With the impact of the COVID 19 pandemic, ‘remote working’ has been the “new normal” for all of us. With more people using personal devices for work, companies going through sudden digital transformation and moving data to the cloud, which has led to the increase in number of cyber-attacks since the pandemic started.
Between 2019 and 2020, ransomware attacks alone rose by 62 percent worldwide, according to cybersecurity firm SonicWall’s 2021 report. Through the first half of 2021, SonicWall recorded global ransomware volume of 304.7 million, surpassing 2020’s full-year total (304.6 million) — a 151% year-to-date increase. On the other hand, Acronis Cyberthreats Report Mid-year 2021 warns that small and medium-sized businesses (SMBs) are at particular risk for cyber attacks based on the attack trends seen during the first six months of the year. The report revealed that during the first half of 2021, 4 out of 5 organizations experienced a cybersecurity breach originating from a vulnerability in their third-party vendor ecosystem.
In 2021, many organizations are using a hybrid work model where employees are working on-premise and remotely on various days. With an increased cyber-threats and new working models, it has become a difficult task for cybersecurity leaders to their secure organizations efficiently. In this feature, we speak with technology leaders how best we can secure an organization.
The constant discussion in the IT sector has always been on evolving cyber threats. Though it is always said that security should be prioritized from the base plan, it was not always the case while budgeting. Data breaches will bring a firm to its knees, which is why companies must devote substantial resources to data security. Enterprises must innovate in their protection strategy by implementing integrated and centralized management for visibility across many levels of defence. To enhance and automate the defence, it’s critical to use modern machine learning algorithms, data-driven analytics, and comprehensive threat intelligence services.
“During the COVID-19 lockdown period in 2020, 28% of the organisations reported having ransomware and with thousands of new malware threats being created every day, companies have to be prepared to face it, because it’s not a matter “if it will happen” but “when it will happen”. The efforts of implementing, maintaining and keeping security measures up to date can be extremely difficult and costly. Therefore business organisations are increasingly adopting the use of cloud service providers to benefit from higher security levels at a fraction of the cost compared to if done “in house”,” said Giuseppe Brizio, EMEA CISO, Qualys.
Organizations should prepare for advanced assaults and assess technologies. Since no tool is thoroughly effective against an assault, tools must collaborate. No tool should be used in isolation, and integrations between them can improve even basic detection. These integrations must be secure. Threat actors are aware of the integrations as well as the flaws in the APIs and common data models that link them. What needs to be considered is how effectively new tools connect into the ecosystem and how well the security of their integrations when evaluating new solutions be controlled. A bad integration model would be a liability.
The major first step to be taken by the CISOs/ security officers should be evaluating their systems. Evaluations need to be done to determine whether it is time to update/ change the security systems. The most common causes for change include ineffective security systems or poor service quality, better market options, and/or an unfavourable cost/benefit ratio. However, there may be times when a security team is requested to rationalize cybersecurity suppliers, as well as the products and services landscape, to reduce expenditures and operational expenses. But, they need to ensure if the current DDoS protection infrastructure meet spikes in attacks if it can handle an increase in size and volume of threats, if proper embracing of AI/ML is done, to name a few.
“Security is a journey. The journey starts with setting a comprehensive plan and a clear vision of where the organization needs to be within a determined timeline. Setting priorities on what has or should be updated first and phasing the journey according to the business drivers is imperative. The responsibility of updating or changing the cyberinfrastructure in almost all organizations is divided into diverse teams such as the application team, security team, network team, systems team, etc,” said Mohammad Jamal Tabbara, Solutions Architect Manager at Infoblox.
While evaluating, it is also necessary to keep updated on the current cyber threats. Cybercriminals used to steal and sell personal information from consumers, but ransomware and phishing scams are now more profitable for hackers. As these attacks may be automated, they are less complicated and require less work. This is quite evident from the high number of ransomware attacks we’ve witnessed in the past year and a half (the Kaseya attack being the most talked about recently). Cybercriminals can encrypt corporate data and demand payment for the decryption key, but they can also exfiltrate sensitive material and threaten to make it publicly available, causing financial and reputational harm to the firm.
Recently, we’ve also witnessed that cyber-attacks are not just more frequent, but they have also been specific regarding who they target. This is quite evident from the Solarwind attack which was quite an unusual method of cyber attack.
“Threat actors, over the last few years, have evolved their technique to maximize their business and make money (traditionally in Bitcoin). They have steadily shed attacks that cannot be monetized, like denial of service, but in the process have created more visibility for their nefarious missions,” said Morey Haber, CTO & CISO, BeyondTrust. “Cybercriminal tactics, unfortunately, are using attack vectors from the grossly simple, like reused passwords, to sophisticated attacks that have obfuscated code hidden in third party vendor solutions. The attack vectors themselves can be trivial to mitigate or even extremely difficult to identify in the first place. Therefore, the tactics have become more focused on monetization, mostly through ransomware and extortion,” he added.
Though it is important to keep updated on current trends, many of the attack vectors used in previous years are still viable. It is advised by many for organizations to use a privileged access management system (or better yet, a multi-factor authentication) to safeguard their most sensitive accounts and closely monitor all remote access for acceptable conduct. Organisations are also encouraged to implement a Zero Trust Framework’, as “trust no one” is the motto of a proper security system.
“In addition, special attention should be given to putting technologies in place to protect against the recent surge in DDoS attacks. Sophisticated DDoS threat intelligence, combined with real-time threat detection, artificial intelligence (AI)/machine learning (ML) capabilities, and automated signature extraction, will allow organizations to defend against even the most massive multi-vector DDoS attacks, no matter where they originate. Actionable DDoS weapons intelligence enables a proactive approach to DDoS defences by creating blacklists based on current and accurate feeds of the IP addresses of DDoS botnets and available vulnerable servers commonly used for DDoS attacks,” said Amr Alashaal, Regional Vice President – Middle East at A10 Networks.
Internet and technology have presented companies with lots of opportunities. But with these opportunities comes a bundle of cyber threats. Organisations need to encash the opportunities and get rid of the cyber threats that come with them. With the proper knowledge and tools, this can be done. Though securing an organisation is not an easy task, but it is a possible task.