COVID-19 virus just became more dangerous…
Corona virus is all we hear about nowadays. There have been these many cases, these many deaths, this country is in full isolation, these travel restrictions are in place. Well, I’m sorry to say, but Corona should not just make you concerned about your physical health; what about an organization’s security health? How could a virus have any impact on a company’s security you may be wondering? Below, you will find the many, unsuspecting ways in which the world’s current biggest threat is affecting more aspects of life than you might think.
If no-one saw it, did it really happen?
Corona virus might be scary, but there’s always a silver lining; in this case, a lot of companies are permitting employees to work remotely. And let’s not lie, it’s a pretty shiny silver lining. Waking up when you want, wearing what you want, working where you want…what’s a downside to that? The fewer people in the office, the fewer eyes to spot malicious devices, or the malicious actors installing them. Why do so many criminal acts happen at night? Fewer people around. So, with fewer people onsite, the more appealing it is for a bad actor to implant a rogue device.
Where did that device come from?
You might not be going into the office because of a disease that is spreading faster than news of the latest celebrity divorce, but that doesn’t stop you from going to your favorite local coffee shop to have a nice latte, eggs benedict, maybe even a warm almond croissant because it’s #cheatday – oh, and to work…obviously. You’ve forgotten your charger, but this coffee shop isn’t your favorite just because of its high-quality delicacies; they have everything you need, including a charger. So, you use it without thinking twice. But maybe you should. Is that really just a charger for your laptop/mobile? Or is it laden with a device designed purely to acquire all the information from the endpoint to which you plugged it into? Probably not, but it just might be.
Who’s behind that mask?
Corona is very real. Just look around. Masks are everywhere, and it’s not because there’s some communal masquerade ball that everyone is going to. This isn’t the 16th century Renaissance era. The bigger the mask, the better protection. But protection from corona? Or protection from being identified as unauthorized personnel?
You’re walking through your office, concentrating on the deadline you’ve been given, not noticing that the person that just walked past you is not a fellow colleague, no matter how well you know everyone you work with (you social butterfly, you). Well, how would you? He’s wearing a mask that covers half of his face. And you’re not the only one that’s oblivious. The measures taken to protect oneself from Corona has provided bad actors with the perfect disguise to enter an organization’s premises, unnoticed, install a rogue device and slip away just as easily as he slipped in. Plus, CCTV will not be able to identify them either.
“We’re with the government, listen to us”
If a group of men in white overalls and masks enter the building demanding the evacuation of the premises in order to sanitize the area because they are “with the government’s health department and it’s a standard procedure”, would you question it? Let me answer that for you; you wouldn’t. People that give off the impression that they are in positions of authority are very rarely questioned, especially in situations that cause distress such as that where there is the possibility that your office is infected with a deadly disease that has no cure. So, you willingly oblige and thank the men that are coming to save you. But, don’t be so trusting because these individuals are actually there to install malicious devices throughout the office that will allow them to gain remote access to the company’s confidential data. Not such heroes now, are they?
Keep your friends close, but enemies closer
“You don’t know where that’s been! Here, use mine. It’s brand new so you know that no hands have touched it before”. You smile as you thank your fellow employee for looking out for you and generously offering up their charger that they have just bought in order to save you from touching one that has possibly been used by a Corona-infected individual. But just hours before, that employee was blackmailed by a malicious actor and forced into ensuring that you use a specific charger; one that has been compromised. This charger that you use is now giving the perpetrator all the information he/she needs to conduct a data breach.
Did COVID-19 just get more dangerous?
Yes, but at least this threat has a solution. Sepio is the leader in the Rogue Device Mitigation (RDM) market. It provides the ultimate visibility of the enterprise’s IT assets – no device goes undetected – whether it’s a USB gadget or an unmanaged Ethernet switch. Through this total visibility, a stronger cybersecurity posture is achieved. You no longer need to rely on manual reporting, legacy inventory reports and employee compliance to determine if there is a vulnerable device installed by an unwitting employee, or an “employee of the government’s health department”. No matter how far Corona spreads and what this means for society in the future, at least you can eliminate the concern that it’s allowing malicious actors to carry out rogue device attacks on your company. Like I said, there’s always a silver lining.
There are various challenges regarding remote work, but some of the main challenges include a lack of control over device usage, and the ineffectiveness of security solutions. Enterprises need to focus their attention on hardware security as the first line of defense. Sepio’s Hardware Access Control solution (HAC-1) provides visibility of all hardware assets operating across the corporate infrastructure on both the USB and network interface. HAC-1 analyzes the Physical Layer to detect and identify all devices, and their true identity. This capability allows the organization to effectively enforce hardware access control policies based on roles and device characteristics.