As businesses and governments transferred their operations online, the Covid-19 epidemic reinforced a shift to digital mediums. Companies have never been more interconnected or reliant on the availability of websites and online services than they are now.
Work-from-home policies prompted by the pandemic are likely to remain, and remote work will become the norm for a rising share of the global workforce.
As enemies pounced on weaknesses revealed by the worldwide crisis and developed attack vectors that poke at the weak areas of our new reality, this tremendous upheaval sparked significant activity across the global threat environment.
According to Netscout’s Threat Intelligence Report 2H 2020, this lead to a considerable increase in DDoS and cyberattacks generally, as well as an increase in ransomware and DDoS extortion attacks. Securing increasingly distributed infrastructure in the face of ongoing cyber threats necessitates a strategic rethink for many firms.
Remote Work Shifts IT’s Focus
IT specialists had to immediately develop the infrastructure to support the rapid shift to remote work at the start of the lockdown. Now is the time for IT to develop a long-term cybersecurity plan that considers the challenges of remote work:
Disrupted employees. For malicious actors, the shift to a widely distributed, virtualised system is a gold mine. Employees are now dispersed over thousands of increasingly vulnerable home office sites.
Given the speed with which these new services were launched, many will be “best-effort” rather than the “best.” Even with the most comprehensive business continuity plans in place, it’s unlikely that tens of thousands of workers can be redeployed in a matter of days without a few security issues being overlooked.
Because today’s work environments deviate from the usual, a new hazard has emerged: the “disrupted” employee, who unwittingly increases security risks. We’ve all heard of a malevolent employee who deliberately seeks to harm the organisation or exfiltrate data for financial gain or revenge.
An employee that is entirely compliant and follows your security procedures as second nature is far more common. The “disrupted” employee however is one that disregards cyber hygiene regulations and consequently puts enterprise data at risk.
Vulnerable home offices. Home networks lack the conventional corporate office defenses, making them vulnerable to lateral movement attacks. In these cases, attackers get initial access to a network using an unprotected device, such as a family computer, and then look for more devices to compromise or achieve increased privileges.
Continued probing could lead to the theft of critical corporate information or high-value intellectual property. Thanks to the many devices known as the “Internet of Things (IoT),” our lives are “smarter” and more interconnected than ever before.
While these devices make our lives easier and provide us with helpful information, we must keep in mind that they are vulnerable to the same security dangers as our computers and smartphones because they are connected to the internet.
Just as we must take precautions to safeguard our computers and phones from malicious malware, our IoT devices must likewise be protected from unauthorised access. Today’s attackers may target your IoT devices to steal data or take control of them so that they may launch attacks on other devices.
Data at risk. We may need information from devices that are no longer protected by company firewalls to accomplish our jobs. A disrupted employee’s computer may contain bits and pieces of information source code, marketing materials for a product launch, notes from a rebranding exercise, or business development efforts.
These bits of data are dangerous because hackers are becoming increasingly competent at assembling a composite of a company’s sensitive data from diverse sources to make stealing it worthwhile.
A lot of the hostile activity is unusual, such as accessing databases that aren’t in one’s expertise domain or downloading software code for a completely unrelated product.
Because of the disruption caused by the enormous shift to home offices, these abnormalities and lateral movements may be more challenging to track and evaluate. A few missed red lights could lead to severe and unforeseeable consequences in the future.
Understanding the new risk profile
Employee disruption raises the danger of insider threats, necessitating a thorough re-evaluation of security controls, analytics, acceptable usage regulations, and education. Understanding a new baseline through analytics is the first and most crucial step in developing the appropriate controls and instructional programs to assist your personnel in securely achieving their objectives. However, doing so presents challenges.
Firewalls, for example, are frequently used to detect and disable harmful North-South communication (the traffic entering and exiting the network). However, as networks expand, East-West traffic currently accounts for more than half of all traffic in data centres, whether physical or virtual (moving laterally from server to server).
Gaining sufficient visibility has become increasingly complex, especially with East-West traffic, because current networks include containerised applications in highly distributed and hybrid-cloud-based systems.
Better data for better analytics
Packet data is the single source of truth for accurate East-West security analytics, especially in virtualised environments without a well-defined network perimeter. As a result, achieving pervasive visibility, a core requirement for cybersecurity, may be time-consuming or expensive, necessitating new methodologies or specialised technologies.
When packet data is transformed into smart metadata and actionable insights, it can locate the source of data leaks or network security problems. Granular analytics helps security teams avoid alert fatigue by directing them to the most severe or time-sensitive concerns.
We’re only scratching the surface of what this new post-Covid business landscape will include, but we know it will be vastly different from its previous version.
The genie is out of the bottle when it comes to expanding online services and remote employment.
The distributed network will be the backbone of service delivery more than ever before, and we must ensure that it is more secure and performant.
