A series of prominent events have changed the way that we think about how to approach our customer’s security posture. The 2020 Global pandemic changed how many people work – from their homes instead of offices – and forced us to think about what happens to business continuity (fundamentally resilience) plans when operators are unable to physically access secondary data centers or alternative work locations. In addition, the increase in state sponsored cyber attacks clearly showed how much more valuable the data that our customers produce and protect has become.
The SolarWinds Attack Showed Us Why Cybersecurity is So Vital
The SolarWinds attack, first discovered by FireEye while they were investigating their own breach, rocked the cybersecurity and technology industries to their core. This widespread and damaging attack drove home in unambiguous terms how damaging state-sponsored attacks can be.
This widespread attack targeted both private businesses and the upper echelons of the US Government, including the Department of Homeland Security and the Treasury Department, and served as a wake-up call for many organizations. State-sponsored attacks are threats that can have devastating consequences. So why in 2020 and now 2021 are many organizations approaching both their security posture and their business, in general, the wrong way?
Common Mistakes Organizations Make
In an interview with ChannelBytes and Erin Logue Smith, a cyber and compliance specialist at Dell, we discussed common mistakes we see businesses making and how organizations can increase security in the work from anywhere era.
The Dangers of Silos
A siloed approach occurs when business units fail to collaborate and communicate amongst each other and too frequently security teams are isolated from important organizational context. Since security plays a fundamental role in any IT or software project, all organizations need to incorporate security best practices throughout the organization and take a security-by-design and by default approach. This includes making sure any source code you are incorporating from the public domain has been thoroughly audited, reviewed for security risks, and effectively assessed that it is not compromised.
The SolarWinds compromise was so far-reaching because the malicious actors behind the attack were able to upload malicious code into the company’s build server used for the Orion application. Orion is widely used by companies to manage various IT resources. Given how pervasively Orion is used, there are an estimated 33,000 customers potentially compromised as part of the attack and certainly many of whom are trying to validate if their systems have been breached.
To prevent silos from forming, organizations need to approach their cybersecurity posture robustly and holistically, taking a whole-of-enterprise perspective. Not only will a holistic approach improve security, it also improves efficiency by improving inter-departmental communication and helping support business goals and initiatives. This organizational context facilitates better alignment between security functions and organizational priorities.
When Overreliance Leaves Your Organization Vulnerable
The other common mistake frequently encountered is an overreliance on point products and tooling. One best practice all organizations should be following, regardless of which threats they are trying to mitigate or contain, is to approach security with defense in depth principles.
By going back to basics and identifying what exactly your goal is and which steps you need to take to achieve that goal, you can help your organization create a robust, streamlined security posture designed to meet your organization’s specific needs. In my experience, an overreliance on point solutions tends to move organizations away from their security goals, not towards them, putting them in a more vulnerable position. Defense in depth principles look at the interrelationship among security and application tools and emphasizes additional controls where one point solution may fall short in meeting a specific security objective.
Work from Home Has Exponentially Increased the Attack Surface
As the SolarWinds attack demonstrated, a vulnerability in your supply chain can have devastating consequences. Avoiding silos and assessing each item in the supply chain is crucial for safeguarding your organization and its digital assets.
In Erin’s experience, many organizations have failed to factor in the pandemic’s effects on work when they are assessing cybersecurity posture. Many organizations act like nothing from a security perspective has changed, even as remote work (and the security risks it brings) continues to be the new normal.
Though some organizations are taking steps to adjust, too many find themselves playing catchup as they try to secure their remote workforce after work has already shifted out of the office. As such, many organizations still don’t have the necessary tools and strategies in place to support a distributed workforce that has traded their secure, workplace-based work environments for potentially less secure home environments.
Work from home has also brought with it myriad distractions as parents juggle their own workload while simultaneously supporting their childrens’ distance learning objectives and pet owners deal with pet-based interruptions. My dog is barking as I write this. The elephant in the room is that these distractions, and all of the other changes that work from home has brought, are the new normal. Our employees and our colleagues are distracted leaving us more exposed to malicious activity. Organizations need to embrace this dynamic and change their approach to security accordingly. The threat landscape has changed dramatically, and organizations need to update their cybersecurity resiliency programs to meet these new requirements. Effectively, organizations need to ensure that the ‘work from anywhere’ dynamic does not materially increase risk for the organization. This requires thoughtful risk evaluation and the implementation of controls, many of them new, that can mitigate these risks.
Both Erin and I have seen a marked rise in the number of email-based phishing scams targeting our customers, and unfortunately, some workers are falling for them. Most security breaches occur when workers are distracted and end up clicking on things they would never have dreamed of clicking on prior to the pandemic. Adversaries know we’re distracted and have crafted specialized phishing emails to exploit this dynamic. They’ve done this because it works.
You can’t protect your organization without educating your employees and making sure they know which steps they need to take to help keep your organization secure; especially when confronting phishing attacks.
EVOTEK, in particular, has seen a significant increase in attack surface challenges as people who are used to working in secure office environments and connecting only to their core data center where everything (including their network, the assets running the applications, and the stored data) was highly secure. Now, these same individuals find themselves working at home and are wholly unprepared to handle the transition from a security perspective. Training and security awareness are critical to mitigating these risks.
Phishing Scams are On the Rise, & Workers Are Falling for Them
Phishing scams where the sender impersonates the CEO appear to be on the rise as ChannelBytes recently had an Enterprise client that was targeted. In the email, the “CEO” of the company asked recipients to click a link and buy a large number of gift cards from a specific store. Even though this request was completely out of character for the CEO, a few workers fell for the scam, causing a lot of problems for the business.
What Steps Can I Take to Improve My Organization’s Cyber Resiliency?
If one positive thing has come out of this pandemic and the sudden shift to work-from-home or work-from-anywhere, it is that it has increased security awareness among non-security professionals. As workers continue to work from home, they are becoming more security aware, and many workers and the organizations they work for are now actively working to improve security for remote workers, strengthening their organizations’ cybersecurity posture on all fronts.
Improving cyber resiliency should be a top priority for any organization. To learn about other steps your organization can take, please consider watching the full interview series with Dell and ChannelBytes.