Cybersecurity Challenges of a Sudden Remote Workforce
IT teams have spent recent weeks enabling staff at their organizations to work from home. Unexpected cybersecurity challenges related to patch management and new or expanded remote access vulnerabilities are two of the challenges IT teams are facing these days. In this interview with James Globe, Vice President of Security Operations for the MS-ISAC at the Center for Internet Security (CIS), he shares some of the challenges the change to a sudden remote workforce can present, and what can be done to keep work secure.
What are three patch management challenges faced by CISOs and IT security teams if they've switched over to a largely remote workforce?
James: Communication, timing, and control.
Communication is different now. Previously, you could've walked down the hall or held a quick meeting to let people who use the system or infrastructure know that it requires patching. Now, you have to let them know about the change, confirm that they received that notification, and ensure that everything is still working after the change is made.
Timing can also be challenging. Essential systems are often patched during off-hours. With more employees working flexible schedules due to child care and other aspects of remote work, the application of patches to systems — such as user laptops — could be delayed or prevented.
Use of personal devices. A third challenge is applicable to organizations who have employees working on personal computers while they're at home. There is a risk here because IT does not have control over how people manage updates for their own devices.
What are the dangers and ramifications posed by these challenges?
James: Extended downtime is never great, but exposure to security vulnerabilities is a more significant danger.
Services may become unavailable due to a patch or update. Without immediate confirmation and testing, extended downtime could result in lost revenue for a business.
Systems not being accessible to receive a patch on time leaves them exposed to security vulnerabilities that pose a risk to that system, and potentially the business environments that those systems connect to. Without proper security measures, such as the principle of least privilege and proper MAC or IP filtering, the use of remote access tools can be extremely dangerous. Enabling such tools or features is like leaving your house's door closed, but unlocked.
Another challenge is unprotected remote desktop protocol (RDP) connections (i.e., not multi-factor authentication (MFA) enabled). By making systems accessible remotely, unless properly configured, there is an increased risk of compromise.
What are your top recommendations for effective patch management for a remote workforce?
James: Effective patch management is important for companies regardless of COVID-19. However, there's additional complexity because people are no longer in the building, but remote. Here are the key recommendations for any organization:
- Have a centralized patch management tool and process for regular patching in place
- Leverage security best practices from the CIS Controls and CIS Benchmarks for configuring systems (i.e., MFA, account lockout, RBAC, least privilege, password complexity, auditing, logging)
- Develop a process for communicating your patch management process to employees
- Ensure proper testing is conducted prior to pushing out patches
CIS SecureSuite Membership provides resources and tools for assessing a system's configuration and remediating vulnerabilities. By leveraging the best practices for secure configuration found in the CIS Benchmarks, CIS SecureSuite can help IT security teams keep their organizations secure.