Moments of crisis are moments of opportunity, but they’re also ripe for exploitation. It’s a tale as old as time and one that’s more than familiar to the IT community across the past year. The sudden shift to remote working, necessitated by the pandemic, forced organisations to hastily adapt their IT infrastructure overnight and the speed and confusion of this shift has been a continuing gift to eCriminals, says Zeki Turedi, EMEA CTO at the cloud and IT security product company CrowdStrike.
Cybercrime has boomed, with 39 per cent of UK businesses experiencing an attack over the last 12 months.
It’s not just the frequency of attacks that have changed. Cyber criminals have changed their core tactics and have moved away from broad ‘spray and pray’ opportunistic tactics towards more targeted attacks. Hackers know that the majority of organisations have geared their security towards malware and use this to their advantage, through stolen and re-used passwords, they’re using the same software as legitimate users to access their VPN and remote desktop tools, and enter a network unnoticed. They also know many businesses have evolved their digital practices, embracing cloud-hosted approaches and automation, for example, but haven’t simultaneously evolved their security. This lag is lethal.
Although it’s ‘big game’ firms — those most likely to be willing and able to pay larger sums — that are most attractive to criminal hackers, it would be a mistake to think smaller businesses are safe. Cyber attacks are frequently aimed at small and medium-sized organisations who are typically more vulnerable and may be more likely to eagerly pursue digital transformation with less thought to the impact on security. The consequences here can be devastating. According to research published earlier this year by Vodafone, over a quarter of UK SMEs say they would not be able to continue operating if they had to deal with the average cost of a cyber attack. And almost a million say an attack would result in redundancies.
Secure by design
If businesses want to enjoy the benefits of cloud-native applications, hybrid working and integrated systems without opening up their organisations to attack, they desperately need to review their security strategies. At the heart of this is adopting and committing to a ‘security by design’ philosophy. Although this three-word phrase is so often used that it can start to sound a little hollow, the principle it articulates is essential: integrating security into every element of tech deployment. No new technology should ever be used or launched without considering the security implications and taking steps to address any risks.
This mental shift is crucial to secure businesses as they evolve, but there are practical things firms should be doing too. As networks are stretched from the office to the home and new digital environments are inhabited, visibility is paramount. Companies need to be able to monitor activity and track connected devices to ensure malicious activity isn’t occurring. Monitoring has always been crucial but this challenge becomes more complex with the move to remote working, as this often increases the number of devices accessing a company system and has led to the connection of devices that are used both personally and professionally. Then there’s the issue of family members introducing security issues into the system. To manage this threat, companies need to seek out cloud-native endpoint security that enables them to collect, monitor and analyse data from incidents and provide them with contextualised, actionable insights – all via the cloud and without reliance on on-premises servers. Without this level of protection, businesses are opening the door to cyber criminals.
Right now we’re seeing more and more businesses transform their working practices by adopting cloud technology but it’s critical they are protecting the entirety of their cloud environments. Many are under the impression, for example, that public clouds are secured by the cloud provider – but everything from the operating system to applications and data are actually the responsibility of the user. Whether using public, private or hybrid cloud environments, businesses need to be vigilant about the risks and pick the right tools to manage them. The bad practises you had with your on-premise applications can easily be replicated when you’re lifting and shifting them to the cloud. For instance, automated, cloud-native security solutions allow for continuous cloud monitoring, complete visibility and assist DevOps teams with integrating security into CI/CD workflows, due to their ability to quickly flag security misconfigurations.
Skeletons in the IT closet
However, while it’s crucial to focus on the security of these new, developing environments, companies can’t afford to ignore their legacy systems. The importance of this has been expressly shown by Colonial Pipeline: their CEO recently revealed that the company believes DarkSide exploited a legacy VPN profile that was not intended to be in use and that did not have multi-factor authentication. As this example shows, despite the emergence of new systems and environments, malicious actors won’t stop trying to target existing IT infrastructure, such as the datacentre or traditional hardware and software, especially if they think they are forgotten, i.e. vulnerable. IT teams need to get into the mindset of eCriminals and realise that any lapse in their attention is a hacker’s opportunity.
Maintaining tight security across these multiple environments – each with their own unique challenges – is no mean feat. Complexity breeds confusion and this increases assailability. Businesses need to enable security parity across operating systems and environments, whether that’s Windows, Linux, macOS, iOS, Android, physical, virtual or cloud.
The answer to this is to look for ways to reduce complexity and this is achieved through a single security platform. Switching between different security tools and tasks not only wastes security teams’ time but introduces confusion and allows for gaps in coverage. Businesses who have pursued or are pursuing digital transformation, managing an ever-growing fleet of connected devices and new digital applications, should be seeking a security solution that extends across every aspect of their IT and allows teams to continuously monitor their entire infrastructure, all in one place. This frees up their time to focus on more business critical strategic tasks and any security issues that require human input.
This security solution also needs to operate on a Zero Trust model. This rejects the traditional network security ‘trust but verify method’ that automatically trusts users and endpoints within an organisation’s perimeter, instead recognising that this puts businesses at risk from malicious internal actors and rogue credentials. To guard against this, Zero Trust security architecture will continuously monitor and validate that a user and their device has the correct privileges and attributes. One-time validation won’t suffice because threats and user attributes will continuously evolve and change.
Digital transformation is essential to economic growth but without proper IT protection it’s disastrous. New technology and working processes create new opportunities for businesses but also enhance cyber threats. It’s vital that digitally transformed businesses assess their security posture and proactively seek ways to strengthen it, from ensuring they have complete visibility across their network, exploring single platform solutions and adopting a Zero Trust approach. With these tactics, companies can keep one step ahead of eCriminals and grow their business with confidence.
