Unexpected COVID-19 Security Issues

If you’re like me, you’ve been deluged by well-meaning emails warning you of Coronavirus / COVID-19 phishing emails and scams.

  • Watch out for the Coronavirus map!
  • Don’t register with your personal information on unknown web sites!
  • Etc.

These are great reminders and not entirely untrue. However, I think there are bigger, more serious cybersecurity risks that are going unreported because they’re harder to understand and more difficult to mitigate.

// Remote access granted //

Nearly all of my clients are working overtime to transition their workforce over to remote teleworker. While this is an unexpected boon for VPN vendors, I’m concerned that the rush to get everyone online from home will inadvertently open up some security problems. Do you do monthly external vulnerability scans? If so, do them more often. There’s no telling what those firewall rule changes actually did unless you scan from outside your network like the hackers are no doubt doing.

Also, previously reserved for managers, those who travel, and the IT Crowd, VPN access for the masses could likely expose the corporate network to unpatched / infected family PCs as well as casual access to the corporate network from roommates or other unknown parties. This situation calls for additional or at least some network security monitoring (NSM). I’m a big fan of the easy-to-use and “free” Security Onion NSM solution (https://securityonion.net/). Of course, nothing is truly free, someone has to monitor these devices and make sense of the alerts they generate. I hope you weren’t planning to reduce your cybersecurity staff to save money…

Password successfully updated.

Related to opening the VPN floodgates is the issue of bad passwords. Organizations tolerate a lot of bad passwords (think service accounts, shared accounts, etc.) on the grounds that they’re an internal network issue. What happens when those embarrassingly bad passwords are suddenly able to be used from outside the corporate walls? I am expecting to hear a lot of stories about long-forgotten service accounts (with correspondingly bad passwords) getting exposed through VPN login screens and the subsequent security incidents this will cause. My suggestion is that you audit your passwords before you open up the VPN to all your eager telecommuters. For instructions on how to audit Windows passwords see this link:

https://www.dionach.com/blog/active-directory-password-auditing-part-1-dumping-the-hashes/

When you find bad passwords, change them.

Request timed out.

The final security issue I’ve been pondering is the cybersecurity staffing issue. Conservative estimates speak of about 1 million unfilled cybersecurity jobs around the world. Much higher numbers are easy to find:

https://www.cnbc.com/2019/03/06/cybersecurity-expert-shortage-may-cost-companies-hundreds-of-millions.html.

In any case, what I’m wondering is how much the disruption to our normal working patterns and environments will reduce the effectiveness of cybersecurity workers that we do have on the job. How many sick people on the security team does it take to degrade your ability to detect and respond to a network security incident? Do they have access to the same tools, systems, and mapped drives at home (or wherever they are) as they do at the office? And what about incident responders? These folks are normally close to 100% busy all the time. What happens when we reduce their ranks with self quarantines, shelter-in-place orders, and limited ability to travel? I’ll resist the “perfect storm” analogy (oops, I did it) because I’m sure you’re getting the picture.

What to do? It always comes back to fundamentals. Do your cybersecurity program. If you don’t have a program, you better get started. Don’t check-out on cybersecurity. Although you’ve got 100 other things on your “to do” list today (tonight and this weekend), cybersecurity is one item that you can’t afford to skip or cut. Do the scanning. Do the patching. Watch the network traffic. Investigate suspicious activity. Don’t sacrifice security to get the users online more quickly.

By Terry Bradley, Vice President at PLEX