In the past year, remote work has become critical for most companies. With that in mind, the need for enhanced reliability and security across company platforms has become crucial, as in many cases, there’s no on-site IT personnel at remote locations to sort things out if something goes wrong. Companies’ data and workflow have become more precious commodities, and failure can bring grave consequences.
The recent Parler hack shows how drastically something can go wrong without sufficient security in place. During the January 2021 event, [You need to cite who broke it down this way] outside parties were able to exploit what were considered poor website coding and security flaws that allowed unauthorized users to create administrator-level accounts, then “scrape” roughly 80 terabytes of public posts, including data that had been “soft deleted” (data which had been hidden from public view but not erased), and publish its users’ data to outside interests. From there, its users’ most personal data was shown to the world, and where these people had felt their personal information had been protected, nothing could have been further from the truth.
This is the world companies must contend with, especially in a remote work era, but it doesn’t mean things are entirely out of a firm’s grasp to secure its data and do well. “The loss of the protections (and weaknesses) of corporate network as all employees started working from home is a huge shift in security posture for SMBs,” said Bruce Potter, Chief Information Security Officer for Expel, a security firm, and one of the co-founders of ShmooCon, an annual hacking event that takes place in Washington, D.C. “For those organizations that aren’t cloud-native, or at least substantially in the cloud, this initially put a huge strain on VPN infrastructure as everyone had to ‘come back into the office’ with all their traffic in order to get more work done.”
Potter pointed out that as many organizations have become cloud-based or decentralized, this has allowed for an effective remote workforce, albeit at the expense of some of their security protocols. “This decentralization makes for a more agile workforce, but it also means you lose security controls that were provided by your corporate network and VPN connection,” he said. “Ultimately, this caused organizations to put better controls (often in the form of a modern Extended Detection and Response) on their laptops to keep parity with what their security posture looked like pre-pandemic.”
Potter also noted that outside parties have begun targeting users directly via focused phishing campaigns or “watercooler attacks,” wherein bad actors will study organizations a company might work with and manufacture attacks that appear to have come from the trusted organization, luring the company into a false sense of trust and proceeding from there.
Where in the past, outside parties might have tried to guess a user’s password, the new trend is to steal a user’s authentication token information to facilitate access to sensitive systems. (needs some explanation of authetication tokens) This allows attackers to bypass multi-factor authentication, then use the token password [is a token password the same thing as token information? can we just say they are using the token or do they have to be using a token password?] that’s needed for day-to-day work to gain access to the data they’re after.
Even so, the situation isn’t hopeless. Potter advised the use of hardware tokens for authentication, as well as overall security awareness at this time. “Modern attack kits are getting quite sophisticated and multi-factor authentication is no longer enough,” said Potter. “Also, focus efforts on phishing prevention and phishing detection. Given the focus on users rather than infrastructure, protecting your users from phishing attacks is very important during the pandemic.”