It’s the Wild West out there – again. During the first quarter of 2020 cyber security specialists Fortinet documented a seventeen per cent increase in viruses for January, a 52 percent increase for February, and an alarming 131 per cent increase for March compared to the same months in 2019.
Clearly criminals are taking advantage of the rise in teleworking and have been looking for easy ways into corporate networks. The only way forward, then, is to rethink IT security.
“The move to working remotely has prompted organisations to rethink their IT security so they can easily deploy any application on any cloud infrastructure,” said Steve Mulhearn, director of enhanced technologies at Fortinet.
Dimension Network Systems, an Ireland-based Fortinet partner, has found that the threat is real in Ireland but that businesses, on the whole, are taking it seriously.
“They are aware of the security issues. We have different kinds of customers. The ones keeping us active recently have been in the healthcare and retail space,” said director Larry Skinner.
Skinner said that one open question is what will happen as a transition to part-time teleworking becomes the norm.
With social distancing requirements likely to remain mandatory in office environments this question will have to be answered even as offices begin to re-open.
“Space, definitely in Dublin, is very expensive. You have four, five, or six people to a desk or pod. People may have to deal with offices with fewer people in them. At the moment we have our two-metre rule, which may in certain circumstances reduce to one metre.”
And yet, people do need access to data – including data housed in on-premise systems. This means that some kind of connectivity, not only to the cloud, which is relatively easy, but to on-premise systems must be provided.
“There’s a learning curve for both staff and managers, and while most of the enterprise customers we deal with have resources in the cloud, they also have resources in their on-prem systems. These are drives and files that people need to get access to,” said Skinner.
“Some will only need an encrypted VPN client connecting in. Others will have a dedicated firewall or access point that securely communicates with the on premise or cloud based corporate network.”
Another major threat is ransomware, which has exploded during the pandemic as scammers take advantage of lax security and unfamiliar working circumstances. One report in Wired found that scammers were reaping the benefit of groundwork laid months ago, but danger is also increased as people scramble to work online, and it has long been found to be the top cyber threat.
Ransomware is malicious software that locks access to a computer's files until the victim pays ransom (typical advice is to never pay, as they will be back for more) and it makes its way onto computers via people clicking malicious links on websites and in e-mails. The threat is increased today as many are now working using apps and websites with which they are unfamiliar.
Some 30 per cent of ransomware attacks start with malicious content from a website, and 94 per cent of attacks leverage e-mail in the process. In addition, 43 per cent of cyber-attacks – and a staggering 71 per cent of ransomware attacks specifically – target small businesses.
Having fresh backups can help to mitigate the situation, but the real solutions are endpoint systems protection – such as FortiMail spam filtering and FortiGuard web filtering in combination with FortiEDR real-time endpoint security solutions proactively reduce the attack surface – and user awareness.
Securing network access for devices, such as laptops or home office PCs, has long been an issue. Dimension Network Systems has found that one attractive option is the deployment of Fortinet’s multi-factor authentication, comprising of a known user ID and password with an ever-changing six-digit code, meaning that even if a password is compromised, it will not permit access to the network.
Typically, this means an app that generates a code required for login – a type of tool users of Google Authenticator will already be familiar with.
“The old style would have been a key fob device, which is still available [but] these days a soft fob is available on the phone,” said Skinner.
Mobile apps are an attractive option because they are convenient and, let’s face it, always around. Indeed, Fortinet’s FortiToken is a soft fob that works with Windows, iOS, and Android devices, and integrates with their firewall. “People rarely go out without their phone,” said Skinner.
The soft fob is registered with the firewall, remote users are granted access to the site system-based credentials supplied to the onsite authentication system LDAP [Lightweight Directory Access Protocol] and the soft fobs, which are firewall-synchronised six-digit displays. Most customers have an authentication service of some sort or, if need be, for smaller clients the firewall will do the authentication itself.
As an added layer of security, remote access is then allowed only to relevant files or systems.
“The superuser in real terms, as we see it, will have an edge remote network. Site to Site encrypted VPN tunnel between the Edge network and the HQ Systems with security policies that are offset back to the HQ. Such a site supports secured smart or physical phones as well as FortiAP Access Points which offer secured home wireless coverage and encrypted tunnels to the corporate systems.”
But other users will have different levels of needs, not merely simpler ones. Some, for instance, will need persistent access.
“A persistent user is the high-end user who is online all the time. Think of a trader or doctor: who needs as close to constant connectivity as he can,” said Skinner.
“One thing that I have noticed working from home, and I never noticed this before, is the link to my home broadband seems to disappear, or bandwidth reduces, for brief periods.”
The answer, Skinner said, “is to augment the Fortigate Site to Site encrypted VPN tunnel connection with a 4G LTE dongle, using [built-in] SDWAN [software-defined wide area networking]”.
Once the user is logged in to the network, activity can be securely tracked and traced, and all normal workplace IT functions can be provided.
“Of course, there are applications that are very bandwidth intensive. From that point of view, it is ideal to have a remote service so you’re really only getting screen and keyboard update, and from a security point-of-view there’s no data on the local device.”
Another piece of the puzzle is the next-generation firewall or NGFW. It is the third and latest iteration of firewall technology and the key goal is to bring a lot more intelligence to network traffic.
“In the past, traffic was based on: ‘Can I get out, yes or no?’,” said Skinner. “Nowadays, what happens is the newer firewall will deep packet interrogate the data, it will look at the type of traffic or application, telnet, SSH, web service, voice or video calls and so on, managing and filtering it intelligently.”
Taken as a whole, then, staff working from the office and from home can be placed on a level – and secure – playing field, with access to the files, services and applications they need, and not those that they don’t, while monitoring can keep an eye on just what data is leaving an organisation at any point.