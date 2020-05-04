How Companies Can Assess Security Risks amid Remote Working Rush through Cymulate

The coronavirus pandemic has brought many aspects of daily life to a grinding halt: transportation, consumer goods and services, work. Governments across the globe have declared lockdowns and community-wide quarantines in order to slow down the spread of the virus. Businesses in industries that can function through remote work are now forced to institute work-from-home policies for their workers.

Not all companies have such capabilities in place prior to the outbreak. As such, there has been a mad rush to institute such mechanisms. Companies are adopting cloud computing tools wholesale in hopes of effectively transitioning their business processes to digital environments that can be accessed by their remote workers. Fortunately, there’s an abundance of cloud-based business solutions that they can tap to quickly build their capabilities.

However, a key concern that organizations should not overlook in the process is cybersecurity. Creating an infrastructure composed of various cloud-based tools essentially expands a company’s potential attack surface. It is critical for any company to assess the security risks that come with their new reality especially since hackers are also trying to exploit the phenomenon for their gain. There has been a sharp increase in coronavirus-related phishing attacks targeting remote workers.

This is where solutions like breach and attack simulation (BAS) platform Cymulate can help companies with their shift. Cymulate’s automated tests on multiple vectors can help companies easily identify potential vulnerabilities in their infrastructure. These weak points can then be easily addressed and a safe remote working environment during this crisis can be maintained.

Establishing a robust remote working program typically requires organizations to adopt a variety of solutions, critical among which are communication and collaboration tools. Setting up these services and integrating them to the existing infrastructure present their own set of challenges.

Adding any component to an IT infrastructure, be it a cloud instance, a web application, or an additional workstation, can potentially introduce vulnerabilities. Poorly performed integration can also create gaps in the security perimeter. To prevent these, IT teams must be careful with integration or use additional security tools such as firewalls and endpoint protection to safeguard these components.

Companies should also be wary of social engineering attacks. Communication will primarily be done through email or messaging unlike in the physical workplace where face-to-face communication is the norm. This makes it possible for hackers using phishing attacks to exploit employees. Attackers can use crafty phishing messages to fool workers into giving them access to company resources.

Workers will also be accessing these solutions through their devices at home which may not be properly configured or secured.

Companies should therefore evaluate their security risks as they bring their updated infrastructure online. Previously, performing comprehensive assessment through penetration tests requires time, resources, and high levels of technical skill to perform. Today, BAS platforms are now available to help IT teams, even those without advanced cybersecurity skills, to generate the risk assessment reports for their respective infrastructure.

For example, Cymulate can perform simulated attacks on a variety of potential attack vectors in an organization’s infrastructure.

It can test web gateways for inbound and outbound exposure to malicious traffic or if firewalls and their existing rule sets are capable of blocking automated attacks. Email gateway attack simulations can also evaluate email security, checking if protection tools are able to screen for malicious links and malware that malicious emails typically contain.

The platform can also test endpoint security if the antivirus and antimalware installed on workstations are capable of detecting and removing malware. It can even test the crucial human element through simulated phishing tests. The platform can send dummy phishing emails to employees to identify who among them would fall for such attacks. Cymulate can generate detailed reports identifying which vectors are most vulnerable.

Through a timely and comprehensive assessment, IT teams can immediately perform the necessary remediation to lower security risks. They can improve their security measures and rule sets or change out ineffective security solutions entirely. Cymulate is also software as a service (SaaS)-based, allowing organizations to run tests and generate reports remotely. The platform also provides security notifications on the latest emerging threats so that IT teams can readily test the exposed vector and perform the necessary actions to keep their companies secure.

The coronavirus outbreak will surely test the resilience of any organization, both offline and online. Those that must shift their businesses to digital should do so quickly in order to minimize downtime and interruptions by achieving an acceptable level of productivity despite relying on remote work.

While this is crucial, organizations should also ensure that they keep their infrastructure secure. Falling victim to a single cyberattack can potentially have as much catastrophic impact on any business as prolonged downtime.

Considering the urgency of resolving all of these issues, companies should be able to perform their security assessment quickly and accurately. BAS platforms like Cymulate can definitely help in this aspect by providing the necessary insights on how companies can secure their new infrastructure that enables work-from-home arrangements, which may very well be the norm for the coming months.