Remote work has made valuable data more susceptible to cyberthreats due to the widening attack surface. With employees working from home and using multiple devices, security has become a more complicated concern.
Unsurprisingly, cybercriminals have taken advantage of this situation, as evidenced by the rise in high-profile ransomware attacks across industries in recent months. Successful breaches have targeted healthcare systems, financial institutions and even a gas pipeline. And those crimes can leave suppliers and customers vulnerable too.
Tyler McChristian, field solution architect for information security at CDW, expressed concern during CDW’s Tech Talk webcast but cautioned against panic in responding to the reports of recent ransomware attacks.
“I don’t think panic is ever appropriate, and I think in security, we can always be kind of the folks that are doom and gloom,” he said. “But we should never be going with a fear-based approach, so I would encourage everybody listening today — whether you’re a key stakeholder or in the trenches — to dial back those emotions a little bit, because the last thing you want to do is make a decision to move quickly that leads you down the wrong path with an investment that might not make sense for your organization.”
What Has Changed for Cybersecurity in Recent Months?
McChristian emphasized that IT security is nothing new. However, concerns have been heightened due to an uptick in incidents in the first half of 2021.
“One, I think we’ve had a variety of very high-profile incidents in the news, so I think that’s got everybody a little bit on edge in the world today,” McChristian said. “And the second piece, partially in response to the first, is we’re now seeing stakeholders in organizations, as well as external forces, push people to increase their security posture. So, the one that I’ve seen a lot lately is cyber insurance providers ratcheting up the requirements for the organizations that they cover.”
For organizations re-examining their security strategies, McChristian said, “The first thing I always say is, be proactive. And that might not necessarily be another security toolset. I would encourage organizations to take a look at their security posture from a technical or policy perspective. So, starting with something like a penetration test or aligning to a security framework is really going to help you, as an organization, evaluate where you are today, where you might need to improve and what is the best path forward.”
He recommended two common frameworks for businesses to use as best practices. According to McChristian, the Center for Internet Security’s Top 18 Controls and the National Institute of Standards and Technology’s Cybersecurity Framework are great places for any organization to start.
Register below for an upcoming CDW Tech Talk, held Tuesdays at 1 p.m., to hear from IT experts live.
Cybersecurity Has Changed as Companies Reacted to the Pandemic
Andrew Mundell, principal security engineer at Sophos, also joined the conversation to offer suggestions on how organizations can target the cybersecurity challenges they’re facing.
“I think I’d break it down into three big areas, and the first is the problems that we saw trying to get organizations to understand the power of cloud management,” Mundell explained. “Those are really difficult conversations with segments of the market out there that were highly regulated, worried about their intellectual property, for instance. So we’ve really seen the pandemic of 2020 bring that into sharp focus. Not only are organizations having to make drastic changes to their perimeter, but a lot of the traditional tools that they’ve been able to rely on have just not been suitable.”
Mundell said the second major problem he’s seen has been the changing perimeter. “I think back to a few years ago, and we had a very clear line of understanding of what the perimeter was, what the inside of the network was and what the outside of the network was. Not only has that had to change a lot, but we’re starting to see it actually being significantly more effective to blur those lines. And users want the flexibility to work wherever and whenever they want to.”
“And I think the third piece is the sophistication of the attacker,” he said. “I think that we are definitely seeing the widespread attacks increase. And whereas traditionally, I think we would hear a little bit of news here and there, now what we’re seeing is these are long-running attacks. These are not things that are built in a couple of days.”
Ransomware Attacks Continue to Evolve
Mundell pointed out the ways in which cyber criminals have changed their attack methods. He spoke about a new platform for criminals, which he called Ransomware as a Service. “What you’re able to do is join a platform and have that platform manage your ransomware executables, your ransomware payments and the encryption keys. So now, as an attacker, you don’t have to worry about any of that pesky complicated stuff to do encryption.”
In recent attacks, Mundell said cybercriminals have been able to “use techniques and tools that have historically been thought of as things that are in the capabilities of nation-states. So, we’re definitely seeing the bar for some of these incredibly long-running and complex human-operated attacks come down.”
“There’s a second thing that goes on typically in the majority of the ransomware attacks that we’re seeing, and it’s some of that data access, not necessarily data exfiltration,” Mundell said.
Cybersecurity experts are now seeing incidents in which attackers not only take data, but also disable an organization’s security tools. Attackers have been able to “do things like break database services so that the database files become unlocked, and they can then be encrypted. So, if you think of the amount of time that the attackers have access inside of some of those environments, there’s a lot of intel that they’re able to gather. And that’s certainly different from how we thought of attackers and hackers even just a few years ago.”
Zero Trust Can Be Effective in Providing Additional Protection
Many organizations are pinning some of their hopes for better security on a zero-trust approach to security, hoping multifactor authentication can offer greater defense.
Chris Frenz, assistant vice president of IT security at Mount Sinai South Nassau, offered his experience implementing a zero-trust strategy in a healthcare setting. Speaking about the architecture he employed during his stint at another hospital, Frenz said, “We became very concerned about the possibility of a ransomware or widespread malware attack in the organization. So, one of the things we decided to do was simulate what it would look like if a malware attack actually hit the hospital.
“By doing the exercise, we learned quite a bit about what controls are effective, what controls didn’t work, and in some cases, how people responded to the attack, both users and incident response. Now, one of the controls that stood out as really effective in doing a test was network segregation.”
For many organizations, Frenz said that figuring out the different traffic flows and mapping them out will likely be the biggest challenge of a zero-trust initiative. “A lot of the more modern zero-trust tools do a much better job of giving insight into the traffic that occurs between systems, so it’s gotten a little bit easier. But that’s still where your biggest challenge is going to be,” he said.
Any organization implementing a zero-trust initiative should spend a good amount of time learning the traffic flows required in the organization, Frenz said. By taking the time to understand which systems need to communicate with other systems, “the less likely you’re going to be to break something when it comes time to actually put the policies in place, because those identified traffic flows will form the basis of your zero-trust policies.”