Organizations of all sizes are being impacted on a day by day basis by the policies required to fight COVID-19. Security is a human challenge, one that requires an understanding of the drivers that people face. This is the third post in a series that looks at the people impacted by the current crisis, their priorities and the effect on their lives, all of which can impact the security of the organizations they work for.
As I discussed in my post about the impact on employees, the disruption to the workforce has been significant in these times. Workers are having to get used to a new normal. All the distractions and unusual patterns are very likely to affect their ability to spot security problems and react accordingly.
There is one group of people who are doubly hit by the current status—technical support and IT operations staff. These groups are having to adjust to new working environments while also supporting their colleagues with a host of new problems. Support requests and service delivery requests which used to be the anomaly, are now standard.
The disruption of the past few months has introduced a significant increase in configuration changes within environments. Processes for ensuring patching, updates, and changes to configuration may be impacted and leave more systems in a vulnerable state.
For the most part, these teams have moved past the initial hump of learning new techniques and coping with changes in process to manage this. Friends and associates have reported very favorably around equipment provisioning and digital remote working support.
However, there are also worrying reports of security being de-prioritized, security staff being laid off and budgets reduced. At this time, more than ever, security cannot be seen as lower priority. The patterns from before, often driven by a user’s presence on the office network, have changed. But, as discussed in the previous post, it’s still business as usual for the attackers.
Whilst teams may be seeing less noise in their systems for certain attack types, because there are fewer machines on the corporate office network, this does not mean that there are fewer attacks. As always in cybersecurity, complacency will lead to ruin.
More than ever, technology teams need to keep their eye on the ball with respect to infiltration.
If we consider the new threat vectors available to attackers, we can identify risks that were less likely before that are now being leveraged by attackers. For example, post-compromise activity where attackers are moving laterally up a VPN into the corporate or cloud networks.
Before I joined Alert Logic, I was a customer—working in delivery and IT operations. The challenges we faced that drove me to become a customer have not gone away. The lack of focus on security detection, the high cost of in-sourcing expertise, and the challenges of a complex threat landscape are only being exacerbated in the current situation. Having a helping hand, a trusted advisor, in this time is more important than ever.