Cyber threats have continued to evolve in the era of Covid-19, and DevSecOps teams are having to play catch up
As we reported previously, cloud adoption rates have skyrocketed in recent months. Companies have raced to adopt cloud infrastructure following the Covid-19 pandemic, and cloud sales have now surpassed non-cloud infrastructure spend for the first time.
But this acceleration in cloud adoption – and digital transformation more generally – may have come at a price. In a bid to maintain competitiveness and operability in light of Covid-19, companies may have pushed for cloud adoption without fully comprehending what the migration means – and their network security could now be at risk.
Under-resourced DevSecOps teams are struggling to plug the security holes brought by accelerated digital transformation. Compounding the issue is the fact that this rapid deployment has meant relegating security to the back seat, thereby overlooking the full impact a distributed workforce would have on security.
In today’s piece, we’re going to look at just some of the ways in which corporate security has been compromised in the era of coronavirus and accelerated digital transformation.
Rapid Deployment Is a Fool’s Game
Sometimes speed can be the difference between success and failure, but when it comes to transformations like cloud adoption, it pays to take your time and do it right.
One of the problems with rapid cloud adoption following Covid-19 was that many companies felt pressured to embrace cloud infrastructure without fully understanding what it would mean for their business – or how to best implement it.
Now, these companies are running into problems. They have expanded the attack surface without implementing robust solutions to maintain security standards.
The lesson is that rapid deployment of such transformative measures is a bit of a fool’s game. Instead, take your time with future deployments and migrations to ensure that you maintain organisational security.
Shadow IT Is Back with a Vengeance
It seems almost cliché to say it now, but the main vulnerability in cybersecurity is and always has been the user. Malicious agents target users to gain access to the network and/or sensitive information, but in recent years cybersecurity leaders have made great gains in ringfencing users to protect them.
For a while, cybersecurity leaders were beginning to overcome one of the main issues posed by users: Shadow IT. This entailed installing and using unapproved software and hardware to get their job done – without consulting the IT department. The result was an increased risk of data loss, compliance issues, wasted investments, and the unnecessary expansion of the attack surface.
Shadow IT hasn’t been as much of a problem in recent years, but with distributed workforces many of the gains have now been lost. Employees are using their personal devices and home broadband to connect to the organisation, and are utilising whatever hardware and software they need to do their work.
IT leaders need to renew their fight against Shadow IT to resecure the organisation. They must update processes to address the new normal of remote working.
Shadow IT is leaving the organisation open to compliance issues, wasted investments, data loss, and the unnecessary expansion of the attack surface.
Is the Home Network Really That Secure?
With the majority of white-collar workers now working from home, it begs the question: is the home network really that secure?
The DevSecOps team has little control over what devices are connected to their users’ home networks. There could be a plethora of Internet of Things (IoT) devices hooked up to the network, and each expands the attack surface of your organisation.
Some remote workers are also getting fed up with working at home, so are now looking for opportunities to work in coffee shops for at least part of the day simply for a change of scenery. Of course, when they do, they are connecting to unsecured, free Wi-Fi.
While the security team has little control over what devices a person uses to connect to their home network, there is more that DevSecOps teams can do to limit the exposure.
Companies should recommend that employees use hotspots from their phone instead of free Wi-Fi as this is generally more secure. With regards to IoT devices which could be hacked and used to listen into sensitive information, policies should be put in place to reduce the spread of confidential info within the organisation. These policies could also address the network security of high-profile execs in the company, with security teams coming to the home to sweep for vulnerabilities.
Social Engineering in the Time of Covid-19
As with any crisis, there will always be those malicious agents willing to exploit it for personal gain. Covid-19 is no different.
Since the start of the pandemic, there have been countless incidences of social engineering attacks. Criminals are impersonating government agencies, using illegally obtained personal information to bombard people with fake text messages. These texts include harmful links that allow criminals to install malware on a device and take it over.
The damage malware and social engineering attacks can do is terrible at the best of times, but in some instances it can prove lethal. In September 2020, University Hospital Düsseldorf in Germany experienced a ransomware attack that crippled its systems for more than a week, meaning it was unable to take emergency patients. A woman later died when the ransomware infection prevented her hospital from giving her emergency treatment, forcing medics to transport her to a hospital in another city 20 miles away. She died en route.
To secure the organisation, DevSecOps teams must re-educate the workforce on security best practices. Likewise, they must embrace technological solutions to social engineering threats that passively monitor incoming messages and conversations, as well as who they’re coming from, to eliminate potential social engineering threats before they take hold.
However, no security operation will ever be 100% secure. DevSecOps teams must therefore also monitor where users are logging in from in order to identify possible compromised accounts. They must also renew efforts to monitor irregular behaviour in their users.
The Fight Continues…
The initial panic around Covid-19 has subsided and many organisations that are able to work remotely have very much found their rhythm. But for cybersecurity specialists, the fight is only just beginning.
Criminals are finding new ways to exploit holes in organisational security, especially now that the attack surface has vastly expanded due to remote working. DevSecOps teams need to stay agile to combat this new tide of criminal activity – and help their organisation weather the pandemic’s storm.
Head to our Security section now to continue learning about evolving threats and the sector in general.