Austin Breathnach, Security Architect at CWSI gives some thoughts on modern security deployments.
Last winter, with the fear of the long nights approaching, I needed a project. The project was supposed to be something to keep me sane during the winter months, something tangible, something useful – my shed!
So that’s what I did. I built a shed from the ground up using blocks, cement, rafters, windows and doors off of DoneDeal, and a corrugated roof. Job done and delighted with my work, I took all the praise that was offered to me and gave modest(ish) replies to compliments with “sure everything is on YouTube these days, easy enough really”.
A few weeks ago, though, I got a little reality check. We got a “drop of rain” and although just a shower or two, I saw little signs that maybe my project was not as successful as it appeared to be. But I comforted myself with the fact that I still had a little to do on it and got back on YouTube and followed instructions on how to get it watertight. And then another spell of dry weather came and everything seemed fine. This allowed me to forget about my shed, and I didn’t dare tempt faith by getting a hose to it to check for leaks. I’ll wait for the rain and it should all be grand. After all, I did everything the virtual builder told me to do!
But alas, the rain came again, and as I look out on my drenched floor, I contemplate, swallow my pride, its time to ring my brother-in-law builder and hope he will swoop in and save the day. He took the phone call, asked me a few questions and as he asked the right questions, I felt foolish as I replied knowing I cut a few corners, not out of carelessness mind, just inexperience and naivety. After an hour chatting and a few exchanged pictures he was able to tell me what I did wrong and what I need to do now to rescue the situation.
Sticking to my day job
And this got me thinking about my day job and the current situation. As a security professional in the modern workspace, I can draw parallels to my shed and how organisations have had to put structures in place to support a new way working. IT teams have frantically consumed knowledge articles and watched the odd YouTube video on how best to get users working remotely. And like my shed, praise should be given to IT staff for the tireless, stressful hours endured, to ensure the show goes on, jobs are protected, and companies can adjust to the new normal.
That said, my paranoid security brain is not at ease. Like my shed, I fear the rain will come and expose the weakness in these new structures. Companies are forced to move away from the comforts of the secure workplace and move to the unknown. Companies are forced to do whatever it takes to keep the lights on, but at what cost? How many organisations have been forced to allow users to bring desktops from under their desks, protected only by the structure around it, to an unsecure location with little or no protection? How many companies have asked users to login with their own personal laptops until they find a better solution? How many devices are now lost in wild, without the brain that was previously provided by structures within the secure building, providing it with critical updates that in turn prevented exposures and leaks.
Again, like my shed, one certainty in life, is if you have a weakness that can be exposed, it will be. With me, it’s the rain that’s exposing me. With remote working, cybercriminal activity is on the rise and looking for any weakness that can be exposed. As RTE reported, “I don’t think there’s necessarily an increase in the number, but I think attackers are just using this to find the weak link.”
The concept of a “sleeper” has always been a known risk in the security wold. With remote working, criminal cyber professionals have the perfect opportunity to carry out a sleeper attack. This is where weakness or vulnerability will be exposed, but instead of the criminal actor carrying out an attack, they wait. Wait for things to go back to normal, learn about further weakness, and then attack when the time is right.
So what do we do?
The good news though, is that there are security tools, most likely already at most organisation’s disposal, that can be enabled to help protect the worker and the organisation. At CWSI, remote working has always been the norm for us. We have a diverse workforce, working all over the UK and Ireland and our aim as a company is to “help you thrive, and stay secure, in a mobile world.”
From our perspective, this is not new to us. We have helped hundreds of customers adopt to modern working, with security at the heart of everything we do. For organisations currently struggling to adopt to the new normal and are concerned about how they might be exposed, we are here to help. As an ISO certified organisation and a gold Microsoft security partner, we have the experience and know-how to guide you away from risks and safeguard you for the future.
And as far as my shed goes, well I have made a gallant effort, but I know in my heart that I can keep adding layers of water-resistant products to get water-tight, but I am prolonging the inevitable. So I might just wait for the restrictions to lift, stick on a bbq and invite the brother-in-law around for a steak sandwich and maybe a little bit of DIY expert help!
To show we care at CWSI, we are offering free “chalk and talk” sessions to organisations looking to adopt to the new norm. We will help you identify what risk you may have exposed your organisation to, provide expert advice on mitigation techniques. We can also provide advice on secure collaboration during these tough times and tips on how to keep your workforce active, happy and safe.
And what do you want in return you ask? Your trust. We want to show you that as a security company, we care about protecting and enabling businesses throughout Ireland and the UK. We are in this together, so let us build the new way of working together by helping and protecting each other. It’s time to Evolve, but carefully.