Cybersecurity Gaps Magnified as Millions Work Remotely Due to COVID-19

SC Magazine | March 26, 2020

Cybersecurity Gaps Magnified as Millions Work Remotely Due to COVID-19
  • As the novel coronavirus escaped the confines of China, organizations learned their tools on hand were not designed or intended to work safely offsite.

  • The new working order has cast a harsh light on the limitations and safeguards of connectivity, required for business to function.

  • Pre-coronavirus, supervisors didn’t have to concern themselves with employee distractions. But now, employ focus is paramount.


Apply pressure to any system – and its weakness become apparent. COVID-19 has exerted the necessary pressure to test cybersecurity postures, exposing gaps – some of them yawning, some more subtle – as entire workforces have been ordered to work from home.


As the novel coronavirus escaped the confines of China earlier this year and it became increasingly clear large numbers of workers would have to hunker down at home, all eyes turned to an obvious potential weak spot – VPNs, which would surely sputter under the stress. But as the virus spread it has exposed additional security problems, ranging from the inability to do forensic tests and general upkeep on systems to granter higher level user privileges to staff to access systems remotely.


Organizations which previously did not have a distributed workforce quickly learned their tools on hand were not designed or intended to work safely offsite, via a VPN or over the internet, said Lisa Davies, head of corporate security at Redox, preventing security and IT teams from conducting even routine, but important, tasks.


Since many of the security controls and tools used by non-distributed companies depend on being on the local network, they cannot do [many] things remotely. These companies have found it more difficult to update, monitor logs etc unless the device is on the local network, so when employees take them home, they are in the dark

- Lisa Davies, Head of Corporate Security, Redox


Company equipment left behind as workers fled has languished unmonitored, their vulnerability magnified as employees, outside the sight lines of security teams, connect their own, unsecure devices to company assets.Organizations must “monitor inactive company devices, as possible indicators a device has an issue, or a remote worker may be tempted to use personal technology,” said Davies. “This goes hand-in-hand with technical controls preventing non-company devices from accessing sensitive information.”


READ MORE: Protecting against cybersecurity threats when working from home.


The new working order has cast a harsh light on the limitations and safeguards of connectivity, required for business to function. Existing protocols simply are not sufficient, said Luke Willadsen, security consultant, cybersecurity services and solutions firm EmberSec.


It appears support for multifactor authentication has been a lot of talk and not quite as much action. Many companies apparently haven’t required it to connect to the network then disable the work computer’s ability to take a screenshot of the window containing the remote/virtual desktop on the host computer, Willadsen said. That needs to change quickly.


“Don’t let any data pass between the machine originating the connection and the remote/virtual desktop,” Willadsen said. Security teams can bridge this gap by disabling “the clipboard and shared drive access between the origination host and the virtual/remote system,” he said, noting “we don’t want a single byte of information to be exchanged between the two hosts (aside from the network connection that facilitates the session).”



That will prevent “the introduction of malware into your network and it prevents employees from exfiltrating confidential or proprietary files,” he said.


Pre-coronavirus, supervisors didn’t have to concern themselves with employee distractions – children running around, barking dogs, fears of a deadly virus’s spread or many other things occurring in a normal household. But now, employ focus is paramount.


Workers be reminded to stay focused and that security policies put in place to protect corporate information are still in place, especially in a world filled with phishing emails designed to prey on those now operating in a busy and confusing world.


They should also build mechanisms to reinforce such policies in the moment they most need to followed – for example within the context of an email asking for financial action or confidential information – so that users can make informed decisions before interacting with suspicious emails.

- Matt Petrosky, Vice President of Customer Experience, GreatHorn


By providing employees with reminders about policies when it matters, companies can significantly reduce risk for their remote workforce.


READ MORE: The coronavirus is already taking effect on cyber security– this is how cisos should prepare.

Spotlight

A neat infographics to quickly understand the new innovations and emerging technologiesthat are helping organisations strengthen their security practices in 2019. With the number of cyber-incidents on the rise, there is a pressing need to be on top of IT security more than ever. In this infographic, assembled by Paradyn.ie, we look at the new innovations and emerging technologies in 2019 that are helping organisations strengthen their security practices.


Other News
DATA SECURITY

Futurex Announces Support for Google Cloud External Key Manager

Futurex | October 12, 2021

Futurex’s key management technology and Google Cloud EKM give customers more control over encryption keys to maximize data security, privacy, and compliance BULVERDE, Texas, October 12, 2021 — Futurex, a leader in hardened, enterprise-class data security solutions, today announced support for Google Cloud External Key Manager (EKM), giving customers more control over encryption keys. Google Cloud EKM gives users full separation between their data and encryption keys, enabling users to create, store, and manage their encryption keys in a third-party key management service (KMS) — such as Futurex’s key management servers (KMES). Users can turn to Futurex KMES Series 3, a FIPS 140-2 Level 3-validated key management enterprise server, or Futurex's VirtuCrypt cloud service to handle all cryptographic key lifecycle management to maximize data security, privacy, and compliance. “We continue to add security and flexibility for Google Cloud users, giving them full control of the location, distribution, and access of their externally-managed keys,” said Bahul Harikumar, Head of Infrastructure Security Partnerships at Google Cloud. “Google Cloud EKM and Futurex give users more security options and more control.” Futurex’s robust key management platform is globally available and highly scalable, providing a versatile, external key service using fully-validated HSM and cloud technology. In addition to solutions for Google Cloud External Key Manager, Futurex’s KMES Series 3 offers: Cloud key management Data protection Public key infrastructure (PKI) Certificate Authority (CA) Code signing Vaultless tokenization Integration with numerous 3rd-party applications and services “Google Cloud’s commitment to encryption is evidenced by its support for external key management partners and we are thrilled to support Google Cloud EKM with our FIPS 140-2 Level 3-validated systems,” said Ryan Smith, vice president, global business development, at Futurex. “Futurex’s centralized encryption makes everything easier by fulfilling multiple key management use cases in a single platform.” Futurex’s Google Cloud EKM can be deployed via Futurex on-premises key management servers, Futurex’s VirtuCrypt Cloud, or an on-premises/cloud hybrid. For more information on Futurex’s support for Google Cloud EKM, visit futurex.com. Google Cloud will be showcasing its Cloud EKM at its Google Cloud Next ‘21 conference, taking place October 12-14, 2021. About Futurex For more than 40 years, Futurex has been a trusted provider of hardened, enterprise-class data security solutions. More than 15,000 organizations worldwide, including financial services providers and corporate enterprises, have used Futurex’s innovative hardware security modules, key management servers, and enterprise-class cloud solutions to address their mission-critical systems, data security, and cryptographic needs. This includes the secure encryption, storage, transmission, and certification of sensitive data. For more information, please visit futurex.com.

Read More

Thought leaders come together to discuss the futureof developer relations in a remote-first world

SlashData | September 19, 2020

For immediate release London, United Kingdom Media contact at SlashData Ltd. Viktorija Ignataviciute viktorija@slashdata.co Best practises engaging Open Source and DevOps developers Developer trends; Tracking Covid effect on the industry While industries, businesses and individuals are being challenged significantly, the Future Developer Summit is determined to turn this into an enhanced learning opportunity, open to all Developer Relations, Marketing and Advocacy community members. Traditionally hosted in the Bay Area, CA, the 5th Future Developer Summit invites its guests to join the event remotely on 29-30 Sep & 6-7 Oct, ensuring the safety of all stakeholders. For the first time this year, the Summit offers 2 tracks: Open Source and DevOps. Thought leaders at the Future Developer Summit Industry leaders are coming together to discuss the future of developer marketing and developer relations. Director and VP level representatives from CNCF, Google, Microsoft, Comcast, HashiCorp, Intel, Salesforce, Facebook, MongoDB, Futurewei, Eclipse Foundation, Indeed.com, Expedia, Nutanix, and more. Jono Bacon - author of “People Powered” and Mary Thengvall - Director of Developer Relations at Camunda are joining as event’s co-hosts. Follow new announcementsat futuredeveloper.io/ Keynotes by: • Mike Milinkovich, Executive Director at Eclipse Foundation • Nithya Ruff, Executive Director, OSPO at Comcast • Stormy Peters, Director of Open Source Programs Office at Microsoft • Adam FitzGerald, VP, Developer Relations at HashiCorp Lightning talks - hear about successes and failures from: • Melissa Evers-Hood - VP, Intel Architecture, Graphics and Software at Intel • Priyanka Sharma - General Manager at CNCF • Chris Kelly - Director, Open Source and Engineering Engagement at Salesforce • Grace Francisco - VP, Global Developer Relations & Education at MongoDB • Anni Lai - Head of Open Source Operations and Marketing, Cloud at Futurewei • Duane O'Brien - Head of Open Source at Indeed.com • Tobie Langel - Principal and founder, UnlockOpen • Satya Singh - Principal Product Manager - Platform & Marketplaces at Expedia • Mark Lavi - DevOps and Automation Solutions Architect at Nutanix • Tamao Nakahara - Head of Developer Experience at Weaveworks • Amr Awadallah - VP, Developer Relations at Google The highlights • On 29-30 Sep & 6-7 Oct. Full agenda at futuredeveloper.io/ • The highest rated industry event with a Net Promoter Score - 94! • Co-hosts: - Jono Bacon - author of “People Powered” - Mary Thengvall - Director of Developer Relations at Camunda • Remote friendly event for the global tech leaders community • Summit offers 2 tracks: Open Source and DevOps • 2 networks to join: Community and Exclusive • Registration is free for all attendees. We do invite you to voluntarily contribute to Black Girls Code • This year’s Summit coincides with SlashData’s 10-year anniversary of developer research. Join us to celebrate together! ▶ Reporters can redeem the Media Pass here. ▶ General Admission is available here. *Senior audience only Exclusive edition - announcement The Future Developer Summit is opening its doors in 2 weeks! Don’t miss a chance to join an outstanding crew of industry thought leaders bringing the best learning experience for Developer Relations, Marketing and Advocacy community members. Exclusive edition on 6-7 October Your Unique Executive Networking Opportunity in a remote-first world Two industry panels How do industry leaders approach contribution to open source? Speakers: • Sam Ramji - Chief Strategy Officer at DataStax • Chris DiBona - Director of Open Source at Google • Nithya Ruff - Executive Director, OSPO at Comcast • Stormy Peters - Director of Open Source Programs Office at Microsoft The diversity of DevOps approaches and how customers are adopting it? Speakers: • Kelsey Hightower - Staff Developer Advocate, Google Cloud Platform at Google • Greg Wilson - Director of Cloud Developer Relations at Google • Nicole Forsgren - VP, Research and Strategy at GitHub • TBA very soon! Two fireside chats with: • Jono Bacon - author of “People Powered” • Kathy Kam - Head of Open Source & Developer Advocacy at Facebook Two Master Classes Using practical examples, and a lot of data as usual, we will be demonstrating how you can increase your DevRel ROI by taking data-backed decisions and what are the key reasons for using data in your decision making process. Availability is limited → Secure Your Executive Seat

Read More

SALESFORCE LAUNCHES NEW HYBRID CMS PLATFORM 'SALESFORCE CMS

DECK7 | November 12, 2019

Demand owns content, and with the release of 'Salesforce CMS', it’s clear that Salesforce is putting the control squarely with demand, not to mention delighting the creative marketer with more power through additional tools for creating content that are expected to work well right out of the box (er… cloud). Customers have become accustomed to consuming content across multiple channels and platforms which requires marketers to provide for seamless integration of their content. Enterprises have always been challenged by using multiple systems for their content management. Salesforce CMS addresses these common content challenges and promises more.

Read More

DECK 7 INTERVIEWS SANGRAM VAJRE, CO-FOUNDER & CHIEF EVANGELIST AT TERMINUS

DECK7 | January 13, 2020

DECK 7 is proud to present an exciting interview with the Co-Founder & Chief Evangelist at Terminus, Sangram Vajre. He is an author, keynote speaker, 3x CMO, host of the daily #FlipMyFunnel podcast, entrepreneur and category maker. Sangram has been a driving force behind the success of Terminus and building the ABM subcategory of marketing technology. Before co-founding Terminus, Sangram was Head of Marketing at Pardot through its acquisition by ExactTarget and then Salesforce. A contributing columnist for Inc., he wrote the book, "Account-Based Marketing For Dummies" and is the mastermind behind #FlipMyFunnel, a B2B podcast series that has now over 500 episodes and continues to rate in the top 50 business podcasts.

Read More

Spotlight

A neat infographics to quickly understand the new innovations and emerging technologiesthat are helping organisations strengthen their security practices in 2019. With the number of cyber-incidents on the rise, there is a pressing need to be on top of IT security more than ever. In this infographic, assembled by Paradyn.ie, we look at the new innovations and emerging technologies in 2019 that are helping organisations strengthen their security practices.

Resources

Events