How has the growth of IoT further increased vulnerabilities for organizations?
Gray: As IoT devices become more popular, they become potential targets for unwanted intrusion. Many of our everyday appliances such as smart fridges and air-conditioning units are not designed with security in mind or are not installed with proper security procedures in place. Among the most disturbing discoveries in Palo Alto Networks’ 2020 Unit 42 IoT Threat Report is that 98% of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.
These IoT devices then become data collection points that can be easily exploited in the same way that cyber criminals take advantage of smartphones or laptops. Microsoft’s Digital Defense Report saw an approximate 35% increase in attack volume targeting IoT devices in the first half of 2020 as compared to the second half of 2019.
This puts everyone at risk, especially for companies, as a significant number of employees work from home and may connect their IoT-enabled applications to laptops and other devices that are linked to business servers, increasing security risks.
What impact has remote or hybrid work had on the threat landscape?
Gray: Ever since the start of the COVID-19 pandemic, companies faced a complex balancing act between the need to rapidly digitalize and address growing concerns on security, while managing cost pressures. With worker flexibility comes new challenges in protecting their IT environments across a distributed and remote network.
Employees across the region who work from home are often connected to business servers using personal and IoT devices that do not have the same security features that company-approved ones have. At the same time, these employees have also turned to cloud-based services and other software-as-a-service solutions to work, share and store information.
Although these solutions are efficient, adaptable and flexible, especially as companies needed to quickly pivot during lockdowns, they are not always well protected, and may expose other areas downstream, allowing hackers to quickly infiltrate entire networks.
Ever-sophisticated phishing techniques and ransomware are also on the rise. According to Thales’ 2020 report on data threats in Asia Pacific, 66% of organizations feel vulnerable to internal attacks, with 45% suffering a breach or failing a compliance audit last year.
Social engineering threats and spear-phishing attacks are expected to increase as remote working continues. Socially isolated and restless employees are more likely to turn to social media or web surfing to destress. According to an article in the Harvard Business Review, 75% of people say they feel more socially isolated, 67% of people report higher stress, 57% are feeling greater anxiety, and 53% say they feel more emotionally exhausted since the outbreak of the pandemic. Such employees become susceptible targets of hackers who exploit their vulnerability to launch attacks.
Insider threats are also a growing concern. Disgruntled employees, driven by personal agendas, take advantage of the insecure access to offsite networks and systems to infiltrate companies. They also exploit their fellow remote workers, who might not recognize phishing exploits and can unintentionally cause damage.
What next-generation cybersecurity solutions are available to identify exploit techniques and analyze user behavior, to prevent or mitigate against evolving threats?
Gray: Beefing up endpoint protection is crucial in securing organizations’ remote and on-premise workforce. Companies should make sure that their computers’ software as well as anti-malware and anti-virus tools are up to date. Taking this one step further, enterprises with a large, distributed workforce could deploy integrated solutions to securely enable remote work at scale.
The Spectra Alliance – a first-of-its-kind partnership between security companies CrowdStrike, Netskope, Okta and Proofpoint – provides an end-to-end joint solution that protects all web, cloud and on-premises enterprise activities. It enables companies to adopt a Zero Trust security posture by repelling and remediating internal and external threats, while providing a seamless user experience. The combination is designed to address the security gap that businesses face as they undergo digital transformation when transitioning from on-premise to cloud services.
Also, artificial intelligence and machine learning can be tremendously helpful in improving the ability of organizations to predict and detect threats, and swiftly contain cyber attacks before they become full-blown. This is where Security Orchestration, Automation, and Response (SOAR) tools come in handy as they allow companies to collect threat-related data from a range of sources and automate responses to low-level threats, reducing the need for manpower and focuses attention on high-priority threats.
User Entity Behavior Analytics (UEBA), a cybersecurity process to detect insider threats, targeted attacks and financial fraud, is one useful way for companies to weed out insider threats.
Instead of tracking devices or security events, UEBA tracks systems’ users and their behaviors, detecting anomalies in human behaviors which indicate potential threats. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and sound alerts immediately. Many quality cybersecurity solutions would have included UEBA within their software.