The last two months has seen an unprecedented change in the way Australians work.
And while it appears that the economy will begin to re-open in the near future, we should be mindful of the fact that working patterns are likely to change permanently, even once we see the back of COVID-19.
Many organisations are now seriously contemplating a ‘NEW NORMAL’.
On the other side of this pandemic, we are likely to see many organisations adopt far more flexible working arrangements. These will allow workers to balance their time between home and office in ways that are mutually suitable.
There are a range of benefits to such flexibility. It allows staff to enjoy a better work-life balance. Reducing the number of commutes each week ensures people have more time to devote to recreational activities, including spending quality time with family and friends. A better-rested workforce will likely pay significant dividends in terms of increased productivity.
Furthermore, with large percentages of their staff working remotely each day, organisations will need less office space – providing significant real estate savings.
However, there is still a question mark over how this ‘NEW NORMAL’ will affect the security and integrity of an organisation’s systems and data.
We know the sudden shift to remote work over the last two months saw many organisations adopt ‘quick-fixes’ that fell short of providing adequate long-term security. These may have included accessing or transmitting data without the use of a VPN, or allowing staff to work on their own devices without adequate BYOD policies in place. Staff may have been using less secure home wi-fi routers or communicating with colleagues via unencrypted teleconferencing platforms.
As remote work becomes a permanent feature of the economic landscape, now is the time for organisations to be thinking of ways in which they can embed more rigorous, long-term, cyber security policies, rules and procedures.
Attack Surfaces: Knowing Your Exposure
Thanks to enforced lockdowns, our adoption of information and communications technologies has been accelerated in an unprecedented way.
We have all had to rapidly change the way we work and communicate, from large enterprises to small and medium sized businesses. Even government departments and agencies have dramatically changed their practices to accommodate working from home.
Whilst the new technologies provide much greater levels of flexibility than ever before, they also significantly increase our ‘attack surface’.
An attack surface is defined as the total sum of vulnerabilities that can be exploited to carry out a security attack. In order to secure an organisation’s network, IT administrators should seek to reduce the number and size of attack surfaces.
The first step to reducing your attack surface is knowing the extent to which you’re exposed. Whilst someone living remotely, without access to the internet, would have no attack surface, most Australians use internet connectivity in more ways than ever before. The result is an expanded attack surface. Any steps that reduce your attack surface make it harder for attackers to breach your systems.
4 Measures to Reduce Attack Surfaces
1. Audit Your Assets and Map Attack Pathways
Start with a comprehensive audit. It is one of the best strategies you can implement for reducing your attack surface. You’ll be surprised how many misconfigurations you’ll detect and the volume of outdated software you have installed across your network.
These are some of the questions an audit should seek to answer:
- What assets do we have, whether located on-premises or in the cloud?
- Which assets are business-critical, which assets are somewhat beneficial to the business and which assets are redundant?
- What vulnerabilities can be identified in the business-critical systems?
- How are the assets interconnected and what could be done to segment different assets?
- What potential pathways exist for an attacker to reach the business-critical assets?
Answering these questions will put you on the right path to substantially reducing your attack surface.
2. Remove Redundant Software
Over the years, all kinds of software can find their way onto your servers’ operating systems, not to mention a wide range of software that may be installed on individual computers within your network. You should only retain those applications that are absolutely necessary for your team to carry out their work.
Anything else should be disabled or simply uninstalled.
Periodic cleaning of your servers and computers should include removing any unnecessary applications. Reducing redundant software and applications will reduce potential entry points for attackers.
This is particularly important as we regularly see attackers gain entry to networks by exploiting vulnerabilities that have been known for some time. Often, organisations will have software on their systems that they’ve neglected to patch or update because they are not being used. This may provide a perfect opportunity for an attacker to gain entry.
Follow our 8-Step Guide to Patch Management to ensure you keep all software up to date.
3. Scan Network Ports
A firewall between your network and the internet helps determine what data is allowed into your environment, and what is kept out. When configuring your firewall settings, you need to decide what should be allowed in. By opening specific ports, you can specify the different types of data that should be allowed into your network.
Unfortunately, all too often ports are left open. Attackers know this and are regularly scanning for open ports. The last thing you want is your network accepting whatever an attacker sends your way.
That’s why reducing your attack surface should include closing unnecessary ports, both inbound and outbound.
You should scan for open ports on a regular basis, preferably fortnightly. Any open ports that you suspect may not be necessary should be closed as a precaution. When it comes to ports, it’s preferable to be slightly over cautious. If closing a port causes some inconvenience to people in your organisation, because they cannot access certain types of data, you can always re-open it.
Using host-based firewalls (often linked to your anti-virus) can also be an effective way to implement a firewall policy on devices that are being used from home. This ensures that just because the device is no longer within the office, threats can still be prevented and detected remotely.
4. Segment your Network and Adopt Microsegmentation
You’re always told not to keep all your eggs in one basket. Likewise, you shouldn’t keep all your assets in one network.
By segmenting your network, you can significantly reduce your attack surface. Segmentation helps prevent attackers moving laterally if they breach your perimeter. Such a strategy can enable you to focus your efforts and resources on securing the most important assets within your network.
When considering segmentation, it’s important not only to consider North-South data flows, between the server and a client, whereby traffic flows into and out of the data centre. With increased use of containers and microservices, we are seeing far more data flowing East-West, or between applications.
Understanding how data flows between your microservices or applications can help you implement microsegmentation strategies that will further limit attack surfaces.
How Shearwater Can Help
The ‘NEW NORMAL’ is changing the way we work. It has the potential to offer significant benefits to organisations and staff. However, it also comes with the risk of greater exposure to cyber-attacks.
By reducing your attack surface, you can substantially reduce the risk. Speak with our security experts to learn how you can maintain your organisation’s security posture for the long-term.