A recurring theme in America’s response to the COVID pandemic is to work from home. While this is seen to help flatten the curve of COVID, it has created a new challenge to the cyber community. More now than ever, workers are relying on secure connections to continue working at full capacity. Both industry and Federal guidelines and tools have quickly adapted to help create safe cyber environments, but is it enough?
Are We Over the Hurdle?
Now in the sixth month of teleworking, are we over the metaphorical hurdle of having everyone set up securely from their home? According to McAfee’s Cloud Adoption and Risk Report, Work from Home Edition, between January and April of this year, overall use of cloud services spiked by 50 percent, collaboration services increased by 600 percent and with that, external threats increased 630 percent.
The quick switch to a virtual workroom left many to use unmanaged devices for work. This leaves those devices more vulnerable to attacks, and if attacked, unlikely to recover information from those devices. McAfee’s Cloud Adoption report identified the two most common types of attacks on these devices. The Suspicious Superhuman, an attack that starts with stolen credentials, and Anomalous Location, which shows login attempts from locations, previously not attempted. Anomalous Location would have seemed a larger threat, as teleworking allowed for greater travel, however, most of these attacks were coming from locations outside the United States very shortly after a login within the United States.
Tools to Help Overcome
A key government program to help mitigate these problems, Trusted Internet Connections (TIC), saw a way to address some of these problems. “CISA [Cybersecurity and Infrastructure Security Agency] has done a great job of reacting to the mandatory work-from-home policies by updating the TIC 3.0 guidance with an interim update,” McAfee’s Ned Miller shared, “Specifically addressing several of the challenges we previously discussed regarding the new telework model.”
How can industry help agencies quickly adapt to these new guidelines? Miller shared there are seven must haves that every organization needs. Enforce, prevent, block/sync, detect, encrypt, gain, and audit. Monitoring the multiple points of interaction between systems and devices, especially with the continuous growth of reliance on cloud based products is imperative to protect agencies’ and departments’ sensitive information.
Another government tool to help mitigate cloud attacks is the MITRE ATT&CK Cloud Matrix. Miller shared how important this matrix is to the field as this matrix gives agencies a way “… to map anomalies, threats, data loss prevention (DLP) incidents, configuration audit, and container vulnerability results to the tactics and techniques to the Cloud Matrix allows security analysts to first have a common vocabulary to explain and understand the threat and second a way to quickly visualize potential threats.”
Tech’s Hot Topic
Zero Trust is top of mind as it is a framework that has become more important than ever in our “new normal.” Not a new topic by any means, NIST has released a new definition to fit the 2020 landscape, one that describes Zero Trust as an ever evolving cybersecurity paradigm.
The updated Zero Trust definition demonstrates the importance of access control, as well data protection in cloud-based assets. As Miller pointed out, Zero Trust has many elements to it, “There is not a one-size-fits-all Zero Trust solution. Architecture, process, maturity models, technology, and evolution play a role in the full adoption of a Zero Trust model, of which there are many interpretations.”
Companies and the government are working to make sure that as we use more personal devices, they are safely connecting to various cloud-based tools while protecting data.
In the next six to twelve months, Miller suggests there are four focus areas to help further a work system that looks more like a hybrid cloud infrastructure. The first category to look at, is the actual management of these hybrid systems. As some people begin to go back to an office, while others opting to continue teleworking, what will these complex systems look like?
The second area of concern, is creating a comprehensive data protection strategy. As more cloud-to-cloud tools are being integrated into teams’ means of communications, legacy systems may not be built to fully protect this newer technology.
The third area of focus, is users. Ensuring new tools are protected is just one part, but as teams evolve, so must practices that ensure safe use of those new tools and devices.
Finally, looking back to Zero Trust. Miller predicts there will be an evolution of Zero Trust Architectures to Adaptive Trust Architectures. Looking at the Zero Trust paradigm more holistically to help build out data flow from all sides, rather than just a two-way system.
Government and industry was quick to adapt to a new way of working. How will this affect policies and tools moving forward? That is still to be seen.