As Work from Home Increases with COVID-19 Cases are We Looking at a Playground for Threat Actors?

In December 2019 a new virus was detected in Wuhan China, this virus (COVID-19 or the Coronavirus) has spread rapidly through out China and the rest of the world. With its apparent ease of transmission and difficulty in detecting (early stages can look like the Flu), many companies are looking into allowing employees to work from home more in an effort to slow down the spread of this potentially deadly virus. The question is, are these companies really ready to have so many people connecting in from home, or are we potentially opening or a massive hole that threat actors are bound to exploit.

There are 101,601 confirmed cases of the Coronavirus globally (as of this writing, by the time of publication it could be much higher). Not all of these people were in quarantine when detected and almost all of them exposed others to the virus, this means the number of potential cases is exponentially higher than the number of actual cases (not to mention the shortage of test kits). Anyone that has had incidental contact with one of the 101,000+ should avoid contact with others until they pass through the incubation period (about 12-14 days). When it comes to most adults being out of work for that length of time might not be an option and with the number of potential cases the lack of employees would have a significant impact on the business. It is a perfect setup for remote work, where applicable.

Setting up a proper remote work environment is not going to be an easy task and we are sure that many businesses will move to set this up quickly and not truly in a security focuses manner. The possibility of insecure connections, weak encryption, and security controls has to have some of the existing APT group drooling in anticipation of the number of unprotected targets. After all APT groups can get into businesses and organizations that actually do have a security focused remote work policy, it just takes more effort. These pop up work from home situations are bound to be ripe for the taking as, in most cases, there is just not enough time and/or money to set them up with proper protections.

I am not saying that these companies should not let their potentially sick employees stay home. In fact, I personally feel that if someone is sick, regardless of the malady, they should not be at work where it can spread. I am saying that in 2020, companies should be much more prepared to accommodate for this given the technology and the tools that are currently available. We should not be in a situation where an employer, or employee, should have to make the choice between going to work and potentially infecting others with a deadly virus, and working from home. Granted not every job can be worked remotely, but in cases where it can, having the right tools in place can help when the time comes.

But wait, there’s more.
So far, we have only touched on basic remote workers, we have not scratched the surface of the potential impact from security and IT operations teams being affected by COVID—19. If and when these teams are impacted the situation looks even worse. You will now have a massive increase in potentially unsecure remote connections (maybe from home devices) hitting unprepared servers and with a minimal staff to protect and keep them running (yes, even cloud services). It is not a pretty picture at all, but it is one that we are heading into right now with a good deal of speed. Organizations of all sizes should have already been looking at what they need to allow a more secure and effective remote workforce, including the potential need to allow for IT security and operations staff to function. Remotely, but as with most things the ball does not move until there is a major event.
COVID-19 has not even hit critical mass yet and there is no vaccine or cure insight. We are bound to have many more confirmed cases which will (sadly) mean more potentially exposed businesses out there. Unless something changes rapidly we are looking at some very uncertain times in the security field as well as a high cost in human lives and while I firmly believe the human lives are much, much more important, we still do have to account for the potential impacts of so many insecure business and organizations.

No comments

Leave your comment

In reply to Some User