Monday, 12 October 2020 00:29

Why COVID-19 has been good news for cybercriminals

By Jim Cook Attivo Networks
Jim Cook, Attivo Networks Jim Cook, Attivo Networks

GUEST OPINION by Jim Cook, Attivo Networks: The COVID-19 pandemic has been a rough and costly period for many organisations, yet for one group, it has opened up a raft of potentially lucrative new targets.

The rush to have staff working remotely has created numerous opportunities for cybercriminals to infiltrate corporate networks. These opportunities are due to people no longer working within a protected infrastructure, using insecure networks, and connecting through client devices that lack vital security patches.

It’s tempting for organisations to think that, because they have managed to navigate the initial lockdowns without any sign of a cyberattack, they are now in the clear. Unfortunately, this may not be the case.

There could well be attackers who have gained access to corporate infrastructures but have opted to lie low as they prepare their next steps. It’s quite likely that a new wave of attacks will emerge as these criminals make their presence known.

Interestingly, industry studies show that the dwell time - the period that attackers spend inside the network before detection - is now just under 60 days. However, it can extend into months or even years for more advanced attacks. It may currently be the calm before the storm.

New opportunities
The security problems tend to stem from the fact that most businesses were simply not prepared for the volume of employees who would have to work from home. They had a matter of days to equip their workforce to continue operations and not impact customer service.

This lack of time to prepare means that, when it comes to security, they inevitably took shortcuts. As a result, both technology-based and human-based issues have arisen.

For example, network endpoints are more exposed. The staff is pulling data out of the company that may never have been off-premises before, thus creating fresh opportunities for attackers to target less-secure devices.

Phishing and other human-focused scams have also been on the rise during the lockdowns. Through these, cybercriminals prey on employees who are distracted or flustered by the sudden shift in routine.

Also, the number of BYOD devices (laptops, routers, access points, etc.) on the network has increased, making it is much harder to verify that employees are doing things like installing security updates promptly, thus creating potential vulnerabilities. Even employee turnover can create openings for attackers, as it can be harder to verify the full removal of stored credentials and other access from all applications and systems.

While there are tools designed to help protect against these new threats, they require effective security controls at multiple levels of the network. Traditional Endpoint Protection Platforms (EPPs) and Endpoint Detection and Response (EDR) tools try to stop attacks at the initial compromise of the system. Now, in a remote working world, attackers may have an easier time bypassing those tools, highlighting the importance of overlapping security controls and building a safety net to boost in-network detection capabilities.

Addressing new risks
A balance of security controls is necessary to cover everything from initial compromise and lateral movement to privilege escalation and data loss prevention. If cybercriminals have already compromised an internal system, technology like cyber deception plays a valuable role in detecting lateral movement and protecting applications. Additionally, data loss prevention capabilities can stop employees (or attackers) from saving sensitive information to personal devices.

Therefore, it is vital to have visibility into in-network attack paths to essential assets and network activity, including seeing devices joining or leaving the network. This sort of credential tracking is more important than ever, as is having the correct tools in place to stop a successful breach. Decoys can also record and replay attacks to correlate attack activities better and gather company-specific threat intelligence.

The spike in remote employees also means there is likely to be a need to boost VPN security. New traffic patterns amid remote work have shattered traditional activity baselines and made suspicious behaviour much harder to identify. Attention also should be given to cloud security, since much of the remote work uses PaaS, SaaS, and IaaS accounts for various tasks.

Just because one’s organisation has navigated the first few months in this new COVID reality without any significant security problems, it doesn’t mean that one can now take one’s eye off the ball.

Ensure that one’s organisation conducts a thorough review of the new remote-working infrastructure and plug any identified holes in security protection as quickly as possible. The cybercriminals haven’t disappeared, and they could be much closer than one thinks.

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News