In today’s digital-first world, businesses are rethinking their approach to security. Instead of a traditional reactive approach of band-aid security solutions, CISOs are now looking for scalable, long-term strategies that could proactively protect their enterprise environment and prevent cyber criminals from taking advantage of vulnerabilities that got exposed during crisis situations like the one we all are currently going through.
With millions of people working from anywhere, the attack surface for cybercriminals has increased considerably. Hackers have been quick to take advantage of the loopholes created due to relatively less secure remote working mechanisms, leading to a huge rise in cyberattacks. And with attackers successfully evading defenses, business and security leaders are forced to rely on converged security approaches to address new remote workforce challenges.
Just a cursory look at some of the recent findings from different cyber security OEMs, points out to the huge increase in threats. A recent report from Fortinet, highlighted that home branch offices remained a big target for cyber criminals, wherein they targeted IoT devices such as home routers, connected security devices, home entertainment systems. Similarly, the 2021 SonicWall Cyber Threat Report highlights how COVID-19 provided threat actors with ample opportunity for more powerful, aggressive, and numerous attacks, thriving on the fear and uncertainty of remote and mobile workforces navigating corporate networks from home.
A report from Norton also highlighted that 45 percent of adult Indian internet users faced identity threat in 2020. This figure rose by nearly 40% to 2.7Cr since 2019. This is roughly over 2% of India’s population. Additionally, Norton also stated that 59% of all adult Indian internet users faced cybercrime in some for or the other in 2020. As one can see, a distributed workforce has raised threat levels to a new, higher level, as home users do not have the same level of protection as an enterprise does.
Changing threat landscape
Cybercrime has also got more sophisticated and more targeted. Hackers are constantly exploring new dimensions and vulnerabilities that they can exploit. For example, last year’s biggest enterprise security incident, which caught some of the most prominent organisations by surprise, was the SolarWinds attack, where hackers created a backdoor in SolarWinds’ Orion network monitoring software. This proved to be a big area of vulnerability, as updates and patching are rarely monitored, and highlighted the importance of permissions or access rights allowed for third-party software.
While AI has helped improve security, it has also enabled hackers to find new software vulnerabilities. AI today is increasingly used by hackers to create smart malware that understands how to exploit specific vulnerabilities in the host system and evade detection.
The increased adoption of the cloud has also brought certain vulnerabilities in the cloud ecosystem to the forefront. Most of these vulnerabilities are due to improper implementation or enforcement of cloud security controls from the customer. This includes cloud misconfigurations which can put credentials at risk. For example, a common cloud misconfiguration error leaves unencrypted data exposed to the Internet without any authentication. This happens because organisations leave the default permissions unchanged and make the mistake of assuming that the same settings that work in on-premise environments will work the same way in a cloud-based environment.
The Cloud Security Alliance lists ten more common threats. This includes data breaches, lack of cloud architecture and security, insufficient identity, credential, access and key management; account hijacking; insider threats; insecure interfaces and APIs; weak control plane; metastructure and applistructure failures; limited cloud usage visibility and abuse and nefarious use of cloud services.
Ensuring secure remote access
As organisations are now operating in the era of what can be termed as the ‘unbound enterprise’, the realities of distributed workforce and digital transformation require them to adopt a strategy of enabling productivity from anywhere while securing data everywhere.
Enterprises have responded by trying to provide secure access to corporate applications. This includes giving access using VPNs or cloud-based zero-trust authentication solutions. Some enterprises have also tried to ensure secure access to company data and applications using virtual desktops. This also ensures that confidential data cannot be downloaded to a remote or home computer.
In certain cases, the attacks culminate on the endpoint or the network layer, which makes traffic monitoring essential. This is where proactive network forensics becomes critical. It’s next to impossible for enterprises to evade security breaches, but if they are armoured with network forensics capabilities, they are in a better position to defend against future attacks proactively.
Concerning cloud security, enterprises must understand that a big responsibility of configuring cloud security settings lies with the customer. Enterprises can also use cloud-based automation tools to enforce rules and find out exceptions or vulnerabilities in their cloud environments. In remote working environments, organisations can also take advantage of techniques such as endpoint backup as a service to ensure adequate protection of data in remote desktops or laptops.
For ensuring protection in an always-connected world, enterprises should take help from the expertise of Managed Security Service Providers (MSSPs). Equipped with the right technology and people, MSSPs can ensure a holistic and continuous threat monitoring service. Simultaneously, organisations can also place an additional layer of security by using zero-trust authentication and monitoring user behavior using analytics.
More importantly, for ensuring a holistic security policy, the combination of people, process and technology must work in close coordination. Even the best technology and process cannot prevent an organisation from getting hacked if its employees are unaware of basic security hygiene. Enterprises must enforce this as part of their security policy. In most organisations today, ISMS trainings are mandatory and a part of employee induction.
In today’s complex IT environment, which includes a mix of onsite and multi-cloud environments, the focus has moved from protecting data in a defined perimeter. Today, there are no boundaries, and identity is the new perimeter. Hence, security must be embedded as part of the design, which can help enterprises be proactive in mitigating security risks across the entire ecosystem (suppliers, partners) and lead to improved business confidence.