Here comes the security marathon

Enterprise IT has changed at lightning speed in recent months, and the pace is unlikely to slow, according to Radware executive Anna Convery-Pelletier.

Globally, hundreds of millions of workers have suddenly found themselves working from home. Data volumes from Internet traffic and online video streaming and gaming are escalating.

Companies needed to expand and transform their application availability and security perimeters overnight to address the surge in external application traffic and increased security demands. Many have turned to Radware for guidance on how to maintain business continuity with minimal disruptions under these extreme conditions.

Anna Convery-Pelletier says :”We’re seeing many companies accelerate their investment into public environments. At the same time, the increase in working from home has expanded the attack surface, with more people working from desktops on unsecured home networks.

“These trends will endure. And it’s time for security teams to develop long-term strategies”.

Attackers leverage chaos

Unfortunately, many companies’ business continuity plans did not envision the effects of the pandemic. Rather, they were focused on disasters that shuttered offices but allowed them to work at backup sites. With many organisations unprepared, attackers have stepped up their responses, and a number of tends will likely continue into the future:

#  Zero day attacks expected. Most hackers don’t have the technical skills to deploy and exploit zero-day vulnerabilities. Instead, they typically buy tools from organised crime groups.

But we’re seeing more zero-day attacks, particularly relating to the theft of intellectual property against high-value targets. This tells us that well-funded organised crime groups and nation-state level intrusion teams (the only groups likely to have access to zero-day hacks) are taking advantage of the chaos in enterprises.

#  DDoS attacks are likely to become more prevalent. In March, our cloud DDoS (distributed denial-of-service) mitigation systems blocked 300,000 attacks globally, representing a two-fold increase over February.

Increased reliance on SSL (Secure Sockets Layer) connections may make it easier to launch successful attacks with fewer resources because the resources required by the server to handle the handshake are significantly greater than those required by the initiator.

  • Phishing scams and credential theft are much riskier. When the government announced it would send $1,200 to adults in the U.S. as part of a pandemic economic response plan, we saw a wave of phishing scams and attempted credential theft. In Germany, the failure to put in place a citizen verification procedure allowed fraudsters to steal millions of euros during the crisis.

When businesses rely on remote access and public clouds, stolen credentials offer the keys to the kingdom. Security teams need full visibility into their cloud environments to ensure that the principle of least privilege is being followed.

#  Bot peril – where business goes, bots will follow. As businesses increasingly rely on e-commerce, expect to see an increase in malicious bot traffic, which can tie up inventory, conduct price arbitrage and scrape content.

Security for the long haul

Changes brought about by the pandemic are the new normal. When the global economy returns to work, it’s likely that fewer people will return to offices and more will work from home. Changes in the enterprise IT environment mean that the threat landscape will also evolve.

Many IT teams are still handling the massive capacity increases and now must also refocus their attention on long-term safety and security of their networks. Here are a few places to start:

#  Develop a pervasive and regular employee cybersecurity training program. Through regular cybersecurity training, employees can better identify and react to threats. This should include information about phishing, password protection, etc.

#  Automate cybersecurity incident responses with security orchestration.  Cybersecurity hackers are using automation to boost their attacks, and organisations must counter this by automating their defences and orchestrating their security policies. Automating incident response activities improves the efficiency and effectiveness of incident response.

#  Use machine learning to automate tasks. Rely on algorithms to perform tedious and repetitive tasks. This allows security analysts to be freed up to focus on higher priority responsibilities.

It’s important that executive management leads the creation of the company’s long-term security plan, and it’s vital to communicate the value and investment of automation and orchestration.

#  Keep the company productive. The first priority is to keep a company productive in the short-term, which means keeping applications available. In the aftermath of the pandemic, organisations will continue to support remote access to applications to keep people productive.

#  Ensure VPNs are available. Virtual private networks (VPNs) may need to be updated to accommodate larger volumes of people and traffic. To protect against a loss of connectivity, VPNs should be clustered redundantly.

#  Invest in IT security tools. The best IT security strategy covers a company for the long term. This means investing in security tools that use artificial intelligence (AI) and positive security models to identify zero-day attacks and partial decryption of SSL traffic for DDoS mitigation.

The decisions and tools that organisations choose now, and the training they provide to their employees, will have enduring effects on security for years to come. It’s crucial that companies get it right.