Cybersecurity Challenges of a Sudden Remote Workforce
IT teams have spent recent weeks enabling staff at their organizations to work from home. Unexpected cybersecurity challenges are arising related to patch management and new or expanded remote access vulnerabilities. Under these difficult circumstances, what can be done to keep work secure?
Patch Management and the Remote Workforce
Three patch management challenges faced by CISOs and IT security teams as they've switched over to a largely remote workforce are communication, timing, and control.
1. Communication is different now
Previously, you could walk down the hall or hold a quick meeting to let the people who use the system or infrastructure know that it required patching. Now, you have to let them know about the change, confirm that they received that notification, and ensure that everything is still working after the change is made.
2. Timing is less certain
Essential systems are often patched during off-hours. With more employees working flexible schedules due to child care and other aspects of remote work, the application of patches to systems — such as user laptops — could be delayed or prevented.
3. Control of personal devices
A third challenge is applicable to organizations who have employees working on personal computers while they're at home. There is a risk here because IT does not have control over how people manage updates for their own devices.
Dangers and Ramifications
Extended downtime is never great, but exposure to security vulnerabilities is a more significant danger. Services may become unavailable due to a patch or update. Without immediate confirmation and testing, extended downtime could result in lost revenue for a business.
Systems not being accessible to receive a patch on time leaves them exposed to security vulnerabilities that pose a risk to that system, and potentially the business environments to which those systems connect. Without proper security measures, such as the principle of least privilege and proper MAC or IP filtering, the use of remote access tools can be extremely dangerous. Enabling such tools or features is like leaving your house's door closed, but unlocked.
Another challenge is unprotected remote desktop protocol (RDP) connections (i.e., not multi-factor authentication (MFA) enabled). By making systems accessible remotely, unless properly configured, there is an increased risk of compromise.
Recommendations for Effective Patch Management
Effective patch management is important for companies regardless of COVID-19. However, there's additional complexity because people are no longer in the building, but remote. Here are the key recommendations for any organization:
- Have a centralized patch management tool and process for regular patching in place
- Leverage security best practices from the CIS Controls and CIS Benchmarks for configuring systems (i.e., MFA, account lockout, RBAC, least privilege, password complexity, auditing, logging)
- Develop a process for communicating your patch management process to employees
- Ensure proper testing is conducted prior to pushing out patches
CIS SecureSuite Membership provides resources and tools for assessing a system's configuration and remediating vulnerabilities. By leveraging the best practices for secure configuration found in the CIS Benchmarks, CIS SecureSuite can help IT security teams keep their organizations secure.
By: James Globe, VP of Security Operations for the MS-ISAC at CIS