The global health crisis over the past four months has had a significant impact on several sectors.
While some companies had already established a plan to ensure their cybersecurity since the beginning of 2020, it is clear that the majority of these programs are struggling to be respected. And there are several reasons for that.
This article will also interest you: Between telecommuting and computer security, insurers organize themselves
Since March, several states have opted for general containment in order to minimize the spread of the virus. This containment has forced many companies not to go to remote work, so as not to completely stop their activities. Unfortunately, this transition has been a little too hasty. This has made it difficult to set up a set of security platforms to ensure the protection of remote exchanges during telework. "When they prepared their 2020 strategy, many IT departments developed general plans for digital transformation and how the cloud and software would support this goal. Today with the Covid-19 crisis it is no longer an option, we must manage telework and remote operations. The priority now is to support telecommuting and to ensure that everything goes smoothly, including ensuring the updating and security of the IT fleet at a time when the IT team has only reduced control and no physical access to the relevant equipment. explains Qualys' Director of Technology and Security, Marco Rottigni.
After a somewhat abrupt shift, there was a situation that was decried as very dangerous for the safety of businesses. Indeed, during telework, several employees are put to use tools that originally had a personal use. This transposition of the professional framework into a personal setting was of a nature, to expose greatly the computer systems of companies. Simply because a personal tool had surely been used and generally more exposed to cyberattacks, where it has been in the past.
By exposing professional information that is often confidential, the employee and the company run the risk of being intercepted. "Employees who work remotely use either their personal equipment or systems provided by their employer. While the provision of equipment and Access to the Internet is not a real problem, managing the security aspect is more difficult. In advance of telework, IT must ensure that it implements patches and updates on equipment and deploys traditional security software such as firewalls and antivirus applications. However, the appearance of coronavirus causes two changes in size. On the one hand, these assets are not immediately connected to the company's network. In other words, laptops and other assets are no longer protected by the company's firewall or other perimeter security technologies deployed centrally. Their protection therefore depends solely on security solutions that were already installed, or not. Marco Rottigni described it.
The situation made it almost impossible for IT teams in companies to properly administer the machines that were directly involved in the operation of the company's operations. Machines that were connected to the network without first being approved. For the latter, in such a context, they are obliged to trust users and collaborators to respect security protocols. Which unfortunately is not a bet won in advance.
The company's network and computer systems are exposed to several vulnerabilities. Vulnerabilities do not only reveal the carelessness or neglect of teleworkers. For example, how a system manager could easily deploy updates when the majority of protocols require physical upgrades to the various collaboration tools used in business. "In the event of a problem, IT staff cannot go to the employee's office as they would normally do. highlighted our expert.
Now access an unlimited number of passwords: