It’s no coincidence that Halloween and Cybersecurity Awareness Month are both observed in October. Just as monsters, ghosts, and witches wreak havoc in our favorite Halloween movies, cyber adversaries haunt organizations across the globe with their increasingly sophisticated attack tactics.
There are three cybersecurity threats that, in my opinion, are the most frightening of them all: ransomware, work from home attacks, and software as a service (SaaS). Have no fear, not only will this article reveal the spookiest threats, but I’ll also share tips and best practices for prevention – no spell book required!
Beware of ransomware
Paying a ransom has no guarantees. On average, only 65% of encrypted data was restored after a ransom was paid, according to the Sophos State of Ransomware 2021.
By now, we can all generally define ransomware. It’s making national headlines due to its widespread impact in both the cyber and physical world. One of the more frightening aspects of ransomware is the uncertainty of the attack, specifically the varying attacker motivations.
Killware is an emerging ransomware threat in which the motivation is to impact critical infrastructure with the intent to do harm. In the case of Killware, they are not after money. It’s ransomware with no decryption keys. They want you to be down and stay down. For more, this USA Today article explains possible Killware scenarios and motivations.
It’s also a fluid and uncertain legislative and regulatory space. As it becomes more challenging to recover from a ransomware attack, payment is often the fastest way to get back to business. So, what happens if ransom payments become illegal?
Ransomware attack outcomes can also vary significantly. For example, just because you pay, doesn’t mean you will get the decryption keys or access to all your data. Often, ransomware families blackmail organizations with stolen data to increase their financial gain.
Ransom payments also fluctuate. Just this year it was reported that CNA Financial paid $40 million in ransom. And Palo Alto Networks found that the average ransomware payment climbed 82% since 2020 to a record-high $570,000 in the first half of 2021.
Ransomware is a financial loss event and should be treated as such. It’s no longer the sole responsibility of cybersecurity and technology teams, finance, and others responsible for managing business and financial risk have a critical role to play.
Ransomware simulation assessments can remove some of the uncertainty surrounding these adversarial attacks. An attack simulation can benchmark how well an organization is positioned to detect, prevent, and defend against ransomware. Are your controls sufficient? Are your response teams effective? If there is a detection or response failure… can you recover? These are questions NetSPI’s Ransomware Attack Simulation service and AttackSim technology platform can help address.
Haunted by work from home attacks
Nearly 80% of IT and security leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made to deal with distributed IT and work-from-home challenges, according to a survey from IDG Research Services and Insight Enterprises.
The percentage of people in the U.S. working from home doubled between 2019 and 2020, according to the U.S. Bureau of Labor Statistics American Time Use Survey. Now more than ever, organizations are embracing flexible work environments and, with that, comes employees connecting to external WiFi networks.
Consider this: Each employee device is an extension of your corporate network. The workstation itself is provisioned and managed by IT, but beyond that, they do not have control over these devices. Home networks are a black box, even more so if you use a router supplied by your internet provider. More concerning are the uncontrolled connections (coffee shops, hotels, family member’s homes, etc.) that can serve as another entry point for an attacker to access the device.
Another factor to consider is the management of personal devices. Through the pandemic, we’ve seen a shift away from office phones and often people use their personal cellphones to manage their work. It’s the lack of control organizations have over these devices that is the most frightening.
The shift to work from home ultimately broadens an organization’s attack surface. But that is the reality of our workforce today. Remote work is here to stay in some capacity and infosec teams are tasked with creating security tactics and policies to ensure business continuity and productivity… simultaneously.
To address work from home security challenges a focus on endpoint security is critical, particularly for devices not inside the ‘walled garden’ of your corporate network. Network penetration testing can help you identify the right level of protection and telemetry for your endpoint controls.
I also anticipate technology innovation in the attack surface management space to help infosec professionals tackle the many challenges that accompany a remote workforce: asset management, shadow IT, bring your own device (BYOD), and more.
Software as a Service (SaaS) in the shadows
1 out of 3 employees at Fortune 1000 companies regularly use SaaS apps that haven’t been explicitly approved by internal IT departments, according to IBM.
Add to that the fact that organizations use an average of 110 SaaS applications, according to the 2021 State of SaaSOps report, and there’s a real issue with SaaS visibility and security. The adoption SaaS platforms has increased given its ability to enable remote work, create workflow efficiencies, and collaborate (see: Zoom, Slack, Teams, Wrike).
SaaS adoption requires you to examine the security of your extended attack surface, but its footprint doesn’t receive the same level of shared responsibility as infrastructure as a service (IaaS) or cloud environments. We put a lot of trust into the security of SaaS providers today, however, these applications present many interesting security challenges.
Most people connect direct from a managed device to the SaaS platform without going through a secure corporate network, which creates authentication and identity and access management (IAM) challenges. For example, are you requiring SSO or multi-factor authentication for SaaS platforms? How do you ensure authentication best practices for SaaS applications outside the corporate network?
SaaS platforms are a critical component of our workflow today and contain troves of sensitive data. With the rapid adoption of SaaS applications today, it is important for security teams to align and communicate SaaS security policies within their organizations and ensure secure configuration of SaaS platforms. To strengthen security, SaaS security posture management is key.
Defined by Gartner in the Hype Cycle for Cloud Security, SaaS security posture management (SSPM) is “tools and automation that can continuously assess the security risk and manage SaaS application security posture.” This could include continuous monitoring and alerts, configuration review, comparison against industry frameworks, and more.
For a detailed conversation on SaaS posture management, CEO and Co-Founder at Adaptive Shield Maor Bin joins us on the Agent of Influence cybersecurity podcast next month. Tune in!