The Long-term Impact of COVID-19: How Security Leaders Can Adapt

In a matter of weeks, the COVID-19 pandemic has established a “new normal” in society. But it has also rapidly shifted the business of cybersecurity.

The massive uptick in the remote workforce has accelerated the dissolution of the idea that the network and security perimeter is confined to the four walls of the building. Instead, driven by digital transformation and work-from-home initiatives, the attack surface has expanded. Unfortunately, many cybersecurity professionals are under-prepared to address the risk associated with this shift to a zero-perimeter environment.

With experts warning that the long-term effects and impact of COVID-19 could last years, security and leaders need to begin taking steps to manage cyber risk in the new normal.

The network effect

In an interesting article published in Dark Reading titled 4 Cybersecurity Lessons from the Pandemic, Dr. Mike Lloyd, an epidemiologist-turned-CTO, likens the spread of a computer virus with that of the coronavirus. In fact, the rise in public consciousness as to how viruses can spread and be contained has obvious analogies with cybersecurity.

Viruses and other infectious diseases spread when humans connect with each other. As COVID-19 has proven, our interconnected lives have been a powerful vehicle for transmission. The same can be observed of threat actors. After identifying a single point of access, like an unpatched system, they can move laterally across interconnected networks to find their intended target and fulfill their nefarious intentions. The goal of security teams is to detect and prevent this movement, just as staying at home and social distancing helps block further coronavirus transmission.

But blocking threat actors is just one aspect of cybersecurity. To successfully prevent those attacks from happening in the first place, security teams must understand how their networks are connected and where risk is concentrated, just like governments and health officials need to be able to monitor disease hotspots and high-risk areas. With this insight, cybersecurity managers can better understand where to focus their resources, enforce policies, and mitigate risk.

But that’s far from easy, due to the fact that, as digital footprints have expanded, so has the attack surface. This puts pressure on security leaders who don’t have a handle on the risk hidden across digital assets in the cloud, geographies, subsidiaries, and a remote workforce. After all, they can’t secure what they can’t see.

Instead of guessing where risk lies, security teams need hard data to inform their actions. They need tools that give visibility into the digital assets across their ecosystems — including cloud instances and their remote office networks — and the corresponding risk associated with them. With these insights, they can visualize areas of disproportionate risk, prioritize remediation actions, and use their limited tools and resources most effectively.

Know where risk lies

Another parallel between real-world viruses and cyber threats is the need to determine where the virus or an infection can take a foothold. The coronavirus is known to survive undetected on surfaces such as door knobs, grocery store carts, elevator buttons, and packaging for hours or even days. With so many transmission points, care is needed to mitigate risk.

In the digital world, threat actors also have many opportunities to gain a foothold — even more so now, as there’s been a huge surge in the remote workforce. During the pandemic, the average organization’s digital attack surface has vastly expanded as corporate endpoints share networks with a huge number of vulnerable consumer and IoT devices. As we found, these Work From Home-Remote Office (WFH-RO) networks pose unique cybersecurity risks compared to in-office corporate networks.

Bitsight research shows that WFH-RO networks are 3.5 times more likely to have at least one family of malware and 7.5 times more likely to have at least five distinct families of malware. These networks present unique potential exposures and vulnerabilities. In fact, more than 25% of home devices have one or more services exposed on the Internet and almost one in seven WFH-RO IP addresses have exposed cable modem control interfaces.

Mapping the network to discover each of these endpoints is an important first step to reducing cyber risk. But to truly alleviate that risk, organizations must identify vulnerabilities and infections on the IP addresses known to be associated with remote operating environments so that they can understand the scope of what they are dealing with and take steps to remediate risk to the wider corporate network.

Basic hygiene is critical

Over recent weeks, the COVID-19 pandemic has served as a reminder that we all must get back to the basics. Be mindful of your environment. Wash your hands. Don’t touch your face. These things that we learned in elementary school are now back in vogue in full force.

And now’s a good time for cybersecurity managers to go back to basics, too. Good security hygiene is at the heart of every strong cybersecurity posture. Some of the most basic measures organizations can take to reduce risk have the biggest impacts; including installing patches as they are released, verifying software configurations, securing open ports, and implementing cybersecurity education programs.

Adapt to the new normal, it’s not going anywhere soon

With little warning, COVID-19 has made cybersecurity a lot more complicated, but that complexity is, unfortunately, here to stay. Remote work will likely become commonplace. Hackers will continue to look for new ways to exploit fear and vulnerabilities. This is now the world cybersecurity professionals will live in for the foreseeable future.

Achieving visibility into cyber risk both on company devices and digital assets wherever they may be located — in the home, in the cloud, or across the wider business organization — and mitigating that risk has always been complex. As a result, many teams with limited resources may have focused on actions (typically those under their control) that are easy wins and have a more immediate impact on their security postures.

But now, as the attack surface increases beyond the perimeter, all security and risk leaders will need to rethink many of the policies, processes, and plans they have in place — and find ways to scale their security performance management programs beyond the four walls of the building.