How COVID-19 Changes the Enterprise Threat Model

How COVID-19 Changes the Enterprise Threat Model

The pandemic has upended how enterprises work, and not the least of all affected is the typical IT security team’s threat model.

Many employees have been relocated to a home office during the pandemic, introducing new security challenges related to home networks, as well as all the devices connected to them. Even as restrictions are eased, one out of every four enterprises say they plan to keep at least 20% of their team members working from a remote location, according to a new Gartner survey.

In the report, which included 316 chief financial officers and finance professionals, another 74% stated they will keep about five percent of the team at home as a way to reduce costs.

The challenge for security teams is getting a handle on a new threat model that includes several important factors:

Malware infections: A study found that a home network is seven times more likely than an on-site network to be infested with five or more instances of malware. Many devices, including home assistants, printers, and personal computers are directly accessible through the Internet.

Easy Accessibility: There are risks on home networks that are simply different than those associated with a corporate network. Home routers and other devices tend to be accessible because of the use of weak or default passwords. The router is more likely to be exposing services that are not typically allowed through a corporate firewall.

Weaker WiFi Security: In a similar problem, an employee’s home WiFi is likely to have less protection than the corporate network. While most employees probably aren’t going to access games that may compromise the network, their kids are more of a risk.

Broader Attack Surface: The pandemic didn’t introduce the idea of remote work, but it vastly increased the scale of remote work. It has changed the threat model in that a significant number of employees are no longer using the corporate network. Instead, employees are utilizing home networks.

The following four steps can help security teams adapt to the new threat model:

  1. Zero Trust: Home networks and devices must be treated as untrusted elements on the network, with controls used for ensuring access requests that are fully authenticated every time. From security cameras to smart TVs, the home network is suddenly and necessarily on the security team’s radar. Both the user and the device must be vetted for each access instance.
  2. Identify Any Gaps in Security: Determine whether employees have been given tools and training to verify that their home networks are secure and how to handle it if there is a problem. Employees need to know when and how to report any security instances. 
  3. Secure Endpoints: Any device should be protected against threats from smart home devices or other devices on the network. Make sure you have a strong virtual private network (VPN) connection and that threat detection tools are properly configured.
  4. Educate and Train: Many employees are unaware of the risks that smart products or other devices can introduce to the corporate network. Remote employees need to be trained on what risks are increased by which behaviors, and how to mitigate them where possible.

If your security team is struggling with a new threat model introduced by the pandemic, contact us at Clarksys for assistance in leveraging the right tools and strategies for protecting your systems and data.