5 minute read
Attack Vectors Can Come From
ATTACK VECTORS CAN COME FROM VIRTUALLY ANY ANGLE
Morey Haber, the CTO and CISO at BeyondTrust, says that threat actors today are fully aware of the attack vectors that work best on remote workers
Advertisement
How has the security threat landscape evolved over the past few months?
The security landscape over the past few months has evolved from protecting against a breach to having the proper procedures, policies, and disclosures for when a breach occurs. The community has come to an understanding that even with the best tools and diligence, a breach can still occur. We have seen this happen even with some of the most secure companies and governments throughout the world. Attack vectors can come from virtually any angle and it is not a matter of if they will occur, but rather when they will occur. The security threat landscape has come to the painful conclusion that a proper defense also includes all the steps necessary to triage a breach and notify the appropriate parties when an event occurs. This includes everything from a well-rehearsed incident response plan through having attorneys on retainer for when it happens. It is a change of full defense from previous methodologies of strictly protection.
What are the top 3 cybersecurity trends we should be looking out for?
The top 3 cybersecurity trends all security professionals should be looking out for include: • Excessive Account Privileges
– provisioning accounts with excessive privileges or shared secrets that can be leveraged against a user or application.
Everything should follow the model of least privilege • Inappropriate Asset Access – The usage of all assets, applications, and accounts should be monitored for inappropriate usage.
This should include basic traits like first time geolocation access, foreign geolocation access, and simultaneous geolocation access. • API Security – All applications in the cloud should have strict API access regardless of SaaS, PaaS, or IaaS. Usage of cloud-based
APIs should be monitored and any new API usage or granted/ denied permissions monitored for appropriate behavior.
What sort of security challenges are people facing when working from home and how is your company equipped to handle those challenges?
While most disaster recovery plans focus on a single catastrophic event, the coronavirus represents a long-term threat that might stretch a disaster recovery model to its brink of coverage. With this in mind, I have compiled four considerations for how to expand a remote workforce and deal with this threat — potentially for the long haul:
1. Sensitive Data And Privacy: When enabling large numbers of employees to work remotely, CISOs need to consider the exposure of sensitive data and privacy of information flowing to the remote end user’s environment. There are many tasks and transactions that are performed by office employees, and the data should never leave the traditional corporate perimeter. 2. Shadow IT With Free Tools: For some organizations, employees have been asked to work remotely but have not been given the proper tools for a variety of reasons. These include cost, lack of authority by geographic region or simply lack of process. 3. Bring Your Own Device (BYOD): For many CISOs, this is just an unacceptable risk. With no traditional security controls like antivirus or vulnerability assessment on
these employee owned devices, there is no way to mitigate the threats when they are connected and unmanaged. And if these devices are shared among family members, the risk of malware from a simple online game increases exceptionally when the same device is used to connect to potentially sensitive data. 4. Privileged Remote Access: There is a strong chance that if the coronavirus has affected your organization, then some of the employees being asked to work remotely will need privileged access to resources. This means that once they establish a remote session, the credentials they need to access and operate a resource are either administrative, root or power user. If they are entering them remotely, then they are exposed to the local computer, and any malware or attack can sniff them out.
How has ransomware evolved during the pandemic period and what are you doing to tackle the problem?
Ransomware in the pandemic has evolved from threats to ends users (primary through phishing attacks) to sophisticated attacks leveraging advanced exploits targeting hypervisors and exchange mail servers. Threat actors are fully aware of the attack vectors that work best on remote workers but also realize most organizations have defenses to block propagation via VPN or to cloud resources.
Therefore, in order to continue monetizing the threat of ransomware, threat actors have successfully bundled their payload onto vulnerabilities that target critical resources as employees work from home. This evolution of attack provides maximum impact to the business and creates a highly visibility scenario that forces the business to react due a large-scale outage of hypervisors and email.
In order tackle this problem, organizations have embarked on more aggressive patch management schedules and implementing least privilege solutions for human and non-human accounts in order to minimize the expose to these evolving threats. This essentially remediates the risk before a vulnerability can be exploited and the threat of ransomware looms over the organization.
How can companies overcome digital security and privacy challenges?
Organizations can overcome digital security and privacy challenges by ensuring a proper separation of duties between the two. There is a common problem in the industry that organizations confuse security and privacy requirements. If these requirements are properly understood, and role delegation and ownership is assigned appropriately, many companies can overcome digital security and privacy challenges despite changes in regional laws and disclosure requirements. Companies must keep them separate and educate team members on the differences and how they complement each other.
What are the key factors organizations should consider to make sure digital economies of today are secured?
There are several key factors organizations should consider in protecting the digital economies that drive today’s business:
1. Data Mapping – organizations should perform an electronic and manual discovery of all sensitive data sets and ensure proper security and privacy controls are in place to safeguard the information in transit and at rest. This includes concepts like encryption and privileged access management. 2. Data Retention – organizations should have an established data retention policy and purge old or obsolete data on a periodic basis to ensure older data sets do not become a privacy or a security liability. 3. Vendor Security – To support a businesses’ digital economy, most organizations rely on a wide variety of vendors. Organizations should secure their supply chains and deploy least privileged access, secure vendor remote access, session monitoring, etc to ensure the vendors themselves do not become the attack vector into your organization.
