Threat Hunting with a Focus on Securing Devices
There’s no disputing that the global pandemic has changed the way we work. Even those people employed by a business are working alone, using new tools, and relying on the digital frontier for success. The work-from-home trend has become a workforce reality.
At the same time, people are experiencing more anxiety, more uncertainty and seeking more relief – making them more vulnerable. As a result, cyber criminals have more opportunities than ever to attack.
The Threats Facing the Workforce
The surge in remote working increased the use of services prone to vulnerabilities, such as virtual private networks (VPNs) and video conferencing software. Early in the pandemic, as video conferencing provider Zoom experienced spikes in usage, so too did the company experience a surge in privacy complaints.
Zoom-bombing, the practise of barging in on a private meeting and making uninvited comments or shares, became an all-too-common practise. However, the issue wasn’t technical. It was a matter of user knowledge. Anyone using the app without activating the security features was left exposed.
VPN usage, on the other hand, can be fraught for more technical reasons. VPN apps aren’t always provided by an employer. Some SMBs don’t have the capacity or knowledge to research and recommend a VPN tool. So, employees end up locating their own tools in an effort to create a secure work-from-home office setup. The problem is the variety of the VPN apps on the market. VPN apps deemed insecure are frequently spotted and removed from app marketplaces. When a user chooses a VPN, they trust that their work activity is shielded from snoopy ISPs or websites. Users assume their data is safe.
However, VPNs can also be used for data harvesting and malware injection. While employees are attempting to re-create a corporate network at home, they are actually doing more harm than good.
Cyber Threats Increasing Across Canada
Statistics Canada reported that 42% of individual respondents said they suffered at least one online security incident — such as phishing, malware, and cyber fraud— since the pandemic began in March. The threat posed to individuals and businesses is significant.
These incidents may not have been related to a business, but the issue is the same: cyber criminals understand that the more people work from home, the greater the opportunity to infiltrate their devices and gain access to valuable corporate data.
Checkpoint #1: Devices
Activity on every single device that accesses your corporate network, regardless of the size of your business, must be verified to ensure breaches don’t occur. (Admittedly, that sounds like a lot of work. There are ways to make this happen, without breaking the bank or killing your productivity.)
When work-from-home became a reality back in March, many SMBs quickly embraced remote working to stay afloat. That left some businesses without remote working security policies; they simply dove into the new reality.
From corporate laptops to smartphones and watches to software/SaaS applications, endpoints provided cyber attackers with their line into your business network. Sometimes, these devices aren’t protected by up-to-date security measures (like Anti-virus or firewalls), allowing breaches to occur more easily. Even still, attackers can get in. Unknown activity, like new threats, sometimes slip by the more common approaches to cyber security. In order to ensure your network environment is truly safe – you must take action to stop attackers in their tracks.
Checkpoint #2: Employee Activity
Once you’ve secured your SMBs’ devices (endpoints in security speak), employee activity must be assessed. The pandemic has left employees vulnerable, looking for connection and change.
Some attacks prey on this vulnerability. Phishing attacks, for example, are based on manipulative tactics to persuade employees to hand over sensitive information. These can take shape as personalized messages on social media, phone calls or emails that build rapport…then ask for access to sensitive information. Employees may not know what to do, given that the times are so unprecedented. (The best practise is: Do not open any emails from untrusted sources. Do not give offers from strangers the benefit of the doubt. Don’t trust anything with obvious errors.)
Ransomware, while less manipulative, can also be prevented by human engagement. Messages are often riddled with typos or strange attachments. With awareness, employees can detect these issues and report the messages as SPAM without opening them.
Creating a culture of security within your SMB is key to WFH success. Since people are the deciding factor to what gets in, the best deterrent is education.
Checkpoint # 3: Endpoint Detection and Response
Given that humans are just that – human – errors sometimes happen. Relying exclusively on solid VPNs, firewalls, anti-virus tools and human education may not be enough to keep your network safe in these novel times.
Endpoint detection and response (EDR) tools dot the i’s and cross the t’s of cyber security.
A good EDR tool detects when an undesirable ‘visitor’ (virus, application) passes your network gates. It provides notifications about the incident and offers the reassurance that your network environment is being looked after.
Some SMEs, however, find the burden of sourcing and managing EDR daunting. Imagining the work and the trade-off with revenue generation, EDR becomes a low priority. Plus, the plausibility of their business being attacked just seems too low. The business owner with a 5 person staff, a website, CRM and online payroll system may not see this level of cybersecurity as essential. The risk, however, is that when an attack occurs…they know it could have been prevented.
An EDR tool can provide the reassurance a small business owner needs to ensure their network is locked down and aware of its surroundings.
Sourcing a Managed Endpoint Detection Tool
Perhaps the best solution for many SMEs is a Managed Detection and Response (MDR) tool. Offering a blend of state-of-the-art detection software with human intervention, an MDR tool provides endpoint protection without the massive overhead.
CYDEF’s SMART-Monitor service combines our proprietary technology with a team of cyber security analysts, who monitor and manage your endpoints. For SMBs on a shoestring budget, this solution can provide the peace of mind at a cost you can afford.