It's Time to Re-evaluate Your Cybersecurity Strategy
The series of events that have unfolded in recent years have prompted many companies to update their security measures. After two years of a global pandemic, a move to the remote and hybrid workplace and now war in Europe, organizations may, indeed, find it relevant to revisit their cybersecurity strategies.
According to Jacob Ansari, chief information security officer for security and privacy compliance assessor Schellman, the time for complacency is over and companies should assess how changes to the environment and threat landscape have affected their risk, constraints and obligations to maintain an appropriate security practice.
“Given the events of the last few years — a major shift to remote work, more active nation-state threat actors, even new trans-Atlantic privacy rules," he said, "organizations that have not reevaluated their security strategy are overdue.”
Lack of Preparation in the Face of Growing Threats
In January, the FSB, Russia's domestic intelligence service, announced it had arrested members of REvil, one of the world’s most destructive ransomware gangs. The U.S. Department of the Treasury said the ransomware group had obtained over $200 million in extortion payments. Rachel Bush, AVP, threat detection and response at Nationwide, said nearly all industries have seen a significant increase in cyber attacks over the past two years.
Not only are attacks increasing in frequency, but they have also increased in severity, even impacting critical infrastructure segments like energy, big tech and financial services.
“Undoubtedly, ransomware remains the biggest threat," Bush said. "That's really because of two factors: it can be extremely disabling to a business, and it's a long and difficult recovery when it happens."
On March 31, a Germany-based wind turbine maker, Nordex Designs, had to shut down its IT systems across multiple international locations and business units after company officials said they had detected an intrusion "in an early stage." Then, in early April, a cyberattack on toy and craft chain The Works in the UK forced the company to shut down some of its shops temporarily and suspend new stock deliveries after hackers gained access to its computer systems and caused issues with its tills.
These recent examples indicate that beyond Russian threats to US interests and NATO allies, there are plenty of other bad actors. Yet, according to email security provider Egress' recent Human Activated Risk report, 56 percent of IT leaders said their non-technical staff are only 'somewhat' prepared or 'not at all' prepared for a security attack. More concerning, 77 percent of respondents indicated they have seen an increase in security compromises since going remote two years ago.
Related Article: Enterprise Data Security Still Has a Long Way to Go
Cybersecurity in the Remote and Hybrid Workforce
The move to remote work enabled many businesses to remain operational during the COVID-19 pandemic, and some organizations have since opted to continue to allow employees to work remotely — or to use a hybrid model — now that the crisis is waning.
Security Intelligence reported that in 2021, 61 percent of malware attacks at organizations targeted remote employees through cloud applications. Meanwhile, according to IBM’s 2021 Data Breach Report, the average cost of a data breach is $1.07 million higher in those attacks where remote work is a factor.
“Early in the pandemic, there were a lot of businesses rapidly pivoting to work from home that may not have prepared for that scenario with adequate security technology or policies," Bush said. "Endpoint detection and response (EDR) has become an absolute necessity. I'd argue that it's a necessity even if your company has the benefit of a highly controlled network perimeter that may be offered in a more traditional in-office environment, but it becomes even more critical in dispersed remote work scenarios."
The remote workplace brings with it specific scenarios that need to be thought through before an incident occurs, rather than after. “It also introduces the complexity of thinking through how you're going to maintain control of and visibility into network traffic for remote assets,” said Bush. “How will you block outbound traffic to unsavory destinations? If you discover a phishing campaign that is successfully tricking your associates into clicking links to a malicious website, how will you find all of the assets that visited that malicious destination? Can you see outbound traffic that isn't proxy-aware?”
Though a return to the office likely carries less risk than the original transition to remote, Bush said it's still a good idea for companies to reassess their posture against the basics.
“Do you have a complete asset inventory, or have things changed and gone undocumented over the past two years? Are you keeping pace with the growing demands of vulnerability management and patching? Are you leveraging threat intelligence to understand the threats most relevant to your organization and using that knowledge to prioritize your investments? Have you continued to maintain your core network security appropriately while you were away?” Bush said.
Related Article: How Security Technology Enables the Digital Workplace
Steps to Take to Improve Cybersecurity
In January, the Cybersecurity and Infrastructure Security Agency (CISA) issued a memo to bring awareness to organizational leaders of critical cyber risks and help them take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise. "All organizations, regardless of sector or size, should immediately implement the steps outlined,” read the memo.
At the same time, CISA also released an alert entitled "Understanding and Mitigating Russian State-Sponsored Cyber Threats to US Critical Infrastructure," which identified specific threats and tactics and how to deal with them. Nationwide's Bush commended the agency for its guidance and advised business leaders to take note of the recommendations.
On April 5, the Wall Street Journal reported that between March 23 and March 29, 65 cyberattacks occurred on Ukrainian critical infrastructure, according to the SSSCIP in its report on cyber activity. The agency said that the most targeted sectors were state and local authorities, Ukraine’s security and defense sector, financial companies, telecoms and energy.
Addressing Employee Needs and Wants with a Digital Workplace
The workplace is getting more and more digital – both in how we work and where we work
Maintaining a Human-Centered Approach During Digital Transformation
When it comes to digital transformation - people drive change, not technology
The Evolution of Employee Recognition
Leveraging the power of appreciation to improve the employee experience
How to Build a More Innovative and Resilient Workplace Culture
What would happen if every member of your team came to work focused on finding solutions and creating better results?
Michael Gray, chief technology officer at IT company Thrive, said performing a security health assessment is the first step in mitigating risks. He recommended evaluating current protocols and creating an organizational risk profile against 18 areas identified by the Center for Internet Security and then laying out a strategic plan to assess potential cybersecurity weaknesses.
“With vulnerability management and advanced patching services, organizations can also initiate proactive remediation of security vulnerabilities while staying up-to-date with external software vendors’ patches as they are released,” Gray said.
To help rapidly recover from a data breach, hack or cyberattack, Gray said organizations should also have a disaster recovery plan (DRP) in place. “DRPs typically include role planning for key personnel, backups and backup checks, a detailed inventory of all assets, and a communication plan for vendors and customers," he said.
Conducting tabletop exercises for the plan is also an imperative to ensure everyone knows their role and action plan following a breach, he added.
Related Article: A Zero Trust Security Primer
Cybersecurity: Not Just for Big Businesses
While large companies typically make news when they suffer cyberattacks, that's not always the case for smaller companies despite the fact that many of them have been the victim of attacks in recent years.
“Ransomware, in particular, continues to rise, especially for small and medium-sized businesses,” said Bush. “Some industry studies are claiming as much as a 37 percent increase in DDoS attacks over the past year, and many of them have been paired with an interesting twist of extortion attempts.”
While small businesses may not feel like the prime target of cyberattacks, they face the same cybersecurity threats as their larger counterparts. JD Sherman, CEO of Cambridge, Mass.-based password manager firm Dashlane, said smaller companies, particularly in the high-risk industries identified by DHS, need to be vigilant and prepared. They are particularly vulnerable to cyberattacks for two reasons, he said.
"First, they often lack the time, space or resources to devote to IT management and security, a challenge that is made even more acute by the shift to remote working during the COVID-19 pandemic, which dramatically expanded the attack surface outside of a company’s infrastructure," Sherman said. "Second, they’re often the targets of cybercriminals looking for easy targets, like the car thief who searches for the vehicle with its windows open and doors unlocked."
Unless companies make the effort to address potential threats and vulnerabilities, opportunities for bad actors will continue to exist and be used to gain access. “These threats can be daunting to face," Sherman said. "As a result, many businesses fail to address them, leaving themselves unnecessarily vulnerable."
Related Article: End of Year Incidents Remind Us of Our Corporate IT Vulnerabilities
A quick review of recent news demonstrates the importance of cybersecurity for organizations large and small. In addition to the security risks that come with the remote workplace, war in Europe threatens to unleash cyberthreats from nation-states against critical infrastructure, including in the US. To combat these existing and potential threats, companies need to take a closer look at their security policies, regularly backup data, update and patch software, and rectify any weaknesses to ensure they do not become another cybersecurity statistic.