The need to keep businesses running while also keeping the workforce safe during the pandemic, has compelled organizations to quickly adapt to remote working, bringing with it previously nonexistent security vulnerabilities. Cybercriminals immediately started taking advantage of the situation resulting in a jump in cyberattacks since early 2020.
The accelerated shift to a digital environment is here to stay, with many organizations continuing with a hybrid onsite/remote working team. This digital shift has also changed how organizations, third-party providers and customers interact. Reviewing and updating an existing cyber strategy is therefore important.
In a bid to help mobilize a remote workforce, many organizations shifted from inhouse hosted applications to SaaS based models. While this reduced the need for monitoring internal servers, it enhanced the need to monitor the usage of cloud resources. As an example, it is important to identify and monitor non-active accounts, which are often prime targets for cybercriminals.
Some important points to consider:
- Inventory and Control of Software Assets: With team members working remotely, it is important to actively manage all software installed on company assets. By monitoring software, unauthorized or unmanaged software can be detected, thereby reducing risks and vulnerability to cyberattacks. In addition, it is important to keep track of the versions of software being used, thereby reducing the risk of software vulnerabilities.
- Account Monitoring and Control: Having visibility into account lifecycle management is important as it helps keep track of active, inactive, unused active accounts and more. It also provides visibility into brute force attempts on accounts. Compromised accounts are the reason for many of the successful cyberattacks on organizations.
- Management of cloud instances: The rapid migration to the public cloud (e.g., AWS, Azure, GCP) requires monitoring of all cloud instances, managing access, detecting vulnerabilities and more. While basic monitoring services are provided by cloud providers, organizations would be prudent to deploy an enhanced cyber strategy to keep their cloud instances secure.
- Cybersecurity awareness training for employees: Providing cybersecurity awareness training to employees goes a long way to keeping users alert to suspicious activities and attack attempts. Employees should also be made aware of the need to maintain data hygiene. For example, promptly installing software updates to reduce software vulnerability issues.
Assessing and Handling Vulnerabilities
With employees working remotely in less secure environments, security teams had to quickly assess the situation and adapt to the changing technology environment. This included updating technology stacks, access controls and security training for employees. Security teams would also be prudent to bring in cybersecurity experts to conduct an assessment and detect any existing vulnerabilities that need to be addressed.
Get the Help you Need for the New Normal
Ransomware attacks and cyberattacks in general are increasing in frequency and the loss of reputation and financial risks are high. With the continuous evolution of advanced persistent threats, it can be difficult for organizations to gauge how well they are protected. Leveraging a holistic security management solution that can be customized to align to an organization’s security needs would be a good strategy. It will help operationalize the critical security controls needed to protect from advanced persistent threats. Having a solution that can also meet with audit, regulatory and compliance requirements would be an added advantage. Hybrid working environments are the new normal and organizations need to quickly adopt a more pragmatic approach to cyber security to maintain their resilience against advanced threats.
Want to learn more on how to be better prepared?
Reach out to the cybersecurity experts at ProtechSuite to understand your level of preparedness and see if they can help.
An Article by
J-SAS Inc. ProtechSuite, August 27, 2021