The emergency provisions related to COVID-19 have been active for some time and more and more companies are allowing their employees to work from home. We asked Our Chief Technology Officer Vladimír Sedláček, a seasoned administrator of ICT, corporate systems, cybersecurity, and experienced developer, about his opinion on current affairs.
The Coronavirus pandemic impact is discussed everywhere, but few people seem to realize that despite all the physical risks, digital issues still present a significant problem. How do you see the current situation, and what do you consider to be the biggest risk in terms of virtual infections, and their possible outcome for companies?
It would be naive to assume that the global crisis would lead to a drop in cyberattacks or will result in a ceasefire. On the contrary. In nature, each weakened individual becomes prey. Regardless of any previous “ceasefire declarations”, we see an increase in the number of attacks and targeted at the SARS-NCov-2 situation. Obviously, we can expect contacts from faux health inspectors and money collectors. Even my inbox has received several phishing emails offering nano-silver infused masks. In addition to attacking the weakest part of cybersecurity – the user – we also see an increase in scanning; looking for vulnerable computers and security holes in firewalls or hastily constructed VPNs and remote desktop gateways. In the end, all of this contributes to latent disclosure of company secrets, production, and patent documentation, or personal data. Infiltration by extortion malware also becomes a threat and can mean a total production halt, as seen both last year and recently in some hospitals in the Czech Republic.
What do you see as the most common errors from employers and top management regarding data exposure; and how does the risk increase with massive deployments of quarantine provisions where most employees work from home?
Right now, the risk is increased by companies laying off contractors, often those working on infrastructure, promoting rotating furloughs, and allowing their administrators to work from home. This can cause a delay in necessary security patching and increased response time. Also, ad hoc suspension of certain user accounts can leave the access ripe for unauthorized access restores later. Last, but not least, some companies have allowed their employees to work from home using their home computers. VPN has thus become a gateway for free access directly into company networks, and to internal company systems, all thanks to home devices with uncertain security postures, possibly outdated operating systems, obsolete software, or a load of games full of spyware. These systems are being used by home-bound users surfing the web with local superuser rights. It is very similar to allowing the usage of personal devices (BYOD) and letting them directly connect into internal, as opposed to guest networks. A lot of companies do not, however, tackle the situation accordingly, and have not familiarized their employees with relevant security policies. Without in-depth employee training and without respecting the basic rules of cyber hygiene, internal data can leave the control of responsible people working with it. What has not received much attention so far is the risk of company device theft in conjunction with wiping such devices clean. Partly due to the fact that the employees “stay home” and are convinced that they have good visibility over their physical environment. However, thefts will happen, and the security angle will need to be tackled. I cannot understand why so few administrators allow internal networks to stay open, and who pay attention to their internal network traffic with only commonly used tools for network monitoring. Same tools that are deployed normally are themselves a potential attack target.