Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

promote webinar 600x108 2

Monday, 12 October 2020 00:29

Why COVID-19 has been good news for cybercriminals

By
Jim Cook, Attivo Networks Jim Cook, Attivo Networks

GUEST OPINION by Jim Cook, Attivo Networks: The COVID-19 pandemic has been a rough and costly period for many organisations, yet for one group, it has opened up a raft of potentially lucrative new targets.

The rush to have staff working remotely has created numerous opportunities for cybercriminals to infiltrate corporate networks. These opportunities are due to people no longer working within a protected infrastructure, using insecure networks, and connecting through client devices that lack vital security patches.

It’s tempting for organisations to think that, because they have managed to navigate the initial lockdowns without any sign of a cyberattack, they are now in the clear. Unfortunately, this may not be the case.

There could well be attackers who have gained access to corporate infrastructures but have opted to lie low as they prepare their next steps. It’s quite likely that a new wave of attacks will emerge as these criminals make their presence known.

Interestingly, industry studies show that the dwell time - the period that attackers spend inside the network before detection - is now just under 60 days. However, it can extend into months or even years for more advanced attacks. It may currently be the calm before the storm.

New opportunities
The security problems tend to stem from the fact that most businesses were simply not prepared for the volume of employees who would have to work from home. They had a matter of days to equip their workforce to continue operations and not impact customer service.

This lack of time to prepare means that, when it comes to security, they inevitably took shortcuts. As a result, both technology-based and human-based issues have arisen.

For example, network endpoints are more exposed. The staff is pulling data out of the company that may never have been off-premises before, thus creating fresh opportunities for attackers to target less-secure devices.

Phishing and other human-focused scams have also been on the rise during the lockdowns. Through these, cybercriminals prey on employees who are distracted or flustered by the sudden shift in routine.

Also, the number of BYOD devices (laptops, routers, access points, etc.) on the network has increased, making it is much harder to verify that employees are doing things like installing security updates promptly, thus creating potential vulnerabilities. Even employee turnover can create openings for attackers, as it can be harder to verify the full removal of stored credentials and other access from all applications and systems.

While there are tools designed to help protect against these new threats, they require effective security controls at multiple levels of the network. Traditional Endpoint Protection Platforms (EPPs) and Endpoint Detection and Response (EDR) tools try to stop attacks at the initial compromise of the system. Now, in a remote working world, attackers may have an easier time bypassing those tools, highlighting the importance of overlapping security controls and building a safety net to boost in-network detection capabilities.

Addressing new risks
A balance of security controls is necessary to cover everything from initial compromise and lateral movement to privilege escalation and data loss prevention. If cybercriminals have already compromised an internal system, technology like cyber deception plays a valuable role in detecting lateral movement and protecting applications. Additionally, data loss prevention capabilities can stop employees (or attackers) from saving sensitive information to personal devices.

Therefore, it is vital to have visibility into in-network attack paths to essential assets and network activity, including seeing devices joining or leaving the network. This sort of credential tracking is more important than ever, as is having the correct tools in place to stop a successful breach. Decoys can also record and replay attacks to correlate attack activities better and gather company-specific threat intelligence.

The spike in remote employees also means there is likely to be a need to boost VPN security. New traffic patterns amid remote work have shattered traditional activity baselines and made suspicious behaviour much harder to identify. Attention also should be given to cloud security, since much of the remote work uses PaaS, SaaS, and IaaS accounts for various tasks.

Just because one’s organisation has navigated the first few months in this new COVID reality without any significant security problems, it doesn’t mean that one can now take one’s eye off the ball.

Ensure that one’s organisation conducts a thorough review of the new remote-working infrastructure and plug any identified holes in security protection as quickly as possible. The cybercriminals haven’t disappeared, and they could be much closer than one thinks.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Staff Writer

ITWire has a variety of guest journalists and contributors posting on a regular basis. They are used as overflow for big news days and big news weeks.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments