The 2020 pandemic, which undoubtedly will extend into 2021, has stretched the network. Work at home, once taboo by some stern and stodgy organizations, is now a reality and computing networks have had to become more distributed to support distant employees.
Phase 1 of the pandemic was about getting connectivity out; harnessing the internet and cloud…. for most organizations, merely surviving as they and their customers were forced apart.
Phase 2 will be about cleaning up the mess or yet-to-be-addressed details through security and compliance, according to a recent presentation by EMA and GreatHorn titled “Cyber-Attacks in the Wake of a Pandemic: Trends to Prepare for in 2021.”
There will be an increased need for security in 2021, as attack methods that plagued companies and municipalities during 2020 slip past defenses into the new year, preying on isolated employees without enterprise protections and over-the-shoulder hey-Joe support.
These frequent attack methods include:
- The hacking of remote worker home offices
- Exploiting misconfiguration (e.g., AWS S3 Buckets), where oversights have occurred or the balance between security and remote access is not tuned properly.
- Phishing attacks, which are getting increasingly sophisticated and lead to the inadvertent download of malware or the compromise of financial information.
- Ransomware, which fools end users and can eventually ‘hold hostage’ and cripple cities and companies alike.
- Compromised credentials, which use your administrator privileges for theft, sabotage, mischief, espionage, and can inflict damage far greater than smash and grab. Hackers want to get in, then move laterally. Some are patient, which is not reassuring given the time to discover a breach takes months for more than 25 percent of organizations to detect, according to Verizon and its 2020 DBIR.
Spear phishing and ransomware shot up an estimated 40% and 30%, respectively, during the pandemic, according to GreatHorn. Bring your own device (BYOD) is complicating this, because employee-owned-and-operated network equipment (SOHO) cannot easily be protected.
How Network Attacks Occur
The hacker doesn’t need to bust through with executables when he or she can just capture credentials. This isn’t difficult. According to EMA and Greathorn, 59% of users can’t tell the difference between authentic business related app and phishing email…
Attackers can blend in with email, Google Forms, and browser-based payloads. They have had success sending emails that look like Zoom calls or Microsoft Teams meetings. Most of us know or have heard of someone who has been popped by hackers mimicking executives in directing use of corporate credit cards.
All of these network attack methods are compounded by remote work quandaries.
How do you keep up with configuration changes, and stop misconfigurations from continuing as a leading vulnerability?
Misconfigurations often occur during changing computing architectures. The cloud allows organizations to thrive in distributed fashion, but shared responsibility over data security and privacy is not always well understood by cloud providers and customers. Surprising to some, it’s the onus of the cloud provider’s customer, once the data leaves the cloud and even to some degree inside of it. A lack of communication between the enterprise user and cloud organization exacerbates this confusion and vulnerability.
How do you help your employees secure their home offices and connections?
Why can’t I just rely on my VPN? IT departments ask themselves this often, but the reality is VPNs are not inherently security tools. They are a connection tool, although the encryption helps. Second, VPNs represent a difficult balance of providing broad internet access and configuring the VPN to prohibit a whole bunch of addresses that are malicious. Third, users don’t always log in to the VPN, especially when it keeps bumping them off the network. Just don’t be overconfident with your VPN strategy.
How do you secure a server or receptacle of data when the workforce is accessing it remotely?
Just because you put something in the cloud doesn’t mean you don’t have to secure it. This extends to cloud servers, databases, VMs, applications, application containers, and more.
So What Can You Do?
Organizations need to be able to handle enterprise security in a smart and holistic way.
Of course, it starts with awareness training. Keep your employees up to date on spoofing techniques and how deceptively legitimate many of these phishing schemes seem. Users should be encouraged to confirm authenticity through another channel. The days of walking into the CFO’s office and asking him or her whether or not they really sent out a new organizational chart are suspended. Try chat, phone calls, or a separate email composed fresh from the company’s verified directory.
Two-factor authentication also helps, especially against the risk of compromised credentials. Moving toward likely greater adoption is biometric keystroke authentication, which is getting better at ascertaining who is typing, who a message is truly from. Meanwhile, financial institutions are using voice authentication as part of MFA, which makes interactions less painful for the customer, too.
And now there are Dick Tracy-like watches, which send out alarms and act as another form factor in MFA.
Atomicorp provides file integrity monitoring (FIM) and workload protection across hybrid cloud server and container environments. When you can’t “firewall and VPN” your workforce, do the next best thing. Make sure the services and payload coming to and from the cloud is what it’s supposed to be, and goes where it’s supposed to go.
Get a cloud workload protection demo today.
Start a free trial, with leading file integrity monitoring capabilities.