The global COVID-19 pandemic changed many things in networked technology. The popular online meeting platform Zoom saw an increase of 2900% in meeting participants during the pandemic. Other online meeting platforms, as well as remote access applications and services, also saw a steep increase in users. While the growth has tapered off, remote users are here to stay.
As someone who has organically grown into the status quo of online meetings, it has been fraught with challenges. However, today remote work and meetings work so well the majority of the time that we now find it odd when it does not work. The expectation is a significant change from the early days of web-based voice and video communication.
One thing that is always true when enterprising technologists are working to develop and deploy new technology is that the first issue is getting it to work as reliably as expected. Despite all the discussion about security needing to be baked in from the beginning, the focus in the early stages of development will always be on getting things to work. Proper security always seems to come later.
Okay, so here we are — remote access works. Now organizations face the security challenges that come with it, which need to be addressed in real-time. A recent article in The Globe and Mail titled “With remote work bringing more people online, there’s now a cybersecurity crisis” ominously speaks of organizations having to deal with these challenges as they continue to mount. We knew it was going to happen, so it is no surprise.
The situation creates new opportunities for creators of security products and services to serve this growing need. In 2021 Fortinet and Linksys teamed up to create a home networking device that bridges the home and enterprise, which they call HomeWRK. It combines the rather ubiquitous home networking routers with enterprise-level management.
That is a good start. However, we need to take this a step further. Enterprise organizations can no longer only count on tightening their corporate security as an acceptable way to prevent security breaches. We’ve learned that cleaning up your own house will not stop you from getting sick unless you isolate yourself from the outside world 100%. Arctic Security's data showed a noticeable new trend at the start of the pandemic. New systems protected by enterprise security suddenly connected to malware infrastructure from home offices.
All it takes is one exposure to an infection, and you carry it into your home - or your work - and the same holds true for any enterprise network that has incoming and outgoing connections to other networks, and today that is unavoidable. It is of absolute importance that an enterprise is not only aware of vulnerabilities that can affect their networks, but they must also be aware of what vulnerabilities affect those who connect to them and who they connect to. It's for this reason that we track remote management interfaces with the Arctic EWS.
It is reasonable to query these networked colleagues and partners to determine if they, for example, are using some sort of digital certificate-based authentication or zero-trust networking architecture. To the extent law permits, they should scan for potential vulnerabilities and request that these partners provide you with evidence that these networks have been checked for vulnerabilities and infections.
Early warning of malicious activity or emerging vulnerabilities is essential to reduce damages and build a robust infrastructure.