The number of cyber-attack events are increasing exponentially and many experts consider this to be an inflection point for cybersecurity. The threat landscape is changing rapidly and repercussions in terms of financial costs and risks are growing, to an extent that traditional security tools are made redundant.
According to the Cyber Resilient Organization Report 2020, 56% of surveyed organizations had experienced a cybersecurity incident in the last 2 years involving data loss, but only 40% have a response plan for attacks like Distributed Denial of Service (DDoS), malware and insider incidents. Security leaders are feeling challenged by the complexity of threats and the speed by which they can respond to them. One of the key security frameworks that organizations need to adopt is Zero Trust. With the transition of traditional work models to the hybrid multi-cloud environments and increase in Bring-Your-own-Device models, guarding of IT perimeters is not enough anymore.
Organizations need to identify their internal sensitive data and protect it by controlling access to users with identity & access management protocols and implementing analytics and machine learning tools to detect breaches.
While the world struggles with the devastating realities of COVID-19, cybercriminals have quickly seized it as a prime opportunity to launch attacks on corporate and remote users, using malware, spam attacks, phishing campaigns and ransomware.
The pandemic forced companies to shift to a remote workforce overnight and needed to ensure that their employees could collaborate, share information, and get work done while working remotely. This opened up a surge in adoption of cloud and SaaS services, including video conferencing services, collaboration tools, file storage tools and even tools like VPNs.
Given the urgency of the situation many organizations adopted these systems without considering all the security implications. The rapid shift to a remote workforce coupled with an increase in cyberattacks can create unparalleled challenges for organizations who are not prepared for it.
According to the recently released IBM Security Cloud Threat Landscape report, there was a 40% increase in incidents in 1Q 2020 globally compared to the same quarter in 2019. Since March 11, when COVID-19 was declared a pandemic by the WHO, IBM X-Force has observed a more than 6,000% increase in COVID-19 related spam that has ranged from emails from financial companies and banks offering stimulus relief to individuals to emails claiming to be from the government offering business relief, and even emails from the WHO offering vaccine information.
IBM is urging businesses to revisit their incident response protocols, many of which may no longer be applicable under current conditions.
Challenges for businesses in Sri Lanka
The situation is not very different to enterprises in Sri Lanka and they are looking at enhancing their cybersecurity posture, from setting up security operation centers for their organizations to appointing Chief Information Security Officers.
However, the nation’s security threat landscape is also constantly evolving as is evident from reports of several major cyber-attacks this year. Due to the pandemic, enterprises in Sri Lanka are seeing an increased adoption of digital tools led by cloud as it is the most cost-effective tool to cater to demands of a remote workforce and to maintain business continuity in the new normal.
While the cloud enables many critical business and technology capabilities, ad-hoc adoption and management of cloud resources is also creating complexity for IT and cybersecurity teams.
X-Force IRIS incident response experts conducted an in-depth analysis of cloud-related cases the team responded to over the past year and found that financially motivated cybercriminals are leading the attacks with the most common entry point being cloud applications, including tactics such as brute-forcing, exploitation of vulnerabilities and misconfigurations.
Ransomware was deployed 3x more than any other type of malware in cloud environments, followed by cryptominers and botnet malware. Outside of malware deployment, data theft was the most common threat activity IBM observed in breached cloud environments over the last year. Threat actors used the cloud to host their malicious infrastructure and operations, adding scale and an additional layer of obfuscation to remain undetected.
Smarter and better security for the new normal
As the cloud becomes essential for business operations, organizations must focus on the following elements to improve cybersecurity for hybrid, multi-cloud environments. Companies need to adopt a unified strategy that combines cloud and security operations–across application developers, IT Operations and Security.
CTOs need to risk-assess the kinds of workloads and data that is intended to move to the cloud and define appropriate security policies. Although remote working is the new normal for most organizations, a minimum number of employees will need to return to work.
To manage security for the returning workforce and ensure a seamless experience for others, security teams need to leverage access management policies and tools including multifactor authentication and restrict privileged accounts to prevent infiltration using stolen credentials. Regular proactive simulations and rehearsing for various attack scenarios can help identify blind spots and also any potential forensic issues that may arise during attack investigation.
Post-COVID-19, enterprises need to ensure the security of their remote workforce by taking steps to protect mobile devices and data, safeguard users and access and securing expanding environments. Security teams need to adjust their strategy to detect and respond faster to accelerating threats. CISOs also need to virtually extend their security team and quickly add expertise by training them on risk management, compliance and governance.
As technology evolves and adapts to new scenarios, so does cybersecurity risks. It’s imperative for businesses to use the latest tools and leverage cutting edge technologies like AI to keep re-evaluating their security posture, risk-assessment and response strategies to ensure their safety.
Sandip Patel is RGM, India and South Asia, IBM and Riza Wadood is the Country General Manager, IBM Sri Lanka.