Thursday, May 7, 2020

Day 48: IT-Security & Corona

This article is part of The 100 Days Offensive. Go to Day 47 or Day 49,

I was asked about the impact of Corona on the IT-Security. This is what I came up with.

Remark: As someone said when beta-reading this text, a lot of the risks mentioned are not really Corona-related. But Corona makes those risks visible or sometimes just more obvious.

Cultural challenges

  • The bond between company & employee is weakened
    • Easier to attack through social engineering, colleagues are also just voices on the phone
    • Lacking skills for the remote management of people
    • People-poaching becomes easier
  • Fear for the personal future
    • Easier to seduce people to "rogue activities"
    • Hoarding of digital assets (customer data, source code)
  • The separation between job and private life is dissolved further
    • Use of company assets for illegal purposes (copyright violations, etc.)
    • Use of private software on company systems
    • Use of company software on private systems
    • The feeling of "unobservability"

Technical challenges

  • The usage of private resources (hardware, internet, space)
    • Personal components are being used as part of the workflow or as storage
    • Resources are shared with third parties unknown to the company
    • The home IT becomes a new shadow IT
  • Critical Infrastructure
    • Client-2-Site VPNs become part of the critical infrastructure while remaining vulnerable to denial-of-service attacks
    • The dependency on the IT security of third party tools and services (Teams, WebEx, Zoom, DropBox) rises astronomically
  • Security hardships
    • A lot of traffic bypasses corporate and IT-security infrastructure
    • Anomalies are the new normal, all thresholds for safe & secure behaviour have been invalidated
    • Plans for crisis management or disaster recover will probably not work in the current environment or will take much longer
    • Company devices have never been designed to survive in an hostile environment, they rely on a sheltered network and are not based on a zero trust concept

No comments:

Post a Comment