The recent string of high-profile cyber-attacks against the likes of EasyJet and Honda combined with the series of cyber-crime warnings from global governments have shown that hackers prey on change and our uncertainty.
In the month of April, when many countries found themselves at the height of their struggle with the virus, the World Health Organization reported a fivefold increase in cyber-attacks against its systems and warned of email scams targeting the public at large which asked for donations to a fictitious Covid-19 response fund. Darktrace’s research in the same month reveals that over 60 percent of phishing emails were related to Covid-19 or aimed to trick employees by referencing remote working. We saw attackers posing as CEOs, writing emails to employees asking them to donate to their Covid-19 charity, or even masquerading as IT teams, requesting passwords to enable VPN usage. As illustrated by EasyJet, we saw hackers target industries that were suffering from financial woes and reduced workforces due to furloughing. And yet, as parts of the world return to some kind of normality and businesses begin to reopen their doors, there is little cause for a sense of relief – returning to the office will not make us more cyber safe.
It’s true, remote working and the scramble to facilitate it practically overnight brought with it a wealth of security challenges as companies not only relied on new technology to facilitate the move but grappled with leaner security teams due to furloughing. For organizations using rules-based defenses or only legacy technologies like firewalls, this was challenging: how do you put a wall around your infrastructure when it’s constantly in flux? How do you tell the difference between a remote employee trying to get their job done, and an attacker?
Forcing digital transformation
Moving to remote working overnight was digital transformation at the drop of a hat: digital transformation that under normal circumstances, along with security measures, would take years to implement. That’s why we saw organizations rapidly turn to artificial intelligence to defend their disparate workforces and infrastructure. Unsupervised AI is self-learning; it constantly recalibrates and updates its understanding of what is ‘normal’ for an organization’s workforce. When the world turned on its head, AI learned this new pattern of life for organizations and continued to autonomously fight back against cyber-attacks, before they could do damage: regardless of where employees were working.
As organizations look at returning to work, the reality is that hackers will be thinking creatively about new ways to capitalize on yet another big change. Workforces are now more dynamic and sprawling than ever before – some people within one organization might return to work, others might be remote for a long time.
We can be certain that hackers will craft targeted campaigns that exploit the novelty of these working conditions with highly targeted spear-phishing attacks. These emails may reference social distancing guidelines for returning to the office specifically to employees that plan on returning, posing as their HR department or even their CEO.
The pandemic has forced organizations to embrace digital transformation via the cloud and SaaS – these tools are likely to remain in their technology stack, and the security and visibility problems that come with them will persist for organizations in a post-pandemic world. Most alarmingly, employees who have been connecting to company infrastructure from their kitchen tables could be bringing compromised devices back into the workplace. Hackers may be lying dormant on their devices, waiting to strike when their targets return to corporate offices and on-prem networks.
Evolving with the new normal
There are no longer just two categories of ‘working from home’ or ‘working from the office’: workforces are dynamic and working from everywhere. Technology enabled the rapid transition to remote work and it will continue to play a central role in maintaining the dynamic workforce’s efficiency.
Take, for example, the security team at an airport. To ensure security of the airport they combine intelligence together from a variety of different sources – multiple passport checks, suitcases scanned before they enter the hold, hand luggage checks, security cameras at check-in desks, terminals, shops and just about everywhere else. By putting all of this information together, they have a complete picture of what is going on at the airport and can squash suspicious activity as it emerges. Cyber security has to be seen in the same way – defense in depth.
It’s about much more than just strong passwords and firewalls. Organizations today must strive for cyber resilience across their entire infrastructure – remote working tools, cloud platforms, endpoints, inboxes, IoT devices and industrial control systems. Only by putting all of this information together and analyzing it can today’s modern business defend itself against threats.
This holistic approach to securing digital infrastructure is no longer just a nice-to-have – it is a question of business survival in a time when things are touch-and-go for even the most established organizations.
The reality is that only AI can keep up with these fast-changing environments – the number of devices on the network, the software platforms and tools being used, the behaviors of users – all of these are variables and never static.
Cyber defense innovators must evolve with, and ahead of, this new normal. For example, by taking advantage of new capabilities like specialized sensors which extend visibility and detection to remote workers on or off the VPN, security teams can understand the full picture at all times. Equally, through deeper integrations with technologies like Microsoft 365, Teams, SharePoint and Zoom (all platforms vital for a dynamic workforce), it becomes easier to understand these environments and their threats vectors. Using Cloud and SaaS-specific AI models can also help to protect against data theft and insider threat, a pressing concern for businesses who might have accidentally or intentionally malicious employees working from the comfort of their homes.
The necessity of a holistic approach
Protecting the dynamic workforce means taking an innovative approach to improving visibility and controls. AI should be considered a vital tool by businesses to keep an eye on collaboration environments, on-premise networks, employee inboxes. We simply cannot assume that because remote working has opened up security holes that returning to the office will close them.
What we can do is strive for real-time visibility and machine-speed response across dynamic networks. This is, by definition, building cyber resilience – accepting that attackers will take their shots, and embracing technology that detects and responds to these assaults in their earliest stages wherever they might arise on the network. An AI-powered view into the entire cyber ecosystem not only allows for business continuity, but also enables companies to adopt new tools and digital integrations in order to adapt alongside highly disruptive times while continuing to drive innovation.
Ultimately, the next new normal of returning to the office will not ensure security but rather it will necessitate more than ever before a need for holistic cyber security, regardless of the technologies being used and regardless of the workforce location. The speed and scale at which organizations must endeavor to understand these changes is simply too great for humans to contend with – moving forward, we must see AI take on more and more of these crucial tasks.
Max Heinemeyer, Director of Threat Hunting, Darktrace