The Covid-19 pandemic that saw entire workforces move to working from home almost overnight might be behind us, but its effects are here to stay. Remote or even hybrid working is here to stay, and as the world transitions into a more permanent hybrid situation, the tremendous flexibility comes hand-in-hand with newfound benefits as well as challenges for employers and staff members.
Unfortunately, remote workers expand an already broad attack surface and increase risk by introducing unsanctioned technology. The era of “bring your own everything”, be it a device, application, or connection, has seen shadow IT soar, as users needed tools to be able to work remotely. However, these tools fall out of the purview of the security team, and lack the scrutiny and protection needed to keep the business safe.
Moreover, over and above expanding the potential attack surface, remote work also moved users and system outside of traditional perimeter defences, such as firewalls, intrusion prevention and detection, data leakage prevention, and more. These tools acted as sentinels at the gate, and were designed to protect against malware and breaches, but were useless at protection users outside the castle walls.
Cloud and other remote technologies also helped to dissolve the traditional perimeter forever, as for the sake of business continuity, corporate perimeters lost their well-defined borders and access policies. Suddenly, a slew of SaaS solutions, cloud platforms and applications were enabled, so that workers could carry on doing their jobs.
At the same time due to a well-documented and severe lack of cyber security skills, there were not enough resources to cope with the monitoring and proper management of the wide range of solutions and platforms suddenly being used by the organisation.
And of course, as with every trend, bad actors are quick to jump on the bandwagon, and find new ways to exploit vulnerabilities in the infrastructure that enables remote workers, as well as new ways to compromise the end users themselves. This has seen a dramatic uptick in the number of home users being targeted, because cyber criminals understand that they are no longer protected within the fortresses organisations have spent the last three decades building.
The bottom line? Businesses need to find a balance, and find one quickly, because corporate environments will never be the same again.
Although IT leaders and CIOs are able to look after the technical aspects of cyber security, business leaders are focussed on building agile and stable long-term business strategies. On the one hand, executives are investing in sustainable solutions, including the paperless office, using greener technologies, embracing diversity, and adopting electric vehicles as a corporate standard.
On the other hand, due to an increasingly digital and connected environment, even the most sustainable business plan can pose a risk to the business if cyber security isn’t but into every level of the plan, from the ground up. In order to do this, companies need to understand the cyber kill chain, which is divided into seven stages – reconnaissance, weaponisation, delivery, exploitation, installation, command and control (C&C), and actions on objectives.
Once they understand this, and how it could potentially impact their business, they can look at ways to reduce their exposure to the wide range of cyber risks that they face on an almost daily basis.
Sababa Security has defined six elements that are key elements of any effective cyber security exposure reduction plan, and even better, this doesn’t mean that companies necessarily need to invest a fortune in new technologies.
Firstly, the company advises conducting non-technical assessments against a selected cybersecurity framework, such as NIST, ISO27001, and suchlike, to check whether or not security policies and procedures are formalised and properly executed.
Next, an Active Directory assessment and hardening is advised to prevent any potential attackers from being able to move laterally within the network, while they conduct reconnaissance and exfiltrate information.
Also, Sabada says to conduct DNS traffic scanning to check malicious queries across information technology and operational technology. DNS scanning enables an organisation to control the flow of traffic on its devices. There are times when users inadvertently visit malicious websites or click links that lead back to a site riddled with malware. DNS scanning ensures that the flow of traffic will be diverted to a source that first checks the reputation of the request, blocking users from malicious sites and links. Moreover, the scanning activity allows detecting C&C connections, which can be red flags of early cyberattack stages.
In addition, phishing attack simulation, or a program that companies can use to send realistic phishing emails to staff members in order to gauge their awareness of attacks and their response to phishing emails when they receive them, helps to test their ability to recognise and report phishing.
Next on the list, firewall assurance enables the business to be sure that its firewalls are configured and operating optimally to provide reliable network protection. Firewall assurance also simplifies compliance management by uniting all firewalls into one common view, optimising rule sets, and rooting out attack vectors that others miss.
Lastly, Sabada says a technical vulnerability assessment, mapped to the authentic context of a particular organisation, will help to identify and manage truly critical vulnerabilities