On many technology-related topics, the Covid-19 has proven to be a trend accelerator. This is particularly true in the area of cybersecurity.
The health crisis has led to the emergence of a new form of work organisation: telework or telecommuting. Everyone has praised the benefits of technology, which allows everyone, from their home, to connect to their workspace, participate in videoconferences and share documents. The miracle of technology... But there's a flip side to the coin: never before have there been as many computer attacks as there are today. They take many different forms and technologies, but the main focus is on ransomware, a form of malicious attack that aims to paralyze a company's information system before demanding payment of a ransom to free it.
Experience shows that companies often mistakenly believe that they are protected from such attacks.
By Stéphane Reytan, Managing Director of BlueTrusty, CyberSecurity Division of ITS Group
Teleworking is a major risk. A computer away from its working environment is a tempting prey for hackers. Firstly, because during the first confinement, IT departments had to, most often in an emergency, "open" a number of doors: firewall rules were extended to remote work, often with a loss of granularity; additional rights were granted to users, in particular so that they could install software themselves; in the most problematic cases, laptops were bought en masse on the market, without any specific configuration, sometimes directly by the users.
Control: holes in the racket
Another factor of fragility lies in the way CIOs work. Traditionally, security measures have only been thought of as part of an activity within the IS. Web browsing filtering, for example, is generally carried out on site, but since most users are remote, passing their flow through the central site poses problems of performance on the VPN gateways and bandwidth saturation. As a result, very often VPNs are configured in such a way ("split-tunnel" mode) that remote users access the Internet directly, without the protection they enjoy when they are on the company's premises. In addition, the daily management of the computer park requires that workstations are permanently accessible from the central site. However, in a teleworking environment, many users no longer connect to the central site (or no longer long enough): the deployment of software security updates and antivirus software becomes much less effective.
Finally, "impossible" uses on the company's site have become possible at home: for example, file transfer via USB keys between personal and professional computers.
Protection: time for decentralization
On many technology-related topics, the Covid-19 pandemic has proven to be a trend accelerator, particularly in cyber security, forcing ISDs to rethink protections. If there are many native functionalities (often free of charge) allowing to effectively secure a Windows workstation, they are unfortunately ignored or misunderstood by technical services, which are used to delegate protection to infrastructures. This perimetric and centralized protection will lose its importance: applications will be systematically accessible via the Internet with mechanisms (authentication, authorization, encryption, etc.) that do not presuppose the location of the workstation.
In any case, companies, including medium-sized and small ones, must in any case pay more and more attention to their degree of risk in terms of external attacks and test their resistance to ransomware at regular intervals. This is one of the many consequences of the unprecedented crisis we are going through. In this matter, anticipation is indeed the best defence.
