The pandemic crisis of 2020 will go down as one of the most significant upheavals to the workplace since the industrial revolution. What we don’t yet know is what the long-term impact will be. If a coronavirus vaccine is developed relatively quickly, office environments and their cyber-guardians may return fairly quickly to their pre-pandemic ways.
No one knows for sure. We are all in uncharted waters. But Smarter MSP is talking to a diverse group of experts and trying to parse what the changes in cybersecurity and network operations may come from the pandemic. The present will dictate the future, so experts are closely scrutinizing the here and now for hints of what tomorrow may hold.
To get some insight, Smarter MSP caught up with David Hazar, owner of HazarDsec, a cybersecurity consultancy based in Salt Lake City to see how the work-from-home movement has impacted his stable of clients.
Interview with David Hazar
Smarter MSP: What is the most significant single cybersecurity risk you have seen to organizations that have migrated many of their employees to WFH?
Hazar: It is hard to pick just one, but if I had to, it would be phishing or, more broadly, social engineering. Social engineering is already a popular attack technique due to the ability to bypass many security protections companies have in place by focusing on the weak link (humans). It can also be very targeted, so there is less chance of triggering detection mechanisms (obviously, it is not always targeted, and those will be easier to detect and block).
The abrupt shift to work from home and all of the transitions in technology to make them more publicly accessible or accessible via VPN makes it easier for attackers to trick users into doing things they would not have done before. Currently, there are too many changes occurring, and it makes it harder to recognize what is out of place or different.
Smarter MSP: Are there certain types of businesses that appear to be more at risk for breaches from having a large percentage of WFH employees, and, if so, what are they, and what kind of breaches?
Hazar: To build on the previous theme, any business where users are lower-tech and are not used to working from home will be most susceptible to social engineering. Lower-tech companies may also make poor decisions on how to provide remote access to their employees.
Smarter MSP: If you are an MSP that has a lot of clients with work-from-home employees, how would you go about mitigating risk?
Hazar: To answer this one, I first need to address some of the other significant risks. First, as more users are required to use a VPN, the traditional VPN profiles that may have only been provided to technical, on-call, or mobile employees may provide access to the company network and applications that is much too broad.
These profiles will need to be updated according to the principle of least privilege. Also, because of low utilization and especially if the VPN was previously reserved for more technically savvy personnel, network security, and detection capabilities may have been limited for VPN traffic. This would need to change.
Another big one would be vulnerability management for the systems being used by remote users, and the applications being exposed that were previously inaccessible outside the organization. Many customers I work with still rely on devices being on-premises for vulnerability scans, and sometimes patches and configuration changes. The configurations for these systems needs to be reviewed because users are no longer coming into the office.
Organizations may need to shift to agent-based vulnerability scanning for desktops and laptops. For applications not previously exposed, there needs to be some scanning and testing before making those public, or even accessible via a VPN.
Many organizations still have somewhat immature application security programs, or lack the licensing and resources needed to assess this quantity of applications, at least with any adequate frequency. Even if they do have the technology, support, and licensing to perform scans, rarely do I see significant effort to fix anything other than the most critical findings.
I think MSPs will need to communicate well with their clients on what changes are being made and what services are being exposed to update detection mechanisms and adequately assess the risk of each system, device and application being used remotely. They will also need to look at potentially recommending a shift to more agent-based security technology for the end user’s devices if perimeter-based technology has been the norm in the past.
Shifting these agents to communicate with the cloud vs. back to the home office may alleviate strain on saturated VPN concentrators. It may also provide better visibility when users are not connected back to the office.
Smarter MSP: Where do you see things going from here with WFH and cybersecurity?
Hazar: I think that there may need to be a paradigm shift where organizations re-evaluate their enterprise security architecture to prepare for a possibility that remote work may become more commonplace. This goes along with some of the observations and recommendations above but may have additional impacts. Security will also need to work closely with IT enterprise architecture teams as they will also be changing things rapidly in response to the shift.
From our discussion with Hazar, it’s clear that MSPs will need to be ready to react quickly, both to the shift that is currently occurring and any that will further shifts that will emerge in the near future.
Photo: M7kk / Shutterstock
