The current pandemic has forced organizations to make a rapid shift from people working in offices to working from home. Making this transition in such a short period of time — not to mention the ongoing efforts to maintain business continuity by keeping everyone online and connected — has distracted many IT teams.
And the cybercriminal community is well aware of this. They now have a two-edged spear to attack companies; one pointed at the expanding number of remote workers and the other pointed at empty offices and operational technology (OT) environments.
The risks of remote workers and their unsecured home networks
Millions of new remote workers represent a dream come true for cybercriminals, especially given that a large number of these workers are teleworker novices. The speed at which companies had to make the transition to remote work means that they did not have the time or resources to outfit employees with laptops.
So many employees are working from home using their personal laptops or desktops, devices that are also used for all of their other activities, such as banking, shopping, e-learning for their now at-home children, online gaming and streaming entertainment.
Worse, these computers are connected to the same home network as all of their other devices, including a growing number of IoT devices, such as smart TVs, doorbells, home security systems, gaming systems, streaming, printers, home routers, IP cameras, watches, tablets, and phones. Smart home technology adds to the potential attack surface with smart climate controls, lighting and power outlets.
Because they are all connected together through the home network, the security issues with of any of these devices puts all of the other devices at risk, including those devices used to connect back to the corporate office.
The risks of empty offices and a distracted IT department
The same IoT challenges still exist at the office, even when the people who are supposed to be monitoring those devices are focused on other priorities. Smart building systems have not been disabled simply because there is no one on the office, and all of these smart building components are now open to exploitation, including environmental controls, security cameras and safety systems.
In addition, this is the perfect climate for SCADA systems and sensors in OT environments to be targeted. With skeleton crews now in place, the chance that a compromised IIoT device can go undetected is much higher, with potentially for devastating results.
Developing a two-pronged action plan in both the home and corporate office
For remote workers at home, the first and most important step is to ensure they are connecting back to the office using a VPN solution. Next, they must make sure that their endpoint device is loaded with security software, such as an endpoint detection and recovery (EDR) solution.
Home workers are no longer just a short walk away from their helpdesk, so it is essential that the device they are using for work remains up and running; even when it has been targeted by malware originating from poor online hygiene or a compromised IoT device on their home network.
Having to reimage a device remotely can put a home worker out of commission for days. They require a solution that can automatically stop attacks and remediate files without helpdesk intervention, and EDR fits the bill.
EDR security provides both pre-infection and post-infection defenses to keep endpoints and the network clear of malicious malware. It does this by providing things such as advanced antivirus functionality on the front end, combined with the ability to detect and stop advanced attacks in real-time. Even after the endpoint has been compromised, EDR security can detect, defuse and remediate live incidents before they can execute, enabling remote workers to stay on task.
In addition, remote workers should be provided with security awareness training on how to protect themselves and their home networks. Teaching workers how to detect and avoid things such as phishing attacks or malicious websites can help them set up appropriate privacy settings on their home devices.
They should also be encouraged to set up a home security system and instructed on how to best leverage the security built into their home access points, as well as to take advantage of security solutions being offered by their cable or internet service providers.
Of course, tackling the challenges of corporate IoT security is much more challenging. Fortunately, all of the existing security protocols in place still apply. However, companies may want to consider the addition of a network access control (NAC) to identify and control all devices on the network.
In addition to enabling automated onboarding for large numbers of endpoints, users and guests, NAC can automatically discover and identify every device on the network, then apply granular controls to limit where those devices can go and narrowly restrict access to only preassigned assets. It then provides continuous monitoring combined with automated response to identify abnormal behavior and speed reaction times.
The next step is to apply network segmentation to ensure that all IoT devices, as well as users, data, applications and workflows, are automatically assigned to a specific, security-based segment of the network. This not only ensures that edge-based policies are extended deep into the network, but also that workflows initiated inside the perimeter are isolated and protected from origination to destination.
Automation, including machine learning and AI,SIEM can help identify and respond to new threats while companies’ IT teams are focused on other issues. These systems can correlate massive amounts of data to identify even the most evasive threats, and then take direct, immediate action to shut them down.
Finally, precious time and resources can be spared, especially when human resources are necessarily focused on other priorities, if the management tools needed for normal operation can be consolidated into a single pane of glass to simplify and automate the management of multiple security devices.
Building a comprehensive IoT security plan will help now and tomorrow
Now that most of the heavy-lifting of moving a workforce to a teleworker model is over, it is a good time to assess how to address the challenges of securing both home and corporate networks that include large numbers of IoT devices that may not be receiving the monitoring and oversight they require.
The fact is, now that the cat is out of the bag, many organizations are likely to continue to allow many workers to connect remotely. This will likely open the floodgates for onboarding more IoT and other devices; and that means the stresses on IT security teams is not likely to subside anytime soon.
Adding things such as automation, consolidated and unified management, network access controls and network segmentation will not only pay off now, but long into the future.