A survey of more than 270 cybersecurity professionals published in late June by the host of the Black Hat Conference found that 80% believe the pandemic will lead to significant changes in cybersecurity operations, and only 15% believe that security operations (SecOps) and threats will return to “normal” levels once the COVID-19 pandemic subsides. Here are some details on what we’re seeing and what organizations are dealing with, for better or worse.
Increased Threat to Enterprise Systems & Data
The Black Hat survey found that nearly 95% of security professionals believe that the COVID-19 crisis increases the cyber threat to enterprise systems and data, with 24% saying the increased threat is “critical and imminent.” The FBI backs that up: in April, the Internet Crime Complaint Center (IC3) reported that it was seeing a 300% spike in cybercrime since the beginning of the pandemic. During a webinar hosted by the Aspen Institute, Tonya Ugoretz, the deputy assistant director of the FBI’s Cyber Division, said that the IC3 was receiving between 3,000 and 4,000 cybersecurity complaints each day: a major jump from pre-pandemic levels of about 1,000 daily complaints.
But who—and what—are the crooks targeting? Are they after the legions of new Work From Home (WFH) end users? That might make sense on the face of it: after all, a survey of end users working for small businesses found that after the pandemic hit, more than two-thirds of employees—68%—reported that they had begun to use their own computers for work. Only one-third of them—34%—reported that they had received instructions on how to securely use their personal laptops, tablets, and smartphones to do so. That’s a recipe for a nightmare, given many businesses’ lack of visibility into endpoints touching their networks. … unless, that is, they have adequate Endpoint Protection and Response (EDR) tools: tools that provide not only visibility into the threats coming in, but which automatically mitigate them via artificial intelligence agents that learn to spot malicious behavior and kick off kneecaps before threats strike.
Without these tools, no one knows what could be happening on those personal machines, any of which may be processing company data and/or accessing the corporate infrastructure. For example, a survey from Kaspersky found 33% of respondents admitted to visiting adult websites on their personal PC—as in, the ones they also use for work. Unfortunately, that’s how cybercrooks catch victims, committing crimes such as stealing payment card details or tricking users into installing malware – including ransomware.
Targeting end users is not new and TN Team is ready to assist. We can uncover your organization’s vulnerabilities before someone else does with our Penetration Testing. These tests are conducted using the same advanced tactics, techniques, and procedures (TTPs) employed by today’s modern hackers. Our certified, ethical hackers will assume the role of a reasonably sophisticated and motivated attacker in an attempt to manually penetrate your defenses – gaining access to your company’s most valuable assets. In addition to a full report with recommendations, an illustrated, step-by-step attack narrative will provide proof and allow for validation of all actions performed during the engagement.
Where Do You Put Your Security?
According to Nicholas Bloom, an economist at Stanford University, an estimated 26% of the US labor force cannot work remotely. The flip side of that coin: 74% of the country’s labor force can. Obviously, the pandemic means that the way that people consume information from enterprises has changed. All the communication we used to do, and the way we’ve always sold products, has changed. Everything has to be done on the web, and everything therefore has to be secured.
But where? Where do you secure that data? Do you put security on premises, off-premises, in the cloud, on the physical devices themselves? Those choices have implications. For example, if you have an EDR solution that relies on cloud connectivity to make a detection, any given threat has that much more dwell time—i.e., time during which an attacker enjoys free rein in an environment. That’s not good and it leaves end devices as the logical place to put security. This is where TN Team focuses our ActiveEDR technology: technology that tracks and contextualizes everything on a device and which identifies malicious acts in real-time, automating the required responses to shut them down.
Getting Sucked Into the RDP Security Hole
Another repercussion of the spike in WFH: the rise of RDP brute-force attacks since the onset of the pandemic. In March, Shodan, the search engine for Internet-connected devices, began tracking an uptick in the number of devices exposing RDP to the internet. In April, Kaspersky reported the same thing: namely, that the number of Bruteforce.Generic.RDP attacks had “rocketed across almost the entire planet” since March.
Poorly configured RDP servers make a tempting target. Microsoft’s proprietary protocol is one of the most popular application-level protocols for accessing Windows workstations or servers. With the rise in RDP comes a fresh batch of potential targets, which has led to an increase in cybercriminal activity as crooks try to exploit the situation to attack corporate resources that have now been made available (sometimes in a hurry) to remote workers.
These aren’t just phishing attacks going after end users’ credit card details. These are attacks coming for the crown jewels: not only all of an enterprise’s data, but also whatever ransom the extortionists can get out of paralyzed companies.
These attacks aren’t likely to stop anytime soon. If you must use RDP servers, hopefully your SOC or MDR is brushing up on how to harden those servers: after all, misconfigured RDP servers are a major Achilles heel.
Perils of Shifting to the Cloud
Everybody is, understandably, trying to shift SecOps to the cloud. A global survey of 750 IT professionals conducted by the market research firm Vanson Bourne on behalf of Barracuda Networks confirms this: the survey found that 51% of respondents are either in the process of deploying or expect to move off of VPNs to embrace software-defined wide area networks (SD-WANs) that scale better to access distributed cloud applications. Just under a quarter—23%—had already deployed an SD-WAN as of early June.
TN Team is seeing many companies now facing that challenge—consequently, it’s also seeing increased demand for our Cloud Computing services. As a trusted technology expert, we know the IT challenges you’re facing: outgrowing your current infrastructure, limited resources to manage your data and applications, or lack of scalability as your business changes and grows. Your situation is unique and requires an expert to custom tailor a cloud-based solution to your business needs. TN Team will guide you through every step of your journey to the cloud and will assist as the way you do security evolves.
More companies are moving more rapidly to the cloud because they realize that digital transformation has to happen faster, mostly due to WFH mandates. That, and the fact is that for smaller, brick and mortar businesses, nobody’s walking through the door. Those businesses have got to provide other services, digitally or virtually. They used to knock on the gate at Bob’s Junk Yard & Auto Parts to pick and pull parts, but if Bob wants his business to survive, he’s had to make his inventory digital and put it online.
Brand-new Skills Shortages
Cloud security skills are just one of at least two types of security skills shortages that the pandemic is either causing or worsening. The other is regulatory compliance skills. Think about it: who would have predicted, six months ago, that a bike-sharing company would start taking the temperature of workers when they clock in, meaning that they’re suddenly in possession of health records, subject to regulations such as HIPAA? … that local craft breweries would be collecting contact tracing details? … or that such details might be abused by employees who collect them? Case in point: A woman in Auckland, New Zealand, bought a sandwich at a fast-food shop, gave her contact tracing details to a worker, and consequently got hit up for a date via Facebook, Instagram, Messenger and texting.
There are obviously good reasons why companies and governments should be paying excruciating attention to how to protect privacy as countries and states gradually retreat from lockdown and institute ways to do so safely. It’s been all over the map.
That was evidenced by a survey done by PwC, which developed a contact-tracing app to help employers identify workers who may have been exposed to the virus. The survey found that, as of April, governments around the world had issued more than 60 directives regarding protecting data privacy while responding to the pandemic.
What to Do First?
What’s the answer? If you’re looking for a new job, you might want to consider specializing in regulatory compliance. If you’re an organization thinking about heading to the cloud, you’ve got a few things to keep in mind: if the business is small, you might have one person working part-time doing anti-virus scans. Well, that process may no longer work in the cloud. If you’ve got a 50-person SecOps team, already responsible for all your servers, routers, switches and more, they still have to deal with all that—plus the infrastructure that’s moved to the cloud.
TN Team is here to assist you by providing modern cybersecurity and data protection for today’s threat landscape. Our platform of security and compliance services is purpose built to prevent tomorrow’s threats, today.
For more information on NovaCare Cloud and working with us, please visit https://tntmsp.com/contact-us/.