As some states decide to restart their economies, IT managers must begin to prepare for the changes.
Some changes will be centered on returning to the comfortable and familiar challenges of securing the workplace. But perhaps IT managers can also take advantage of the quarantine disruptions to make advantageous changes to the organization.
A Return to Work – Maybe?
Many of us have gone a little stir-crazy sitting at home, and we are eager to get out of the house to return to the office.
However, we are also a little nervous about how to return to an office that was not designed for social distancing.
Some employees can’t come back. People who have tested positive for COVID-19 may be too sick to return to work, or the employer may need to first address how uninfected employees and recovered employees will mix in the workplace.
Some employees don’t want to come back. In fact, 44% of all respondents to a recent survey expect to work from home more frequently, or even permanently. For Generation-Z employees — 18-23 years old — that percentage rises to 50%.
These are not just challenges for human resources to discuss with the CEO, though. These are issues the IT team needs to address as well.
How many people will remain remote? Will networks need to be reconfigured as workstations are moved to accommodate social distancing? Will there be teams of people working alternative days from home to keep the office half-full?
These transitions also provide opportunities for the IT team and company management to evaluate potential changes for the organization.
- If the company will be moving to more remote work, do they need the office long-term?
- Are there neglected IT projects (network reconfigurations, microsegmentation, etc.) that should be implemented while the office is not yet filled to capacity?
- If 50% of employees will work remotely, does the organization truly need its own network?
- Should the company adopt Zero Trust so devices can be secure in and outside of the network?
- Should IT shift from capital expenditures (CapEx) of hardware and purchased software to an operational expenditure (OpEx) of SaaS products?
Some of these changes require minor technical modifications. Others require fundamental changes, and will require buy-in from the C-suites.
Transition Away from Legacy Challenges
Often, momentum from the status quo has prevented organizations from making changes.
The COVID-19 pandemic and quarantine has shattered the status quo, but it’s also provided an opportunity to clean out legacy issues.
One critical legacy becomes more pronounced with each passing month – Windows 7.
Windows 7 shares many of these vulnerabilities, but unless you are paying for extended support, no patches for these vulnerabilities are available for Windows 7 machines.
If your IT environment maintains those unpatched Windows 7 machines, your team must find a way to mitigate 56 elevation-of-privilege (EoP) bugs rated “important,” and several remote code execution flaws.
For many IT managers, the man-power cost to secure these legacy devices may create challenges that exceed the cash cost to replace them.
While Windows vulnerabilities are certain to be exploited by a broad range of attackers, the ThunderSpy attack on Thunderbolt-equipped devices will be attacked by specialists. Unlike the Windows attacks, the Thunderbolt exploit requires physical access to the machine which may initially sound unlikely.
However, since there is no trace of the attack left in the system logs, some attackers may consider the attack worth the effort.
A security researcher demonstrated the proof-of-concept by using $400 of equipment: a screwdriver, a Serial Peripheral Interface programmer, and a Thunderbolt peripheral.
This 5 minute video shows how an attacker might infiltrate our janitorial staff or sneak into our hotel rooms to rewrite the firmware of the Thunderbolt chip to bypass security.
Fortunately, this flaw is only found in Thunderbolt devices manufactured before 2019. Like Windows 7 vulnerabilities, a migration from our legacy devices to new machines can eliminate hours of future IT headaches.
New Malware Attacks
If only all problems could be solved by buying new computers…
Unfortunately, this is neither a realistic or practical solution, as many computers, old and new, remain vulnerable to new techniques and poor user habits.
Even as our users return to the relative safety of the enterprise network, we must be aware of their potentially dangerous habits at home. Nearly 20% of employees responding to a recent survey admitted to reusing passwords across multiple work systems.
And, 24% of the employees admit to clicking on links from unknown senders before determining their legitimacy.
As if there weren’t enough attacks already, the U.S. Cyber Command has uploaded five new types of North Korean malware variants to Virus Total, and issued information of a new attack campaign.
Using a combination of phishing emails, trojan loaders, and remote exploitation software, the Hidden Cobra group will seek to control machines, exfiltrate data, and maintain a foothold in a network.
With so many attacks on our employees while they are in their weak home-networks, it seems likely many will return to the office with machines containing malware.
Our corporate firewalls might have blocked that malware communication in the past, but now machines with advanced persistent threats may be returning into our corporate environment ready to exploit the access.
Bringing It All Together
As employees return to the office, we need to vigilantly examine endpoints, networks, and firewall traffic for malicious attacks.
However, our IT teams still need to stay on top of regular help-desk requests, recover from the overtime spent supporting a 100% remote work force, and push through those transformative initiatives from the first half of this column.
When your IT team needs an extra hand planning a transformation or monitoring the enterprise environment for attack, Ideal Integrations and Blue Bastion will be ready to provide you with support.
Contact us today to leverage our wealth of experience and our expertise.