Category: General Cyber and IT Security

Categories
General Cyber and IT Security

Understanding the Modern Cyber-Threat Landscape and Its Impact on Your Business Operations

Banner - Threat Cyber Landscape

Digital transformation has played a substantial role in the evolution of the modern cyber threat landscape—especially during the COVID-19 global pandemic, which gave rise to the environment of remote work. As businesses tackle challenges associated with the fully virtualized working environment, the implementation of emerging technologies within corporate networks has helped enhance business operations to meet the growing demands of IT process virtualization and automation, data storage, data privacy and security, etc.

However, threat actors also learned to leverage the digital transformation era to achieve attack precision and scalability. In today’s modern cyber threat landscape, sophisticated cyber-attacks have dramatically increased: with ransomware attacks projected to occur every 11 seconds in 2021 and the losses associated with Business Email Compromise (BEC) averaging $80,000 per victim, it is clear that cyber threats have made their way to the top of business risks in the last couple of years.

As organizations attempt to detect and respond to signature- and behavioral-based tactics, techniques, and procedures (TTPs), newer threat actors emerge with more sophisticated and far-reaching TTPs than their peers. Therefore, understanding where your corporate security posture is aligned with the dynamic nature of the modern cyber-threat landscape is critical to determining the likelihood, probability, and impact of a security incident on your infrastructure.

In this article, we discuss the evolving complexities of the modern cyber-threat landscape, its impact on business operations, and how to align your security posture to achieve cyber-resilience. 

Most Likely Cyber Threats In 2021

As the cyber threat landscape is constantly evolving in nature, you must know how to spot new threats, and how to identify the techniques that threat actors may be using to bypass your existing cybersecurity infrastructure.

As a security professional, it is important to understand that the threat landscape in 2021 and beyond is likely to expand, with more attack vectors than ever before.  The SolarWinds attack in 2020 showed us that organizations can suffer from a breach through their software vendors in addition to their internal applications. APTs will be investing their time into new vectors of attack throughout 2021, with more of a focus on enterprise software and the growing hybrid environment, to name a few. 

The rise in persistent threats is a cause for concern, as threat actors are making their way into critical infrastructure more easily, through a combination of AI, automation, and existing techniques such as malware and phishing, to enhance the sophistication of their attacking methods. Threat actors are now more likely to use their knowledge of emerging technologies, such as attacks via IoT devices, such as smartphones and routers, and use it to expand the scale of their attack (moor backdoors, more access points).

Preparing Your Business for the Modern Threat Landscape

Responding to cyber threats within the modern landscape is a difficult task if your IT department does not actively encourage a mixture of AI-powered threat intelligence–information about cyber threats and threat actors–as well as human effort and security awareness. AI and automated threat detection and response are not sufficient on their own to fight against the adaptive intelligence of today’s threat actors. 

The first step to take is to make sure everyone on your team is aware that threat intelligence is only one stepping stone towards a resilient cybersecurity posture. The emergence of new technology in your existing infrastructure will provide threat actors with security loopholes to attack through, and it is your responsibility to understand and adapt your cyber threat response plan accordingly against the growing number of attacking vectors.

To fight attacks before they become prominent threats, it is vital to consistently implement threat prevention, detection and response countermeasures using human-based capabilities as well as automated capabilities. 

Common countermeasures for preparing for cyber attacks should include basic cyber hygiene, such as security awareness training and tabletop exercises; security policy developments for critical infrastructures; managed network detection and response procedures that are documented; MDR and EDR monitoring; and regular assessments.  Therefore, incorporating human touch and automation in the threat detection and response procedures provide more holistic insights and visibility in attack avenues. 

Combating the Probabilities and Impacts of Emerging Cyber-Threats

As your organization’s infrastructure changes, so does the need to protect your data and accounts. Emerging cyber threats are more prominent in areas of functionality that are limited in cybersecurity flexibility, where outdated security tools are still playing catch up with the software/applications themselves. This is often either at the fault of the IT department, or the software vendor themselves. Common examples include remote working setups and applications that are still yet to implement industry-standard security updates such as endpoint protection. It is estimated that 77% of organizations do not yet have a detailed incident response plan in place. 

Cyber incident response preparations

Emerging cyber threats are only going to get more prominent as the barrier to entry for threat actors becomes artificially lower. With a growing selection of open-source AI software and automated tools available to the common cybercriminal, the cost to commit cyber crimes is getting far lower. Technical knowledge is now also becoming a less-critical requirement for threat actors, as phishing and malware techniques can be learned online and thus automated using the tools they obtain.

Luckily for CTOs/CISOs, policy and plan development assessments and network/endpoint monitoring can be implemented very easily. By adopting the following 3-step approach, you can begin to enhance your cybersecurity posture much quicker:

  • Prepare and know your current and future risks by implementing basic hygiene measures, such as cybersecurity training to all. 
  • Protect/defend your infrastructure by implementing automated cybersecurity tools such as MDR/EDR, so threats are recognized and responded to proactively before any damage is caused.
  • Respond to attacks with a progressive mindset, so they cannot ever be repeated. This step involves setting more robust cybersecurity policies like MFA and restricted data access for some employees.

The only way to combat the rising probability of an attack is to have all of your employees adopt a security-first, zero-trust mindset. Your organization will be using more software, more environments and more applications than ever before in 2021, therefore security has to be at the forefront of every user’s mind at all times.

Human error is the cause of 95% of cyber attacks, so the easiest way to respond to these threats is to actively encourage caution, and a standard procedure for all employees when they are operating in the sensitive or emerging environments that may cause reputational and financial burden if breached.

Promote the benefits of regularly updating software, fully encrypting PII or PHI data, and steering away from any link, file, or email that is not associated with your organization. Although emerging threats are hard to spot, practicing a staged attack can help you assess where the weakest link is, so you can enhance your security posture as required.

Conclusion

Threats are real and so are threat actors.  Therefore, you always must stay one step ahead of them. In today’s business landscape, IT infrastructure represents a key business risk because the attack sophistication of threat actors today is capable of impacting business continuity and causing damage worth tens of millions of dollars. Financial damage is not the only downfall, as an organization’s reputation can be quickly lost as a result of a successful breach, whereby customers will quickly lose all trust in the continuity of their service.

There are a number of security applications readily available, which can be implemented in all environments, such as cloud, AI-powered systems, and remote working. Whether you choose to implement data loss prevention,  multi factor authentication (MFA) or behavior analytics into your existing cybersecurity posture, it is paramount that your threat response plan combines the human initiative too. If your security posture is limited in either the technological or human aspect, threat actors will always have the upper hand on speed and persistence.

Understanding and responding to the modern threat landscape should be one of the top priorities for the management in any organizations. It is always worth investing in an objective view and independent confirmation, to see if your infrastructure has the right protection available to mitigate the growing intelligence of modern-day threat actors. 
If you would like to receive expert advice to support all aspects of your cyber security infrastructure, visit SecurIT360 to get the most out of your security assessments, endpoint detection and response processes, as well as compliance-ready penetration testing. All aspects of cybersecurity are critical in the landscape of emerging technologies—let us manage your operations as a concerted package.

Categories
General Cyber and IT Security

Returning to the Post-COVID-19 New Normal: What to Expect for IT and Cyber Security Professionals Coming Back to the Workplace

Cyber Professionals Returning to Work Post COVID-19

COVID-19 is still with us, however many enterprises are reopening their doors and attempting to return to some sense of normal. It’s certainly a new normal: keeping staff safe requires a host of new processes, precautions, and even potentially new technologies and equipment.

From all perspectives, lock downs and work-from-home directives have created a significant disruption to normal enterprise operations. Looking at the situation from the point of view of technology staff, specific operational challenges shift into focus. Work equipment may have left the enterprise environment, home devices may have been used for work purposes, the delineation between work and home spaces has been blurred, or even removed completely.

There’s a lot on the plates of IT and cyber security specialists. Here are some of the most pressing issues to consider as you, your colleagues and the staff you support return to the post-COVID-19 workplace.

COVID-19 Mitigations

At the most basic level, normal workplace procedures are affected by recommendations for safety, as announced by the CDC. The most elementary of these recommendations likely apply to how cyber security professionals must conduct themselves, including:

  • Sick or symptomatic employees should stay home
  • Wear a mask
  • Limit interpersonal contact
  • Maintain appropriate spacing between staff
  • Sanitize surfaces after touching

IT and cyber security staff should be particularly aware of sanitizing devices before and after working with them. Check the CDC list for more recommendations, which vary according to the type of workplace, and follow any guidelines specified by your organization.

Relearn Cyber Security Fundamentals

Basic enterprise cyber security training for staff is often on the “we’ll get to it eventually” list, with indefinite deferral to maintain priority for operational needs. Now is an excellent time to reserve a block of time to review best practices, refresh basic training and boost awareness. Follow your cyber security training protocols and be sure to highlight the basics:

  • Password security training
  • Phishing and social engineering awareness
  • Email security
  • Updating and patching

Reestablishing the importance of awareness can go a long way toward creating resilience against the most elementary threats.

Speaking of Passwords…

Password security is often the first casualty when work and home environments are blurred together. Enterprise equipment and devices may be used by staff family or friends, or home devices could be used on enterprise networks. New employees might have been onboarded outside the usual training and processing framework, including being brought on remotely.

Passwords

A required password reset is the first step toward reasserting control over your security posture. Ensure staff adhere to company password policies when making changes. If your organization hasn’t yet implemented two-factor authentication, now is an ideal time to do so.

  • Have users reset all relevant passwords
  • Implement 2FA

Returning Equipment

Working from home has become the new normal for staff at many enterprises, which requires work equipment and devices migrating from the enterprise environment to homes. Returning work equipment to the enterprise environment creates two important IT security concerns:

Trivial equipment return. Certain items require only basic inventorying: cables, chargers, docking stations, etc. This is a tedious but necessary requirement, to ensure equipment is tracked and available if needed again, and that resources are not wasted. Damaged equipment is inevitable and needs to be replaced. Reemergence of lock down requirements may necessitate a return to large-scale work-from-home deployment: make certain you maintain the basic equipment resources required for that scenario.

USB

Returning devices. Work devices that left the enterprise environment in a secure state do not necessarily return that way. Expect that staff have been negligent in maintaining high security standards and respond accordingly. Many staff will ignore update prompts or postpone them indefinitely. Others might disable security apps as a matter of convenience. Conduct comprehensive updating and patching of all returning devices.

Additionally, staff might install software they commonly use in their home environment, or to replace resources unavailable outside the office. Certain upgraded software licenses may have been added to facilitate work-from-home efficiency, but are no longer necessary (video conferencing, remote sharing and collaboration software in particular). Scan for unregistered software to determine potential vulnerabilities and risks, and cancel unneeded licenses to manage costs.

  • Inventory and maintain adequate supply of trivial equipment
  • Update and patch OS, software, and EDR solutions
  • Scan for unregistered software
  • Inventory software licenses

New Devices in the Enterprise Environment

Returning staff introducing new devices to the enterprise environment is a significant threat to security. These will typically be personal devices – laptops and phones – that staff used for work at home out of necessity because office resources were not available, or because they were more convenient.

Work From Home

Home devices are vulnerable for all the obvious reasons: lack of updating and patching, presence of unauthorized apps, absence of enterprise-grade security solutions, poor password security, etc. Once one of these devices connects, the entire network is at risk of compromise.

USB and NAS devices are an additional threat vector that can slip through the cracks. Staff may have been using these devices regularly, or as a one-shot solution to port data or files from home to the newly reestablished enterprise environment. Enforce your existing device controls to restrict use of unauthorized storage devices.

  • Run scans to check for new, unknown and/or unapproved devices; personal laptops, phones and devices should not be allowed within the enterprise environment
  • Monitor use of USB and NAS and enforce device control protocols

Maintaining a High Readiness Posture

It’s critically important to remember that the post-COVID-19 new normal can, at any point in the future and without warning, revert to a crisis environment. Your staff could get sick and require your office to close, or general rates of infection could increase enough to cause reimplementation of a shut down. The possibility that things could again get worse still exists.

Make certain that the lessons learned, strategies implemented, and changes made are maintained to ensure readiness in the face of additional challenges. Navigating the new normal is tough enough – don’t let your guard down and be forced to start from scratch, relearning adjustments that were made in March and April.

The path forward requires an extra effort of safety and vigilance. If you can maintain focus, the new normal will become the regular normal and you can once again focus on operations, performance and your core business mission.