Shifting your workforce to work from home and mounting vigilance around Coronavirus phishing have been two short-term trends IT and Cybersecurity leaders are acutely aware of in this turbulent time. Here are some of the larger and longer-term trends our Managed Detection & Response teams are seeing across our client base that should be on your radar.
- Beware of data sprawl. As employees who normally work from an office are provided laptops and sent home to quarantine, expect sensitive data to appear in new places, such as remote file-sharing services like DropBox.
- Anxiety tends to make people error prone. Expect there to be more mistakes in configuring system security. The same is true for users’ ability to tell the difference between safe and unsafe email messages.
- When users move out of the office, systems left there produce less logging. There is a “swamp draining” effect, in which malware infections become visible. Over the weekend, Agio found several cases in which automated malware beaconing was found because users were absent.
- Last week, Microsoft announced they issued an emergency patch for a vulnerability called “Eternal Darkness.” The vulnerability is in implementations of the TLS3 protocol and is considered “wormable.” Normally, this would be a high priority for network defenders, and yet we are hearing clients defer patching and other forms of vulnerability management. Try to keep up with patching, despite quarantines.
- Reduction in staff, at least in the short term, is likely. Keep an updated employee-equipment inventory map and understand whether or not you have the ability to remote-wipe devices. Review your off-boarding processes and procedures.
- That’s the downside, the upside is planning for the end of the pandemic. Nobody knows how long the first wave of COVID-19 infection will last, or if there will be multiple waves. China looks as though it’s beginning to recover. Think about how your business will change when life starts to return to normal. Once the current situation is stable, start planning for rapid growth. With that, leverage the lessons of quarantine to improve security and reliability. The CDC is recommending an 8-week moratorium on public gatherings, i.e. this is an 8 – 10 week planning horizon.
When it comes to improving the security and reliability of your infrastructure – both immediately and for a future that will look different than we’ve ever seen, we are here to help. Whether it’s a conversation or a larger partnership, we are standing by so please don’t hesitate to contact us. We’re in this together.