Fending off cyberattacks while working remotely on a global scale

(Image credit: Shutterstock)

Businesses around the world have quickly had to adapt to remote working during the pandemic. This transition took some companies by surprise while other had already allowed some of their employees to work remotely and were more prepared. If the challenges of working from home weren’t enough, cybercriminals saw an opportunity to launch cyberattacks against vulnerable organizations during this trying time.

To better understand how businesses have dealt with this massive increase in cyberattacks and scams while working remotely, TechRadar Pro spoke with vice president of products at ManageEngine, Rajesh Ganesan.

Can you tell us a bit about your current role at ManageEngine and your background at the Zoho Corporation?

I am a vice president of products at ManageEngine, part of the leadership team overseeing product strategy and direction for the overall suite. I started out as a software developer 24 years ago, building the company's first set of software products instrumental in managing large telecom carrier networks. I subsequently evolved along with the company, from incorporating ManageEngine as the IT management division within Zoho Corporation and taking it to what it is today, taking up a variety of roles in the process. It has been a great ride and it is getting better every day with us having to solve more challenging problems for our customers.

(Image credit: Shutterstock / LStockStudio)

ManageEngine made the decision early to allow its employees to work from home during the global pandemic. What were some of the challenges in doing this and what did you learn from the experience?

In the last two years, we have been doing a lot of field marketing and employees were travelling a lot for meetings, workshops, seminars and trade shows. We also have employees based in customer locations for a few weeks because culturally we like to meet people face to face. We’ve since put customer visits and other field marketing events on hold. With our parent company Zoho Corporation running completely on a cloud platform, it meant that the switch to working remotely from home wasn’t a difficult transition for us.

That said, we have gone through an adjustment period, too. We are an R&D-heavy company with 8,000-plus people, including roughly 5,000 active developers. They need access to the source code repository, and that was a huge challenge because we cannot put all the source code on the cloud. Even though all our other applications run on the cloud — collaboration, communication, and content creation — those core repositories could not exist on the cloud. 

For two or three weeks, the teams worked really hard to get this working when most people are logging in remotely. That's been a big disruption for us, but in terms of how we run the business, not a lot has changed because we could very quickly connect in other ways.   

Did your company allow employees to work remotely before the current situation and do you think you will allow them to do so once things begin to return to normal?

Although there was no formal policy, we have entertained work-from-home (WFH) requests from our employees on a case-by-case basis even before the Coronavirus pandemic. 

Post-pandemic, ManageEngine will be revaluating how best to leverage working from home, particularly given there have been reports from employees that they have been able to get more work done at home and still have time to relax and connect with their families. We will also evaluate how we grow as a company, expanding via smaller rural offices as opposed to large campuses, which will allow us to maintain a more diverse workforce and be less susceptible to outages or natural disasters that could render one campus out of commission.

(Image credit: Shutterstock.com)

How has your business dealt with the increase in cyberattacks and online threats during the coronavirus?

Being a cloud company that serves more than 50 million users and hundreds of thousands of businesses around the world, we have always prioritised data security and privacy and that continues during these tough situations. This also serves as a reiteration for businesses that security cannot be a reactive function, but one that has to be part of the design and culture of how the business operates. 

With almost everyone working remotely, there are instances of more frequent social engineering and DDoS attacks, but us being aware of and having the necessary safeguards already in place, has allowed us to navigate this tough period relatively easily. ManageEngine itself provides key solutions for enterprise IT security and we leverage them fully in our own operations to stay on top of attacks.

Which factors do you think pose the greatest threat to a business’ cybersecurity during the ongoing pandemic?

When employees connect to the corporate network from home, they expose several access points for hackers to exploit. These unprotected endpoints extend the corporate network perimeter thus increasing the attack surfaces for hackers. Furthermore, the channels used for establishing secured remote connections — VPNs and other remote access platforms — might have umpteen security vulnerabilities that could be exploited by the hackers. A simple phishing attack on an unsecured network can expose sensitive data from your entire company. 

Often, enterprises don't have segmentation or limitations for VPN use because they are usually used by internal employees and/or third-party vendors. With the sudden shift to remote working, most IT teams don’t have the time to segment their network for high VPN usage. So, remote employees who connect to a corporate network through VPN might have access to every resource in the network. Hackers could take advantage of this and gain access to all of those network resources, scan for other vulnerable machines, breach devices to steal credentials and sensitive data, and perform other harmful activities. 

ManageEngine is offering fully-functional versions of its Access Manager Plus and Remote Access Plus to IT teams for free. Can you tell us how these two solutions can be used by businesses to protect their remote work forces?

Some important functions like IT management need access to critical systems in the infrastructure like servers, applications, databases, and network devices. Given the associated security risks, most organisations are not in a position to open up remote access to such systems. ManageEngine has tools that help organisations build multiple layers of security to enable remote access to critical systems.

Access Manager Plus addresses the problem of remotely managing infrastructure such as servers and databases. Privileged sessions for maintenance and troubleshooting are typically restricted to the data centre. Installed in the data centre, Access Manager Plus provides secure channels so such tasks can be carried out remotely. Unlike VPNs, it provides granular access controls, restricting users to the operations, files, and folders that their job requires. It can also prevent files from being copied to the remote system and enforce session time limits. All activities are logged for analysis, and the software can be connected to SIEM tools.

On the other hand, Remote Access Plus is a secure remote support and remote access software. Users can remotely troubleshoot machines through web-based and on-demand remote support sessions to help customers and employees. Additionally, it allows users to set up unattended remote access to remote PCs, laptops, servers and other remote endpoints. For example, help desk technicians can use the tool to provide remote support and other users can set up remote access to their workplace machines from home.

Considering the distressing situation faced by businesses, especially those in the small and medium segment, ManageEngine has made available fully-functional versions Access Manager Plus and Remote Access Plus, our secure remote access toolkit, free of cost till July 1, 2020. 

As a result of the sudden transition to remote working, security perimeters grew by magnitudes almost overnight. What approach should IT teams take to address this issue? 

Now that a large proportion of the workforce is working remotely, security leaders should take the following protective measures: 1) ensure employees are trained on basic information security, 2) ensure employees understand their responsibilities, 3) enable multi-factor authentication for all information systems, and 4) set up comprehensive auditing and surveillance for all user sessions. 

When the operating model of the whole company changes to working remotely, leadership must demonstrate situational awareness, realise their attack surface will increase drastically for security incidents due to remote work, plan all operations meticulously, and prepare an around-the-clock incident response strategy. 

To give remote employees the access they need to exclusive information within the corporate network, organisations must provide secure remote access. For example, the chief financial officer might want to access financial data that is not available in cloud storage, legal counsel team members might want to review some confidential agreements, or a server administrator may need access to a server to fix an urgent problem. 

This is where remote privileged session management tools help. These tools offer secure channels through which employees can access information and perform operations remotely. The tools only provide access to users with the right permissions, ensure remote sessions last only for the required time, and record all actions users carry out in every session. ManageEngine offers secure remote access tools; with these in place, businesses can offer remote access to employees with confidence. 

(Image credit: Shutterstock / Elaine333)

What advice would you give to a company implementing a remote working policy for the first time?

Shifting to a remote working model is a mammoth task that usually takes IT teams months to execute. However, due to the coronavirus pandemic, IT teams were expected to make this shift within a span of few days. Such an overwhelming workload could lead to misconfigurations and unintentional human errors that may serve as a security loophole. The fix to this issue is simple. Organisations need to continuously monitor the configuration changes made to network security devices and VPN servers, approving those which present without a glitch.

Now that a major portion of the workforce is working remotely, organisations can curb the risk of human error by taking the following protective measures:  

-Ensure employees are trained on basic information security

-Ensure employees understand their responsibilities

-Enable multi-factor authentication for all information systems

-Set up comprehensive auditing and surveillance for all user sessions 

Do you believe businesses will consider allowing some employees to work remotely once this is all over and if not, why?

Remote work was already becoming increasingly popular and this pandemic has only made it normal, in terms of convincing even the skeptics. So, I do believe businesses will begin using remote work strategically once this is over, particularly in the sense of leveraging talent, partnerships and geographical reach. The technology and tools are also becoming more enhanced and increasingly more reliable, which will expedite the move of major share of technology and information work, remote. I cannot foresee a reason why businesses would not allow someone to work remotely, who otherwise can.

How will long-term changes brought about by the coronavirus pandemic be reflected in future changes to the ManageEngine offering?

This is indeed an exercise we have already started doing and I believe we are not alone. The consumption, business and operating models are going to see a lot of change and we realise we need to divert focus to the areas where our customers will need more help. This will be around remote work, enabling collaboration, ensuring productivity and hence our focus will be to help the technology teams to enable this for their business. Our tools will evolve to address these new challenges of enabling secure remote access to information and the business workflows extend beyond the corporate network and run smoothly and securely.