data local and practically separates the users’ private environment from the organization. So, all in all, many organizations may find VDI a twofer, an IT solution that solves many of their security issues, thus offering a low TCO compared to the alternatives.

About Nir Shauli

Nir Shauli is an IT and cybersecurity expert, with 25 years of experience in leadership positions in global organizations such as Nuance Communications and Samsung Electronics, as well as an external consultant in others.
He specializes in designing and implementing large IT systems architecture with focus on security infrastructure.