Over the last 18 months, there have been massive scale changes in how everyone works, learns and socializes online primarily due to the pandemic. We all had to stay home; a switch flipped and being online was more critical than ever before.
Cyber attackers took advantage of this situation, not with the development of advanced threats, but by accelerating existing malware campaign capabilities with minor enhancements. For example, there has been growth in DDoS attacks, disconnecting employees from work and acting as a smokescreen that distracts security teams long enough for a penetration attack to map the network and deploy malware on vulnerable devices. Many of these attacks are targeted at critical verticals such as education and healthcare, with vast phishing and ransomware campaigns causing systems to go offline. For many, there has been no choice but to pay the ransom to get back online fast.
Cloud platform attacks are growing in frequency as more people must rely on cloud services for their daily work – collaboration, file-sharing and videoconferencing, to name a few. The common methods of these attacks are password theft via spear-phishing or user-coercion, which allow an attacker to steal data or take control of cloud systems, as well as malicious videoconferencing access that can not only disrupt business, but also allow an unknown user to hide in plain sight and secretly listen in on confidential conversations.
All types of attacks are damaging, potentially affecting business flow and reputation, but enterprises have been quick to learn due to the rapid transition to remote working environments. With the proliferation of mobile devices and requirements for always-on connectivity and access, we’ve all become familiar with the conversation around shifting network perimeters and the elastic security needed to expand and contract based on dynamic usage and demand.
The Network Pushed to the Edge
The pandemic pushed the network perimeter to its furthest extent, with nearly all users shifting to remote work environments overnight and cloud services becoming the norm. This change forced security and IT teams to adapt instantly.
The move to remote working added cyber risk as employees used personal devices to access corporate information. Attackers knew this and, therefore, increased phishing campaigns targeted at personal email accounts in the hope of stealing data or spreading malware and ransomware. As we move into a hybrid work model, employees will continue to need constant security awareness training and updates that is also adaptable for a remote workforce.
The network is the lifeblood of business, so it must be secured and constantly monitored from edge-to-edge, including cloud and physical environments. Machine learning and analytics are vital to keeping the network in tip-top shape, aiding security teams with fast responses and recommendations to ever-changing situations. Moving forward, security and IT professionals will apply these critical learnings to ensure future stability and availability of systems as users continue to do their jobs in the hyperconnected, distributed world.
Making the Move to Cloud Safely
Cloud allows businesses to scale reliably with guaranteed performance as well as the knowledge that the latest version of the software is always in use. This is the responsibility of the cloud provider and is carried out automatically. Using definitive software reduces the risk of attacks as any new vulnerabilities are identified and quickly fixed.
Before making the move to the cloud, here are a couple of suggestions to ensure that adoption remains safe and secure:
• Ensure that the cloud provider puts security first and offers recognized security solutions to protect applications and data. Ideally, engage with a cloud provider that can extend existing data center security into the cloud. In doing so, the learning curve will be reduced for the security team and enables the same policies to be developed and deployed across physical and cloud infrastructure.
• Agree on a strict security service-level agreement (SLA) for downtime, application of patches, and security updates. Ensure it includes thorough, clear processes for what happens in the case of a system-wide attack such as a provider-level DDoS attack or advanced breach.
• Make sure that the provider supports and uses the highest level of complex password process available. This will include complex passwords and a form of multi-factor authentication based on applications and/or tokens.
Remember that the security for any cloud-based instance of a product is only as strong as the protection policies and passwords in place. An administrator can still make mistakes, and we have seen this regularly with exposed databases on the internet.
Is it all about technology?
An effective security culture is created with better awareness for users, so it’s rare to come across an enterprise today that does not have a security awareness program in place. But how many of these programs have been adapted for remote working? This change is necessary as a wholesale return to the office in the short term is unlikely – in fact, it may never happen.
• Train users to be aware that complex passwords and multi-factor authentication are not just for their work computer but for personal devices too, and when well-adopted, are a benefit rather than a headache. If a remote user is using a personal device to connect to corporate resources, then a weak password on their computer is a business risk. Create training modules that cover password managers, authenticator applications and complex yet easy-to-remember password creation.
• Home IoT devices can be a weakness as consumers typically set them up with factory default security (e.g., weak or no passwords). A training module on home IoT would be valuable and perhaps enhanced by a special support email address or number where users could ask for advice on how to best set up home IoT devices for safety.
And How Does the Future Look?
In 2020, many moved from office to remote work, while businesses had to scale out with barely a day’s notice. This has all proven the reliability, performance and security of cloud solutions as well as demonstrated the ease of use for administrators and users.
Cybersecurity remains a key investment element for any organization, and we cannot become complacent; security policies must be regularly reviewed and updated. Similar to inventing new methods to target a remote workforce, attackers will start looking for new and innovative ways to break into cloud solutions.
However, the adaptability of the cloud means that we will see continued growth into the future. Organizations will adopt new solutions, as well as expand what is already in place. The flexible and secure nature of the cloud allows security and application teams to focus on defining strategy for the future rather than being consumed by the management of what is in place today.