Threat protection needs grow for organisations due to COVID-19
As I am sure it has not escaped anyone’s notice, almost every organisation has found a sudden and wide ranging need to adapt to very different working practices. Whilst IT security is used to combat computer viruses, the impact made by measures necessary to combat the global pandemic of COVID-19 has introduced many challenges and new risks that increase the need for adequate threat protection.
Many organisations have taken emergency steps to allow user productivity to continue. These steps include enabling users to access services from personal devices, allowing sign-in to all services for all staff, removing previous restrictions on service access.
We have seen a large increase in the attacks against organisations with attackers looking to take advantage of these measures. In many instances the move to enable users to continue to be productive has resulted in the only protection to organisation apps, services and data being a (often re-used, previously breached, or otherwise weak) password. Whilst trying to keep the organisation running the last thing that is needed is a security breach, and yet this is a time where guards are down, doors are opened, and attackers have even more free time on their hands.
Beyond the well-known risks of passwords there has also been a large increase in phishing attacks. As noted in several recent news articles some are using COVID-19 and false government notifications to slip through your users’ cognitive filters and attempt to gain user credentials. The increase in phishing has also targeted users with messages around furlough, employment rights, health notifications, remote working set up and organisation announcements.
Keep a watchful eye
At Silversands we have been working with many organisations since the start of this crisis to increase threat protection, deploy new access methods securely, and facilitate the sudden deployment of modern workplace approaches without sacrificing productivity or security. Microsoft provides organisations of all sizes with extremely powerful tools to monitor risky and unauthorised access. One recent improvement in this area to ease administrators to spot risky sign-ins has happened with a simple UI change in Azure AD sign-in filters. Authentications are now separated into ‘Modern Authentication Clients’ and ‘Legacy Authentication Clients’.
Around 80% of intrusion attempts begin with an attack against legacy authentication. Monitoring where these come from or restricting legacy authentication is a strong defensive step. The Azure AD risky sign-ins, risky users and risk detections reports are worth reviewing from:
Azure AD> Security
There are many more features and options but most almost all should have access to this telemetry.
As with all discussions about threat protection and access security, MFA is still key. Enrolling users when they are no longer within reach or enrolling from the office location has its own challenges but is still a pivotal layer of defence against all attackers. Building on MFA or restricting access to managed and hybrid devices with Conditional Access is another common scenario. This allows us to confidently ensure that access to data and services is only happening from devices and user sign-ins that have a high level of trust.
Many organisations are rapidly deploying Windows Virtual Desktop, access to which can be guarded with Conditional Access and MFA from unmanaged devices, to allow users to securely access scalable Windows 10 environments. This is a particularly important technology to allow access to internal services and databases that carry significant risk if exposed externally.
The application publishing technology of Azure AD Application Proxy has been put to good use with customers to allow secure (native support for Conditional Access again) access to on-premises web apps and in many cases enhancing the user experience through Single Sign-on.
This is just the tip of the iceberg. Microsoft 365 provides all the necessary tools to weather this storm. The probability is that your organisation already has the tools available amongst existing licensing, if not then compared to deploying various disparate systems to tactically allow a path of least resistance is almost certainly going to cost more in the short term, and much more in the long term.
Threat protection and more. How can we help?
Silversands is a Microsoft Gold Partner of over 30 years standing, which specialises in Microsoft 365 delivered across cloud (Azure) and hybrid IT infrastructures. We provide consultancy, support and user adoption services. The Covid-19 virus will make organisations seriously re-assess their business continuity plans, as well as threat protection, and we are running a series of webinars over the next few months that will be relevant to your organisation.
However, in the short-term your priority is more likely to be support to back up your IT team.
IT Support – Silversands provides pre-paid support which covers a wide range of needs including:
• Remote IT cover
• IT service desk calls / escalation
• End user support calls
• Setting up VPNs on firewalls
• Windows Virtual Desktop
• Microsoft Teams deployments
• Intune / BYOD management
• General Microsoft 365 advice & guidance
If you need help and would like to have a chat about how Silversands might be able to help you, please complete the form below: