February 01, 2021
Besides being marked by a worldwide pandemic, 2020 also turned out to be a year that vulnerabilities threatened the integrity and safety of people's and business' data significantly. On one side of the second semester, many contamination and deaths related to Covid-19 left a bitter taste. On the other, various cyber-attacks took place, aiming to capture and leak sensitive and valuable data.
Looking ahead to 2021, it seems that the scenario will remain relatively similar to its predecessor year. Only the vaccine and social distancing measures will effectively protect people from coronavirus. Similarly, your IT environment will only be adequately safe against cyber threats if you apply safety measures that cover people, process, and technology.
The new normal
The new normal entirely changed routines and guidelines for information security in business and home environments. Daily, companies announce changes to their work culture to implement the remote work model, – and it seems that many will extend or keep that model permanently even after the pandemic.
The main arguments to the vast acceptance of remote work are that it guarantees people's safety and improves their life quality. But have you ever considered giving the same importance and care to the data that your workers are accessing from home?
Data security
The remote work model is a solution to cut costs, continue the quarantine workflow, and improve workers' safety and life quality. However, companies have been forgetting a critical question: keeping their data protected.
Environments that are still unprotected or poorly planned for remote work are entirely vulnerable and considered easy targets to cyber-attackers. In 2020, many companies worldwide, including high-level businesses and traditional companies, suffered significant cyber-attacks.
Honda
A tweet posted last June by Honda states that "at this time Honda Customer Service and Honda Financial Services are experiencing technical difficulties and are unavailable." On the same day, production, sales, and development activities became inoperant in some countries. Later, the company declared on media outlets that it was a victim of a cyber-attack.
Specialists say that the SNAKE ransomware that attacked the Japanese corporation was created to use against Windows systems in industrial environments and targets industrial control systems (ICS) to encrypt sensitive files, something new to this virus category. Instead of being part of a class of viruses that randomly spread, it seems that this virus had its origin intentionally planned for this attack.
Kenna Security's chief data scientist, Michael Roytman, told TechRepublic that this wasn't the first time that Honda was a target of cyber-attacks. "This ICS specificity is somewhat new in the ransomware world, although variants of the SNAKE malware family have been around for some time, and mitigations exist on the detection side."
"The ransomware's infection vector is a question of vulnerability management," Roytman said. Prioritizing and remediating the right vulnerabilities and using machine learning to predict possible exploitation before the attacks are happening is one way to stay ahead of attackers and ensure this kind of compromise is less likely", continued Roytman.
Chris Clements, VP of Solution Architecture for Cerberus Sentinel, says that "Honda's statement that an internal server was externally attacked could mean that they did not take this step to prevent an attacker propagating to other areas of the organization."
"Unfortunately, many applications that organizations rely on are often not architected to support this level of segmentation, so it's possible that Honda had few other options in exposing their internal network to the internet," he complements.
How to be protected against cyber-attacks
Now that it is clear that the stakes are high and these risks can affect any organization, it's time to present five actions and solutions to protect your company against cyber-attacks.
1 Regularly back up all your valuable data (and test it regularly)
One of the best ways to protect data is by creating backups. Many companies suffer unmeasurable damage caused by information that becomes lost or exposed just because they did not regularly back up their data. And when they did, the backup was not well executed.
Regularly back up all your data and keep the data stored at least in three different locations, such as local, cloud, and offline backups. Run restoring tests and often check the integrity of the backups.
2 Update each system and software in your IT environment
Systems with any breach or defect always have their vulnerabilities explored. That's the reason manufacturers sporadically launch updates to apply corrections to their platforms and mitigate found vulnerabilities.
Facing a scenario that you have to manage many assets working outside your LAN network, native tools aren't effective against cyber threats anymore. It's fundamental to apply the newest correction and security patches available to all your systems and software as soon as possible. The risks and possibilities of attacks are much lower when they're updated.
3 Educate your workforce about cyber threats
Everyone knows that discipline and self-management are very relevant when someone works on the home office model. Well, educating your users about information security has the same importance as that.
Many cyber-attacks need some action from the user to occur, and for that to happen, they frequently use social engineering techniques. The user may receive a suspicious email message, which will tell them to deliver confidential information to an unknown contact. They can also convince the user to click on a contaminated link or do inappropriate accesses, which will later start the contamination or attack.
To avoid that, it's always nice to remember: better prevent than cure. Educate your user and provide the necessary knowledge for them to analyze emails and safely navigate the internet. That will help to avoid possible malware contaminations, phishing attempts, and ransomware attacks.
4 Ensure that your company have strong privileged access management guidelines
Many corporations adopted encrypted VPN solutions, and this tool became a luxury catwalk for cyber-attacks. To connect a corporate to a home environment using VPN it's like having your house at an avenue with heavy traffic and leaving the door open during rush hour. It's necessary to have strong walls, doors and locks to avoid unwanted guests.
On the cybersecurity reality, that means revise each rule and route configured on your system to guarantee full protection from point A to B with VPN. For endpoint protection, use efficient solutions that count with layers of endpoint detection and response (EDR) and machine learning resources to insert knowledge into your platforms.
Remember also to use monitoring tools and analyze the data delivered by them. That includes filter accesses, monitor and analyze data traffic, reviewing logs and alerts about attacks blocked.
In that way, your IT environment will be safe against any access originated from unmanaged local networks (LAN) and unspecified long-distance lines (WAN).
5 Bring IT specialists to your team
Many organizations have extremely efficient cybersecurity tools and are still vulnerable to cyber-attacks. That happens because they don't have an IT security specialist capable of managing every item we mentioned in this article.
For better results against cyber-attacks, it's necessary to count on continuous management and vulnerability analysis. Look for a cybersecurity specialist that can help you searching vulnerabilities and failures in your environment.
To execute changes and adapt your IT with safety, look for vendors that offer efficient security solutions and bring their market experience to support you in making the bests decisions.
Source: HiveCore Enterprise Solutions LLC
Looking ahead to 2021, it seems that the scenario will remain relatively similar to its predecessor year. Only the vaccine and social distancing measures will effectively protect people from coronavirus. Similarly, your IT environment will only be adequately safe against cyber threats if you apply safety measures that cover people, process, and technology.
The new normal
The new normal entirely changed routines and guidelines for information security in business and home environments. Daily, companies announce changes to their work culture to implement the remote work model, – and it seems that many will extend or keep that model permanently even after the pandemic.
The main arguments to the vast acceptance of remote work are that it guarantees people's safety and improves their life quality. But have you ever considered giving the same importance and care to the data that your workers are accessing from home?
Data security
The remote work model is a solution to cut costs, continue the quarantine workflow, and improve workers' safety and life quality. However, companies have been forgetting a critical question: keeping their data protected.
Environments that are still unprotected or poorly planned for remote work are entirely vulnerable and considered easy targets to cyber-attackers. In 2020, many companies worldwide, including high-level businesses and traditional companies, suffered significant cyber-attacks.
Honda
A tweet posted last June by Honda states that "at this time Honda Customer Service and Honda Financial Services are experiencing technical difficulties and are unavailable." On the same day, production, sales, and development activities became inoperant in some countries. Later, the company declared on media outlets that it was a victim of a cyber-attack.
Specialists say that the SNAKE ransomware that attacked the Japanese corporation was created to use against Windows systems in industrial environments and targets industrial control systems (ICS) to encrypt sensitive files, something new to this virus category. Instead of being part of a class of viruses that randomly spread, it seems that this virus had its origin intentionally planned for this attack.
Kenna Security's chief data scientist, Michael Roytman, told TechRepublic that this wasn't the first time that Honda was a target of cyber-attacks. "This ICS specificity is somewhat new in the ransomware world, although variants of the SNAKE malware family have been around for some time, and mitigations exist on the detection side."
"The ransomware's infection vector is a question of vulnerability management," Roytman said. Prioritizing and remediating the right vulnerabilities and using machine learning to predict possible exploitation before the attacks are happening is one way to stay ahead of attackers and ensure this kind of compromise is less likely", continued Roytman.
Chris Clements, VP of Solution Architecture for Cerberus Sentinel, says that "Honda's statement that an internal server was externally attacked could mean that they did not take this step to prevent an attacker propagating to other areas of the organization."
"Unfortunately, many applications that organizations rely on are often not architected to support this level of segmentation, so it's possible that Honda had few other options in exposing their internal network to the internet," he complements.
How to be protected against cyber-attacks
Now that it is clear that the stakes are high and these risks can affect any organization, it's time to present five actions and solutions to protect your company against cyber-attacks.
1 Regularly back up all your valuable data (and test it regularly)
One of the best ways to protect data is by creating backups. Many companies suffer unmeasurable damage caused by information that becomes lost or exposed just because they did not regularly back up their data. And when they did, the backup was not well executed.
Regularly back up all your data and keep the data stored at least in three different locations, such as local, cloud, and offline backups. Run restoring tests and often check the integrity of the backups.
2 Update each system and software in your IT environment
Systems with any breach or defect always have their vulnerabilities explored. That's the reason manufacturers sporadically launch updates to apply corrections to their platforms and mitigate found vulnerabilities.
Facing a scenario that you have to manage many assets working outside your LAN network, native tools aren't effective against cyber threats anymore. It's fundamental to apply the newest correction and security patches available to all your systems and software as soon as possible. The risks and possibilities of attacks are much lower when they're updated.
3 Educate your workforce about cyber threats
Everyone knows that discipline and self-management are very relevant when someone works on the home office model. Well, educating your users about information security has the same importance as that.
Many cyber-attacks need some action from the user to occur, and for that to happen, they frequently use social engineering techniques. The user may receive a suspicious email message, which will tell them to deliver confidential information to an unknown contact. They can also convince the user to click on a contaminated link or do inappropriate accesses, which will later start the contamination or attack.
To avoid that, it's always nice to remember: better prevent than cure. Educate your user and provide the necessary knowledge for them to analyze emails and safely navigate the internet. That will help to avoid possible malware contaminations, phishing attempts, and ransomware attacks.
4 Ensure that your company have strong privileged access management guidelines
Many corporations adopted encrypted VPN solutions, and this tool became a luxury catwalk for cyber-attacks. To connect a corporate to a home environment using VPN it's like having your house at an avenue with heavy traffic and leaving the door open during rush hour. It's necessary to have strong walls, doors and locks to avoid unwanted guests.
On the cybersecurity reality, that means revise each rule and route configured on your system to guarantee full protection from point A to B with VPN. For endpoint protection, use efficient solutions that count with layers of endpoint detection and response (EDR) and machine learning resources to insert knowledge into your platforms.
Remember also to use monitoring tools and analyze the data delivered by them. That includes filter accesses, monitor and analyze data traffic, reviewing logs and alerts about attacks blocked.
In that way, your IT environment will be safe against any access originated from unmanaged local networks (LAN) and unspecified long-distance lines (WAN).
5 Bring IT specialists to your team
Many organizations have extremely efficient cybersecurity tools and are still vulnerable to cyber-attacks. That happens because they don't have an IT security specialist capable of managing every item we mentioned in this article.
For better results against cyber-attacks, it's necessary to count on continuous management and vulnerability analysis. Look for a cybersecurity specialist that can help you searching vulnerabilities and failures in your environment.
To execute changes and adapt your IT with safety, look for vendors that offer efficient security solutions and bring their market experience to support you in making the bests decisions.
Source: HiveCore Enterprise Solutions LLC
