A remote workforce under constant threat requires continuous vigilance and timely responses
Network and online security are serious issues. But for most infosec teams, there is real skepticism about whether all the security features they’ve installed and all the protocols they follow are actually deterring bad actors. Particularly now, following the horrendous SolarWinds and Microsoft Exchange hacks, is anyone really safe? But let’s say you’re one of the few who haven’t detected any network intrusions. Is it because your security tools are working really well? Does it mean that attackers have succeeded, but managed to hide their intrusion? Or could it be that you’ve somehow been spared by hackers?
In theory, it could be any of these. But you have probably heard the famous claim that there are only two kinds of network owners: those who’ve been hacked, and those who’ve been hacked but don’t know it yet. While that may be a bit of hyperbole, the fact is that the online world is rife with malicious actors and bots — always looking for ways to slip into organizations’ networks and create mischief. So even if you haven’t detected any attacks or breaches, that doesn’t mean it’s time to kick back and relax.
A Clark School study at the University of Maryland determined that network attacks are essentially nonstop — and that every computer with internet access is being attacked, on average, once every 39 seconds. However, that’s just the tip of the iceberg. If your network contains high-value information, hacks are far more frequent. For example, Utah state computer systems, which house one of NSA’s data centers, are reported to experience a jaw-dropping 300 million hacking attempts every day.
Alarming as they are, these statistics only tell half the story. They were collected before the pandemic hit, abruptly forcing millions of office workers to work from their homes. Since that time, the pace of cyber-attacks has soared to even higher levels. Using the expanded attack surfaces and end points offered by work from home (WFH) remote connections, malicious actors have found a treasure trove of new vulnerabilities to exploit. The situation has been further aggravated by the subsequent overload on corporate VPNs, as well as the corresponding shortcuts that remote workers have felt obliged to take in order to get through to their colleagues — shortcuts which largely bypass existing security protocols.
Today, more than a year after the Covid-driven lockdowns first emerged, there seems to be a consensus that many employees will not return to their previous full-time office environment. Some companies have even gone to the extreme of shutting down or selling their office buildings in recognition of what may be a permanent shift to home-based work. Far more are convinced that a hybrid pattern — in which employees come into the office on alternate days or on special occasions, but mostly work from home — will be an enduring legacy of the pandemic.
IT teams around the world have done an amazing job of pivoting support away from familiar centralized work environments and towards their newly decentralized remote workforces.
Many reports claim that employees’ productivity and work-life balance have, if anything, improved since the start of the WFH movement. But it also means that certain security measures — which were hastily put into place as part of a temporarily response to a short-term emergency — now need to be re-engineered into more structured, durable, and high-capacity approaches.
With so much in flux, security teams need to regularly, or even continuously, assess their security posture to find and remediate any potential vulnerabilities. Configuration drift is a huge problem. Even if everything seemed to be 100% secure the day it was installed, a perpetually shifting threat landscape means it may not be tomorrow. Therefore, it’s so important to have frequent, recurring assessments. You can’t just have your reseller set it up once then walk away. In the case of security measures, non-destructive testing is not only possible — it is essential, and easy to perform. Breach and attack simulation tools make it easy to safely simulate all sorts of different attacks to test a network’s defenses as well as those of its individual users.
Software misconfigurations create hidden vulnerabilities and footholds for attackers to strike. Moreover, they can affect any point in an organization’s application stack. These can include its network services, platforms, databases, web servers, application servers, custom code, virtual machines, containers, or storage. Unpatched flaws — including default access accounts, unused web pages, and unprotected files or directories — are among the most frequently used paths for gaining unauthorized access to a victim’s system.
Change is constant, and if the last year has taught us anything, it’s that security teams need to be agile and ready to adapt to the new normal at all times. Security is never static, and networks will always be evolving, so make sure you’re continuously validating your security posture and ready for whatever comes next.