As remote working continues around the world in most countries due to the COVID-19 pandemic, there has been an increase in cyberattacks. While most businesses have cybersecurity protocols in place for their workforce on-premise, remote workers are now the targets of cybercriminals. Remote workers using their own devices for work are seen to be the most vulnerable at this point of time.
CyberSecurity Asean spoke to Nima Baiati, Global Director and GM of Cybersecurity Solutions at Lenovo to get his views on why there has been an increase in malware attacks, especially with most victims being those working remotely.
According to Nima, cybercriminals have always used a crisis as an opportunity to scam people. Many in the tech industry have noticed new scams and campaigns aimed at taking advantage of people's uncertainty around the coronavirus/COVID-19 pandemic, especially after it was declared a health emergency.
Having said that, Nima shared five tips for IT specialists to mitigate the risks of an increasingly remote workforce:
Employ Basic Input/Output System (BIOS) Resiliency: Hardware security becomes even more important in a remote world. Attackers are increasingly looking for ways to defeat security controls, and where they can, to circumvent them at the OS. As a result, ensuring that below-the-OS security is in place to help mitigate against these risks is vital. With a widely remote workforce, ensuring employee devices have capabilities like BIOS resilience is more paramount than before. Technologies like self-healing BIOS can help mitigate the risks to attacks below the OS where detection and remediation become even more challenging. Having these safeguards in place can ensure employees will not need to replace or reinstall hardware, as they provide detection and automatic recovery of the firmware system in the case of a PC BIOS malware corruption or compromise. This inevitably provides peace of mind.
Strategise Against Unsecure Access Points: No longer is work done just within the confines of the corporate network. While this is something we were starting to see long before COVID-19, what has changed now is the shift to work taking place exclusively outside of the confines of the four walls of the office. While most of the world is under shelter in place restrictions and using their devices from home, it's only a matter of time before workers across the globe begin heading back to shared workspaces, coffee shops, planes and everywhere in between. Addressing the risks posed by potentially logging onto a rogue access point is a vital consideration.
Streamline Administrator Rights and Employee Credentials: Credential and access management have long been a challenge for IT teams, many of which are often over-burdened and short-staffed due to critical talent shortages. Addressing the basics, such as ensuring users do not have administrator rights, but rather only have access to necessary systems, repositories, shares and networks for the specific time period access is needed goes a long way to help mitigate against credential theft.
Have a Better Safe than Sorry Mindset with Zero Trust Security: Zero Trust, a term we're starting to hear a lot in the security space, goes beyond the usual marketing hype to emphasise access and privileges. The reality is that attackers – at least the ones that can cause significant damage to reputation, brand, business impact through data theft and a myriad of other ramifications – continue to get more and more sophisticated and operate like criminal corporations, but corporations none-the-less in the sense of command, control, financial motivation and organisation. By adopting a Zero Trust model, we assume a 'guilty until proven innocent' mindset in security – to frame it more gently, access and privileges based on a 'need-to-know' basis.
Leverage Contextual AI: According to recent estimates in MIT Technology Review, there will be as many as 3.5 million unfilled positions in the industry by 2021. Combine this with attacker sophistication, data sprawl, cloud adoption, exponential growth in devices etc. and you have a recipe for disaster. To tip the scales in your favor you have to leverage artificial intelligence at the endpoint. There are several solutions available that help organisations with this, such as SentinelOne or CrowdStrike. These solutions are able to detect malicious activities and respond almost automatically to isolate the attack from the network and auto-immunise the endpoints against newly discovered threats. Some even offer the possibility to rollback an endpoint to its pre-infected state. However, there is a caveat all developers and employers should understand – not all AI is built the same. As a security team, it is important to understand your challenges and leverage contextual AI when applicable.
Now, Lenovo also has solutions like ThinkShield, which assist businesses to mitigate potential malware attack.
"The ThinkShield Platform is included on our Think line of computing devices out-of-the-box and includes our rigorous approach to Security-By-Design, Tamper Switch to help mitigate the risk of a physical attack on the device, built-in WiFi security and of course our ever-evolving BIOS Security capabilities which include Self-Healing BIOS. We're able to further enhance these capabilities through enabling AI-powered Endpoint Protection - defense against known and unknown malware and ransomware protection - through our unique strategic partnership with SentinelOne, built directly onto the ThinkShield platform. These are just a few of the myriad of security capabilities and solutions ThinkShield includes."
With the announcement of the SentinelOne partnership, Nima added Lenovo customers now have the ability to purchase devices with SentinelOne, delivering real-time prevention, ActiveEDR, IoT security, and cloud workload protection powered by patented Behavioral AI. Customers can stay protected while working remotely and reduce operational security costs. Through this strategic partnership, we are also providing our enterprise customers with complimentary access to the platform until July to help deal with and manage the resultant security challenges that COVID-19 has posed. Their advanced AI technology, coupled with Lenovo's ThinkShield Platform, is empowering laptops, workstations, servers, cloud workloads, and IoT devices to autonomously defend themselves in real-time.
With that said, Nima acknowledged that the endpoint has increasingly become the preferred vector of a cyberattack; this is especially true as digital transformation continues to accelerate where and how work is done. While COVID-19 has challenged businesses to think about security in new and creative ways, the risk is not likely to disappear once we start phasing back into the workplace. For example, if any machines were compromised while employees were remote, once reconnected to the corporate network, those machines can offer cybercriminals a door into your business.
With that being said, an increase in demand for endpoint protection solutions is extremely likely. It is vital for business leaders to employ these security measures now, preventing the potential for a reputation-damaging breach down the road.