Secureworks issues an annual Incident Response Report that is very helpful in obtaining information on what types of incidents are occurring in order to become more resistant to threats. The 2020 IR Report was recently issued, and it contained some conclusions that made sense, while others were surprising.
The Report, entitled Pandemic-Driven Change: The Effect of COVID-19 on Incident Response, recognized that the pandemic has changed the way business is done “with organizations shifting to home-office work styles literally overnight.” Although there was a general assumption that with the transition from work in the office to work from home security incidents would increase, the Secureworks team found that the threat level was unchanged. What changed was the increase in new vulnerabilities that threat attackers took advantage of during the pandemic. According to the Report, “Infrastructure transformed practically overnight for many organizations. A sudden switch to remote work, increased use of cloud services, and increased reliance on personal devices created a significantly expanded attack surface for many enterprises. Facing an urgent need for business continuity, most companies did not have time to put all the necessary protocols, processes, and controls in place.”
In shifting rapidly from the office to workers’ homes, IT professionals were unable to strategize and implement necessary security controls because organizations did not plan for a totally remote workforce. The Report found that companies experienced increased risk in the following areas:
-
Lack of Multi-Factor Authentication
-
Access to SaaS Applications
-
VPN Split Tunneling
-
Security Monitoring and Access Control Implications
-
Delays in Security Patching
Additional increased risks outlined in the Report included allowing remote workers to use their personal devices without implementing a Bring Your Own Device (BYOD) program, and heightened risk due to staffing changes.
These risk factors are not new, they have just become more pronounced during the pandemic. Threat actors used old tactics in a new environment to attack victims. According to the Report, “[A]dversaries simply pivoted their tactics to launch COVID19-themed campaigns, exploit the security gaps in remote work environments, and target organizations involved with pandemic research.” In addition, as we have reported before, attackers are using COVID-19 “as a phishing bait” as they understand that workers are looking for more information about COVID to protect themselves and their families and thus are not as vigilant because they are distracted and scared.
The Secureworks Report confirms that there are new vulnerabilities and old tricks to address during the pandemic with a fully-remote workforce.