The pandemic has brought a great number of changes with it for businesses, from remote work to increased cyber threats. The IT concerns we had pre-pandemic are simply not the same now, especially when it comes to cybersecurity.
With October being
Cybersecurity Awareness month, I wanted to reflect on these changes and what we as a community have learned over the past couple of years.
Same Ransomware and User Risks
Everyone knows 100% secure is not possible, or at least should be aware of the fact. Cybersecurity is never bulletproof, as you can’t stop breaches once and for all, prevent all threats, stop zero-day threats in zero-time, and the list could go on.
Ransomware introduced by users still poses a risk to businesses because it’s easy to infiltrate and hold information for ransom.. Ransomware, in many cases, does not have a natural person behind the attacks—it’s just scripted. Ransomware attacks are the equivalent of kicking the tires of cars to check if there’s an alarm going off. Most often, ransomware targets opportunities to exploit low-hanging fruits, like users in very generic situations. In other words, ransomware attacks are most commonly directed at easy targets.
New System Complexity
In the couple of years since the start of the pandemic, there has been a dramatic increase in the complexity of systems for various reasons, such as organizations having to scale to support remote employees working from home. As a result, networks have had to increase to accommodate new security and remote access software, as well as managing and monitoring remote devices.
A result of this increased system complexity is IT pros finding it far more challenging to manage and
secure their environments. What I’m hearing is most don’t have enough understanding of the latest technology, and the business isn’t giving them a chance to expand their knowledge. This knowledge gap and time crunch can have a significant impact on security, as it often leads to system vulnerabilities susceptible to compromises. Unfortunately, you don’t know what you don’t know, and the lack of knowledge can be detrimental to the business.
Security professionals would do well in buddying up with their colleagues from the operational teams, as the complexity is a shared challenge. But a change needs to come from the c-levels, who usually have an insufficient understanding of the daily problems caused by the requirements driven by the business.
Do you want an example? What about
microservices deployed across multiple hyperscalers? It’s an interesting technology and does have some advantages when talking about availability and scalability, but at what cost?
External Threats Are on The Rise
A few days ago, I read a statistic from the
SolarWinds Public Sector Cybersecurity Survey that for the first time in more than five years, external threats are a bigger problem than internal ones. What are the reasons?
First of all, we’re looking at an increase in state-sponsored attacks. It’s no longer one or a few individuals who are in it for the challenge. Instead, we are dealing with highly organized and well-funded groups that operate like a well-organized business.
The tools they are using are getting more sophisticated, too. Artificial intelligence is not exclusive to the business next door. Anyone can purchase a framework, train it, and use it for whatever their requirements are.
The same applies to resources. The unlimited resources of hyperscalers are open to anyone willing and able to pay. Cybercrime is, like most crime in general, a business. There’s money involved. And as it continues to grow, cybercrime becomes more lucrative for adversaries and the culprits become ever harder to catch.
What Can Be Done to Improve Cybersecurity in 2022
Unfortunately, there’s no secret sauce that helps in each situation. But low-hanging fruits can be picked by an organization, too.
Lowering risk and mitigating impact does not have to be overly complex and require an army of technicians. Each business, whatever the size, can introduce the basics of cybersecurity best practices, and they haven’t changed much from 2020.
For example, having an excellent
backup strategy and continuous tests are still a good countermeasure for dealing with ransomware attacks. Additionally, ongoing user training will always be a significant pillar of a reliable security concept, and frequently running phishing tests to spot possible problems before they become real ones should be a basic measure.
What must change, though, is the awareness of c-levels or business owners on how big of a threat adversaries pose. Security can no longer be an afterthought.
Big corporations and global players are attractive targets for sophisticated cyber operations. And while organizations at the enterprise level usually have a budget for security, there’s always room for improvement.
Do you have plans for the inevitable situation? Are your security teams trained to deal with emergencies instead of spinning in circles? There’s a reason for fire drills, so why not use minor incidents to test your policies, alerts, and strategies? It is also beneficial to have public messaging ready for when an attack does happen.
Even if you’re a small business, like a restaurant, and don’t consider yourself worth getting hacked, think again. You could easily find yourself in a situation of someone asking you to pay $1,000 to restore access to your reservation and payment systems on a Friday evening. While this may not be a huge cost, if your system continues to remain vulnerable, the likelihood of facing the issue multiple times is heightened.
Whatever your business, size, or budget - don’t strive for perfection as any measure to increase security is better than none. Start small and continue to build your security overtime to lessen vulnerabilities.
So long, enjoy October, and patch your stuff!