Zero-day Vulnerabilities and the Visibility Gap Challenge During Mass Remote Work

1

As the world collectively deals with COVID-19, many organizations have enacted company-wide work from home policies to help slow the spread of the virus. For many organizations the sudden requirement to support home working en masse has exposed an uncomfortable reality: critical visibility gaps are everywhere, and they could seriously escalate cybersecurity risk.

Media reports of flaws discovered highlight the importance of comprehensive insight and control across the entire estate of digital assets. That can only come from a unified platform: a single version of the truth to unite siloed IT and security teams.

Hacking the home

Several stats highlight the huge shift in working patterns taking place in many countries around the world over recent weeks. VPN usage in Italy spiked by 112% in the week the government lockdown was announced, while separate figures show increases across enterprise VPN servers and a 65% increase in CPN demand during this quarter of 2020, compared to 2019. Video conferencing apps have also seen a surge in users as daily users have soared to the hundreds of millions in March.

However, this is where security problems can emerge for organizations. Without corporate endpoint management, the sheer volume and variety of laptops, tablets, smartphones and computers logging-on from home represent a major security risk to the corporate network. Relatively few organizations have incorporated these endpoints into their patch management programs, which could leave them exposed to attack.

Companies could also be at risk of compliance violations if an employee stores consumer data on their personal device and suffers a data breach. It doesn’t take much: a well-crafted phishing email or booby-trapped mobile app is often enough to successfully exploit these unpatched endpoints. Remember, a hacker only has to get lucky once, and user awareness programs can only do so much. That’s probably why we’re seeing a huge spike in phishing emails — over 600% since the end of February — and registration of phishing domains.

Unfortunately, the mass switch to remote work has meant certain platforms are being scrutinized more closely by white hat researchers and cyber-criminals alike. Over the past month, three new zero-day vulnerabilities were revealed in Zoom. The first, in the product’s Windows client, could enable attackers to steal users operating system credentials. The other two affect the Zoom macOS application, allowing an attacker to remotely install malware and eavesdrop on meetings via the victim’s microphone/webcam.

Visibility problems

These vulnerabilities would represent a security risk to organizations at any time. But the current scale of home working has expanded the corporate attack surface to unprecedented levels in most enterprises. That means many more potentially unpatched endpoints for cybercriminals to target. All of this comes at a time when IT complexity is on the rise thanks to digital transformation projects. IT and security leaders need insight not just into laptops, desktops and home PCs, but also virtual machines, containers and cloud infrastructure.

This complexity is partly to blame for the major blind spots appearing in many corporate IT endpoint estates. A recent Tanium study revealed that nearly all global CIOs have discovered endpoints in their organization that they were previously unaware of, and nearly three-quarters (71 percent) find new endpoints on a daily or weekly basis.

Why is this happening? IT operations/security siloes, legacy systems, too few resources, shadow IT and tool sprawl are all factors, they claimed. We found that organizations are running an average of 43 separate security and operations tools to manage their IT environments, for example. That’s only going to drive up complexity and compound those IT siloes.

A better way

The truth is that out-of-date or incomplete information can leave your digital assets on old software versions, exposing the organization to potential outages, non-compliance, cyber-threats and other risks. That means gaining real-time visibility across the entire estate, including home workers, is essential to continuously manage risk and support compliance efforts.

Doing so means finding a vendor you can trust to consolidate on: a unified endpoint management and security platform to provide a common set of actionable data for IT ops and security teams to unite around. With this single source of the truth, they will be able to query which machines are unpatched and where they’re located in seconds, to prioritize remediation. New vulnerabilities such as those found in Zoom can be discovered, isolated and remediated immediately.

In challenging times or not, complete endpoint visibility and control should be the goal of all IT leaders.

Share.

About Author

CISO at Tanium