Returning to Ransomware

Business Journal Ask the Expert Column – May 2020

There are mixed emotions and challenges to consider when returning remote employees to the workplace. As the leader of an organization, you need to prepare your workforce and expect to see changes upon returning to the office due to COVID-19 from a cybersecurity perspective.

Increase in Ransomware Attacks

Despite COVID-19, SpearTip has seen an increase in cyberattacks during the pandemic, including data breaches, data exfiltration and ransomware attacks. For some time, employees have been forced to work from home as their state or country was under a mandatory stay-at-home order. Company devices are now connected to home office networks and potentially in environments with weaker security controls. This type of connectivity has caused inconsistency and chaos which produce a fair amount of vulnerabilities. Cyber adversaries have increasingly leveraged these vulnerabilities to compromise corporate systems.

SpearTip’s SOC has been able to monitor these devices even within our clients’ home networks. Based on our experience, we know many home networks are woefully insecure. For example, many home routers are still set to default credentials and never changed. In the absence of any type of network or endpoint monitoring, it is easy to assume a number of these devices will be compromised.

If the proper procedures and security controls were not put into place prior to moving your workforce remote, your organization could face significant cybersecurity issues upon returning. Employees are going to bring with them several devices, both personal and work, that have not seen the corporate network in weeks, or even months.

A process for safely bringing back these devices to the network is essential to protecting your business. If you don’t have endpoint monitoring that is able to easily scale to a remote workforce, along with a plan to safely reconnect devices after proper checks are performed, use this time to educate yourself on the risk of joining soft targets back to the corporate network. Also, make sure to think about what data may have been exposed during this shift to work from home. Overall, it is essential that regardless of where these devices are located in the future, they are monitored and protected 24/7 by certified security engineers. 

Below are a few considerations as you bring your remote workforce back into the office.

1. Have a security checklist completed before reattaching machines to the network  

2. Segment new machines from machines on the network previously

3. Begin implementation of endpoint detection software capable of working regardless of location

4. Force VPN usage through the employer network in order to make a network connection

This crisis will change the way C-suite executives view security and their risk profile. Workforces are going to continue to be remote in areas of the country and around the world. Security must follow suit. It is critical for the IT and cybersecurity teams to be able to perform updates and maintain protected machines at all times, regardless of location.  

Adversary groups have an advantage during this time, but there is a security opportunity to even the playing field when employees are working remotely. It is not for certain when this pandemic will subside, or if it will relapse, but one guarantee we can give is cyberattacks are not getting less expensive or becoming easier to respond to. Have a plan for when this happens to your organization and get ahead of returning to ransomware.

For more information on how to prepare your workforce for returning to the office or to improve your cybersecurity posture, feel free to email info@speartip.com.