Skip to main content

The great cybersecurity (post-Covid) dilemma

HP Wolf Security
(Image credit: HP)

Let me start with a short story to set the context. Mark handles the infrastructure for a renowned organization. He holds vital and confidential information and manages access to his company’s critical data. The post-Covid world order has brought some significant shifts to the way Mark works. Here’s assessing the situation pre and post Covid for Mark. 

How pandemic impacted the organization security

Due to the pandemic, workplaces moved from office to home. While remote work culture flourished and proved to be a success in terms of productivity, flexibility, and performance; on the flip side, employees working from home became susceptible to much greater risks. Because home connections are less secure, cybercriminals have an easier entry into the company’s network. Remote work culture has exposed significant vulnerabilities in the security model, offering considerably lesser protection and no network perimeters, thereby increasing the surface area of attacks.

CrowdStrike CEO George Kurtz has alleged that Russian foreign intelligence service (SVR) hackers capitalized on the architectural limitation of Microsoft’s authentication process by falsely impersonating to jump from customers’ on-premises environment onto the cloud and to the cloud application during the SolarWinds campaign. 

SVR -- SAML Exploit --Into the network--Elevated privileges

Remote worker poor practices

With the absence of company premises or an office as an intermediary, threats such as phishing, ransomware, polyglot, and IoT attacks, along with the approaches like daisy-chaining, loom large and can permeate easily, where attackers can easily evade the home network first and then evade corporate defenses.

Research conducted by Tessian, highlights some astonishing insights over changes in user behavior with respect to organizational security policies.

Almost 40 percent of respondents indicated that their cybersecurity behavior at home is different from what they practice at the office.

More than a third of those surveyed admitted to picking up bad cybersecurity practices and using security workarounds while working at home.

The majority of remote workers allow household members to access corporate devices for personal use.

Users neither patched the home Wi-fi devices nor secured it by using the firewall options.

Addressing the threats

To address the threats properly, we need to understand the main impetus behind the scenes.

• Larger attack surface

    ->  More and more home devices are now getting smarter using IoT technologies like smart refrigerators, smart ovens and smartwatches etc., which provides myriad opportunities to the attacker.

    ->  Organization will have to adopt the Software as a service (SaaS) communication and collaboration services in a much more rapid way to support business continuity. This has opened another communication channel between end-users and services. 

    -> The tremendous increase in the time spent on social media sites, helps attackers in carrying out social engineering and phishing attacks. Social engineering attacks have jumped from 20,000 to 30,000 a day in the U.S.

• Develop corporate skills and capabilities against threats

Cyber-attacks are not really a challenge that cannot be dealt with;  what really matters is the need to keep a constant vigil as companies try to ceaselessly protect themselves from the ever-present cybercriminals looking to infiltrate defense systems. Cyber risk will have neither a defined solution nor a concrete endpoint. There is a need for an organization-wide security framework that not only defines the policies to restrict the attacks but also what is needed to be done in case of attacks, the measures to identify risks, and the need to on a continuous loop of improvement. 

• Humans are the weakest links

A majority of organizations focus their strength and expense on buying advanced security equipment in order to safeguard their systems. But in reality— until and unless employees are properly and regularly trained, organizations will remain susceptible to the majority of cyber-attacks. Cybercrime evolves quickly, and employees need to be kept up to speed and educated continuously; it’s pretty much like a health check-up that ensures that the body is responding appropriately.

Other mitigation frameworks 

To mitigate the security risk due to no network perimeter, organizations are shifting towards SASE (Secure access service edge), zero trust, and XDR (Extended detection and response) to ensure the security of remote users and their data. All these frameworks/approaches are spreading like wildfire in the industry. 

SASE

‘Secure Access Service Edge' is a term coined by Gartner in 2019. It combines some of today's most popular technologies into a single solution. Incumbent players such as Palo Alto Networks, Microsoft, McAfee, Cisco, Zscaler, Fortinent, Forcepoint, and more have taken steps to launch initial SASE solutions in 2019 and early 2020. 

It works on the principle of ZTNA (Zero trust network access), which says no matter from where users are getting connected as long as they can prove their identity and verify the devices with which they are connecting, the connection is secure. Once the verification is over, users can only access the resources to which they are authorized (policy-based). Endpoint clients are used for sending the requests to the nearest inspection points and SDP controllers/gateways are used for setting up the tunnels to access various applications.

In contrast to the traditional approaches like VPN for connecting to centralized office headquarters and from there to other cloud platforms or SaaS-based applications which result in high latency, expensive circuits, and bigger inspection devices to handle the circuit, SASE approach is much simpler, optimized, and inexpensive, it makes its inspection engines available at regional PoPs location through a SaaS model approach.

XDR

Extended detection and response, collects and correlates data across email, endpoints, servers, cloud workloads, and networks, enabling visibility and context into advanced threats. These threats can then be analyzed, prioritized, hunted, and remediated to prevent data loss and security breaches. It highly improves the detection and response speed and provides a framework to investigate the threats more effectively and efficiently.

It is done by combining the capabilities like security information and event management (SIEM), security orchestration, automation, and response (SOAR), network traffic analysis (NTA), and endpoint detection and response (EDR). 

Advanced XDR vendors are focusing up the stack by integrating with identity, data protection, cloud access security brokers, and the secure access service edge to get closer to the business value of the incident.

XDR enables an enterprise to go beyond typical detective controls by providing a holistic and yet simpler view of threats across the entire technology landscape.

Extended Detection and Response (XDR) holds the promise of consolidating multiple products into a cohesive, unified security incident detection and response platform. XDR is a logical evolution of endpoint detection and response (EDR) solutions into a primary incident response tool.

Conclusion

The unforeseen Covid situation has left many businesses unprepared to deal with a storm of cyberattacks targeting their employees and data, causing a global change towards remote working.

Along with some benefits, it comes with a huge shift in the security paradigm. New risks because of this can be mitigated by implementing proper tools, frameworks, policies, and practices that will help in reducing the overall attack surface area.

Strong passwords, VPN, and best email practices help secure remote working processes; along with it security frameworks like SASE and XDR help in protecting businesses.

Rajat Toshniwal, Solution Architect, Pimcore Global Services

Rajat Toshniwal is a Solution Architect at Pimcore Global Services (A Happiest Minds Company). He is an expert in Cloud Engineering, DevOps, and Linux server Administration.