Last year when the pandemic struck the world, swiftly transitioning work operations online and ensuring continuity became the immediate and primary focus for every business. While doing so, there was limited opportunity to ensure that security and data protection procedures were fit for purpose. Hence, while remote working/work from home offered the best solution, it also presented a new playing field for cyber attackers who were not only exploiting consumers but also looking for opportunities to target home workers.
As distributed work continues and cyber attackers find innovative ways to take advantage of immature systems, it has become imperative for IT leaders to build robust mechanisms to combat these problems. These criminals are exploiting human vulnerabilities that have been amplified by the pandemic, especially the added stress that remote working has created – on individuals, teams, and security staff.
Phishing attacks that win by distraction
Now in its second or even third wave, the volatility, uncertainty, complexity, and ambiguity (VUCA) of the pandemic has definitely transformed the business environment. Working from home may have increased productivity but it has raised a lot of concerns about the distractions that employees face. Whether it is homeschooling or taking care of household chores, employees are often torn between juggling multiple tasks and could easily fall prey to a carefully crafted phishing e-mail.
Threats targeting business processes
Stress doesn’t only affect an individual, but the entire team and, therefore, the organization as a whole. Even with the constant technology support that businesses provide, IT departments may not be able to react quickly enough to any external attacks. Plus, with remote working, they can no longer rely on face-to-face meetings to deal with any urgent situations. Certain organizations have put in place new working patterns to deal with this. These processes, if insecure, tend to create problems of their own. Cyber attackers have grown wise to this and can exploit any gaps in high-risk business processes.
Let’s take a look at a watering-hole attack for example. An attacker first identifies a website that is popular amongst the users of the targeted organization or a sensitive job function like finance. This website/function is then compromised to facilitate the distribution of malware to that entire group of people at once. All employees, especially those in sensitive roles, should therefore be well-advised that familiar websites can also be untrustworthy and therefore, they should be cautious at every step.
Multiple attacks, all at once
Cybercriminals work in smart and different ways. Businesses are increasingly witnessing ‘cover’ attacks wherein these criminals launch an obvious attack like denial-of-service on a public corporate website, to distract the security teams from noticing the quieter, high-impact attack that is taking place simultaneously. At such times, IT and security teams need to be vigilant enough to detect and respond to more than one attack at a time. Security drills should be routine, to test and sharpen response time. These probably took a back seat during the pandemic, as IT departments were focused on transitioning to the remote working environment, but the time has come to ensure that these exercises become a priority again.
There are certain key considerations for organizations to help ensure optimum resistance to such attacks:
1. Using analytics
Whether it’s straightforward like logging in from a different or unusual location or more complex like an untypical pattern of work spanning across multiple sensitive applications, analytics tools are extremely effective in immediately detecting any form of security anomaly. When any such anomaly is detected, the system can respond to it properly, e.g., by requesting manager authorization. A lot of these attacks also follow predictable patterns and analytics can help recognize these patterns, intelligently group them, and allow multiple threats to be processed simultaneously in real-time.
2. Efficient IT teams
The role of IT teams has evolved and matured over the past year. As guardians of the business’ security infrastructure, they need to provide employees with a fair amount of awareness and knowledge, as well as accessibility so that they can raise any security concerns immediately. Creating a space where employees can communicate this is necessary. A simple idea could be to have online communications tools within their new security controls, something like a security chatbot that can guide them in their time of need.
3. Protecting the high-risk groups
Senior executives, finance staff, and system administrators are some key people in the organization that deals with critical and confidential information daily. Hence, these are the groups that certainly require regular security training to tackle their specific threats. However, the burden of responsibility should not rest on their shoulders alone. An enhanced security framework including specialized application controls and the latest hardware need to be adopted, along with a very dedicated support team.
The next wave – security and the hybrid working model
Owing to the extensive vaccination drives across the globe, the business landscape is expected to soon transition to a hybrid working model. As the workforces gear up for another wave of workplace changes, cyber attackers will identify newer loopholes and weaknesses to take advantage of.
Much organizational information is available from business social networks such as LinkedIn. While recruiters use this platform to search for talent, it is a playing ground for criminals as well. Hence, organizations should assume that attackers know a great deal about them, and not just about their business, but their people too. Hence, they need to plan their security framework in a way that they can resist any kind of threats, small or large. At a personal level too, every employee must understand the gravity of these threats and ensure utmost care and caution while dealing with work online.