One of the pandemic’s most significant developments is the necessity for businesses to integrate digital strategies that facilitate remote connectivity. Before the pandemic, IT and security teams didn’t always need to work together to manage a small number of remote devices and workers, but that is no longer the case. Following the impact of Covid-19, 59 percent of CEOs in the Middle East plan to raise their investments in digital transformation by 10% or more over the next three years, according to a PwC CEO survey.
Enterprises are not only continuing to support remote work initiatives, but they are also increasingly anticipating remote work to become the norm rather than a necessity for survival. Meanwhile, cybercriminals have continued to respond and adapt to these shifts, resulting in a wider range of attacks against enterprise networks. Attackers have abused companies’ lack of cybersecurity initiatives and ignorance of best practices for cyber hygiene on behalf of the remote workers.
This is evident through the use of triple extortion attacks, which combine ransomware-as-a-service (RaaS) and DDoS extortion to increase the odds of the extortion payment. The triple extortion attempt consists of:
- Encrypting data with ransomware and demanding payment for a decryption key
- Stealing data with the threat to expose or sell publicly unless payment is received and
- The attacker launches a distributed denial of service (DDoS) attack to prove the seriousness of the threat, block communication to internal network resources and overwhelm security teams.
Attackers have also amplified the seriousness of such attacks by waging attacks against devices that enterprises use to support remote work initiatives. This includes everything from attacking VPN concentrators to brute force remote desktop protocol (RDP) attacks. The end result is that enterprises are not only experiencing a substantial increase in attacks overall, but they’re also being hit with secondary and tertiary attacks as well.
The changing role of cyber resiliency
Not surprisingly, the increases and changes to the attack vectors have required enterprises to rethink their approach to cyber resiliency; or their ability to predict, resist, recover from, and adapt to attacks. For example, according to a recent report by Mimecast, around 81% of UAE respondents have been trained in remote work cybersecurity practices. While developing a cyber resiliency plan was mostly viewed as a security initiative before the pandemic, all of the changes enterprise IT and security have undergone have likewise transitioned cyber resiliency to a much-needed business strategy. According to the PwC CEO survey, 43% of respondents intend to raise cybersecurity and data privacy investment by 10% or more over the next three years.
The ability of a corporation to forecast, resist, recover from, and adapt to large variations in cyber-attacks is dictated by this approach. Visibility throughout the entire company is required for cyber resiliency, including how a business functions, its value chain, data and information movement across the enterprise, and the identification of essential applications and systems.
When done right, cyber resiliency increases a firm’s capacity to detect and measure risk, as well as visibility for both IT and security teams entrusted with safeguarding company assets. Companies should search for scalable solutions that leverage curated threat intelligence data to identify possible threats if they want to make cyber resiliency a business strategy.
To identify unusual behaviour and attacker lateral movement, organisations should have extensive packet level visibility into all internal east-west network traffic, regardless of where the internal network resides (e.g. inside company walls or in a public cloud). Organisations also require packet-level insight into north-south traffic at the network edge in order to detect and block cyber threats.
