Coronavirus/COVID-19 is having a huge impact on society and for organizations still in operation, the workplace. Companies are sprinting to support fully remote work, and corners being cut for business continuity leading to a slew of cybersecurity issues. COVID-19 is causing a cybersecurity crisis as a result, and without taking preventative measures, this could bring many organizations to halt as they are now more vulnerable than ever.
Looking at some of the root causes and actors for organizational risk in the 2019 Verizon Data Breach Report, there are some interesting statistics that can help us break down organization risks and threat actors. The report states that 81% of breaches are the result of compromised identity security, with the remaining 19% stemming from exploiting the vulnerabilities of corporate hardware and software systems. Furthermore, 69% of breachers were perpetrated by outside attackers leaving the remaining 31% attributed to insiders, either employees or partners, who caused the breaches.
Diving into this breakdown of outsider vs insider threat actors, we can take a deeper look at how coronavirus is going to affect vulnerability exploitation and compromised identity security risks.
Insiders (partners or employees) acting maliciously and exploiting their authorized access and/or hardware/software vulnerabilities accounts for 5.8% of risk. These types of attacks involve a trusted employee or partner extracting proprietary information from the company for their own benefit, using the authorization or access they were given maliciously. Examples here are industrial espionage, leaks, whistleblowers, etc. 13.1% of risk stems from outsiders exploiting system vulnerabilities to gain unauthorized access, such as the recent vulnerability in Citrix’s software that left 80,000 companies exposed to breach.
Another 25.1% of risk stems from insiders compromising identity security where the vast majority of these breaches are caused by human error rather than malicious intent. Examples here are leaving data in an unprotected S3 bucket that is publicly available, or accidentally publishing sensitive information to a website. A whopping 55% of risk is attributed to outsiders compromising identity security to gain access to systems and networks. Much of these breaches occurred through credential stuffing and password spraying systems that were not MFA protected, as well as Spear Phishing, social engineering, SIM swapping, MFA bypass attacks.
There are large shifts happening to get teams up and running remotely overnight that InfoSec/CyberSec teams are concerned about. Several factors include the use of unverified personal machines and devices, poor information handling, unsecured internet networks and more. All of these factors are leading away from a Zero Trust stance and actually a huge step backward in security that is changing the risk landscape. Identity security is being relaxed at a time when spear phishing and social engineering attacks are being stepped up. Firewalls, VPNs and access controls are being weakened and buggy remote access software, often protected by credentials only, are being exposed externally.
Attackers are aware of this and are ramping up efforts to compromise employee access, increasing the risk of external actors compromising identity security. There are several examples out there including but not limited to:
Coronavirus-related spear phishing being recorded, where employees are sent links that appear to be from HR asking them to log in to see if they’ve been exposed to COVID-19 in the workplace.
Databases that were previously only available internally and on-premise, must now be made externally available but are often not MFA/2FA-protected, making them susceptible to credential stuffing.
Employees are skirting acceptable and common security practices, emailing documents and files around and to themselves on unmanaged machines where they are unprotected or in some cases, something as simple as CC’ing the wrong person.
It’s not too late to take steps, to mitigate these kinds of threats. In fact, some of them are as easy as reconfiguring existing software. For example, getting organizations back in a Zero Trust stance can be as simple as reconfiguring SSO instances with MFA to lock down identity systems against outside attackers and insider errors. Zero Trust implies treating insiders like outsiders, locking down unauthorized malicious insider misuse of unauthorized accounts (e.g. using a co-worker’s account), which represents a majority of cases. Moving to Cloud storage and Cloud Docs in combination with Zero Trust leverages the cloud provider’s security and infosec team, reducing 13.1% of risk from vulnerability exploitation.
The unfortunate truth is that the added risk from remote teams can only be reduced through increased identity security challenges as it may be too late to implement proper training or hand out managed machines/devices. This isn’t a new problem, it is intrinsic to the technology of authentication and MFA that requires the user to respond to a system challenge.
At TWOSENSE.AI, we’re changing that fact using behavioral biometrics to continuously authenticate, reducing the risk of human error and responsibility. Continuous authentication runs in the background and can automate the response to MFA challenges invisibly on the user’s behalf. This continuous authentication actually increases security by increasing the effective times per day the system confirms that the user is authorized. At the same time, it vastly improves the user experience by reducing the number of challenges the user responds to by up to 95%, saving each user an average of 1.5 hours per month.
Our products can be integrated into existing Identity and Access Management (IAM) stacks, on top of current IDP, SSO, and MFA solutions for better security and a MUCH better user experience for remote teams.
Reach out if you’d like to talk about a better, more secure remote work experience or see a demo.