Protecting Your Organisation From the Cyber Threat Gold Rush

It has been a tough year for information security teams.

COVID-19 has completely redefined the cyber threat landscape and added brand new levels of complexity to an already demanding discipline. 

Organisations have had to rapidly adopt new technologies to enable remote working and scale-up digital touch points with customers. This has, at times, punched holes in their security fabric, all in the name of business continuity. What's more, a ‘move first, plan later’ approach has collected security debt in the last 18 months that needs addressing now. 

The rise of remote working also moved people and devices outside of the security perimeter, leaving them reliant on consumer-grade networks and equipment which will never measure up to pre-pandemic corporate security expectations. At the same time, employees have had to share their workspace with families or flatmates. Many have even been forced to share devices as social needs such as homeschooling became priorities. 

An impossible job for security has had cyber criminals licking their lips over the last 18 months. By probing technologies for weaknesses and preying on a confused and anxious workforce, we have seen the rise of a cyber threat gold rush.

The Cyber Threat Gold Rush in Numbers

2020 broke records for all the wrong reasons.

According to the National Institute of Standards and Technology (NIST) National Vulnerability Database, 2020 saw a record number of vulnerabilities identified -  continuing the year on year increase reported for the past four years.

In April 2020, Google reported 18 million daily malware and phishing emails related to COVID-19 scams over the space of just one week.

At the same time, the FBI saw a 400 per cent jump in the cyber crimes reported to its Internet Crime Complaints Centre (IC3) and Interpol discovered an ‘alarming’ rate of attacks aimed at governments, large corporations and critical infrastructure - 59 per cent of which were spear phishing attacks, 36 per cent from malware and ransomware attacks.

This increase in malicious activity has brought about several high-profile corporate breaches, with the likes of SolarWinds, Microsoft Exchange, the Colonial Pipeline, and Accenture all suffering at the hands of cyber criminals. Considering how each of these victims are part of a supply chain themselves, the impacts ripple out to their customers causing service or supply outages which carry a cost of their own. 

The Colonial ransomware attack alone cost the company $4.4 million in ransom, and likely ten times that in remediation costs. The downstream impact of businesses experiencing a gap in supply would have an even higher multiple across a wider base. 

When considering that ransomware attacks increased by an astonishing 485 per cent in 2020, you can bet that it has been a lucrative year for cybercriminals. In fact, as the threat and landscape continues to expand in 2021 experts are predicting that cyber attacks will cost the global economy $10.5 trillion annually by 2025.

The increased cyber activity has led some of the world's largest corporations to invest heavily in cyber security and cyber insurance. US President Joe Biden has even issued an executive order to improve the nation’s cybersecurity and protect federal government networks, which will have major implications on the security supply chain both in the US and globally.

If governments and corporations, with higher budgets and more resources than the average business, are not immune to these threats, then it is clear that every organisation should be doing more to protect themselves.

But what steps can you take to improve your security posture and navigate the cyber gold rush?

1. Understand your risk profile
2. Learn from the past
3. Plan for a zero trust future
4. Don’t forget the human factor

Understand your risk profile

Your first step is compiling a risk audit of your organisation - factoring in individual employees, your systems and tooling, as well as your partners and suppliers.

Individuals have a high risk profile. The shift to remote working has forced them to adapt to new technologies and behaviour, making them more vulnerable to phishing and social engineering attacks. Make sure you have a clear idea of your employees’ remote-office set up including the devices they connect with and the limitations/vulnerabilities that might impact them. Also, ensure you are monitoring the sensitive accounts and materials your people have remote access to and ensure their access is reviewed over time to keep it up to date. 

Review your systems and tools too. Every organisation is likely to have picked up a degree of security debt over the last 18 months of rapid change. Scrutinise your systems to find potential weak points to gain a better view of what your attack surface looks like from the outside. 

Your audit should also include your interactions with partners and suppliers. Attackers routinely exploit the chain of trust implicit in the supply chain. As such, it is essential to vet the security of all partners and suppliers.

Only by fully understanding your risks and potential exposure can you apply your resources to maximum effect.

Learn from the past 

You would be surprised how many attacks wielding methods that were successful over a decade ago remain effective today. The recent SolarWinds Sunburst attack (from 2020) is a prime example. Initial account compromise likely occurred via phishing the Office 365 environment. The attack then moved laterally into the organisation's TeamCity CI/CD environment. The malware was then developed and tested extensively before being released to customers via Solarwinds own release process - whereby attackers could then pick and choose the organisations they wanted to exploit. 

Rewind to 2009  and you notice a very similar pattern of attack with Operation Aurora, an attack that targeted Silicon valley tech companies. An initial phish gained account access which allowed the attacker to move laterally to gain a foothold within a customer's systems. While the custom Sunburst malware was different, the attack chain of compromise, lateral movement and capturing objectives remains incredibly similar. 

It was this attack which prompted Google to develop BeyondCorp, an implementation of zero trust security concepts which considered both internal and external networks as untrusted, with access policies based on information about a device and its associated user.

This major step forward in the understanding of the value of a zero trust security posture happened over a decade ago. Still, many organisations are yet to learn from the mistakes of others and implement robust solutions to counter established threats.

Plan for a zero trust future

So how can you avoid these attacks?

With the increased adoption of cloud and cloud based services over the past decade, organisations have been slowly adapting to security outside of the traditional perimeter. The death of the perimeter is all but confirmed by the post-COVID trend towards hybrid working - which requires a more flexible, dynamic security posture built on zero trust. 

But how do you adopt zero trust?

With network perimeters shifting remote and ever more intangible the remaining logical point of control is identity. By focusing on identity and access management you can incorporate user behaviour and device location context to build a robust, risk-based decision engine. 

This assume nothing, verify everything approach, provides granular control over access to resources, so you can clearly define which user, within which context over a specific time gets access to a specific resource

This can then be fed into analytics tools and re-fed into the decision engine to allow for real-time access management - providing granular control without disrupting workflows.

A robust security posture is built around a zero trust architecture, which in turn is built on a modern identity platform.

Don’t forget the human factor

If identity based zero trust is one half of the solution then securing the user is the other half.

Humans are often described as our weakest link but they can be a powerful defensive partner - if we enable them.

We achieve this through self-examination and education.

Take insights from your risk audit and understand the new behaviours and threats your people are facing in the post-COVID, cyber landscape. Incorporate these insights into your risk management programmes to be understood and iterated upon. Training and visibility of this programme will strengthen the human factor and empower them to identify even the most devious social engineering and phishing attempts.

The cyber threat gold rush may be a lucrative time for bad actors, but there are immediate, impactful steps you can take to manage your organisational risk. By fully understanding your potential exposure can you apply your resources to maximum effect.

If you are aiming to accelerate your own journey to zero trust then Okta can help you get there. Using our security cloud you can centralise access controls and policies, add security layers like adaptive MFA and automate the onboarding and offboarding of accounts. This modern approach to IAM can increase security in a hybrid workplace while improving the user experience at the same time through reduced friction and seamless access experiences. 

To learn more about how organisations around the world are approaching zero trust today download your free copy of ‘The State of Zero Trust 2021’ report. We surveyed 600 global security leaders about their zero trust initiatives and discover how identity-driven mindsets are securing various user types regardless of their location, device, or network.