How companies are meeting the challenge of a changing cyberthreat landscape

The pandemic changed everything in 2020, including the type of cyberthreats infiltrating organizations and the response.

"As organizations had to transform their businesses, the cyberthreats followed suit. Initially, and not surprisingly, employees working from home became bigger targets for phishing and other traditional attacks," said Brendan O'Connor, CEO and co-founder at AppOmni.

"These attacks leveraged the fact that employees were no longer in the same office and able to easily verify the authenticity of emails or other requests," O'Connor said.

While remote work isn't a cyberthreat, human behavior is considered one of the greatest risks to cybersecurity. Many employees are using personal computers while working from home, and security protocols for BYOD are largely undefined.

Security teams lack the same level of vision into these devices, which obscures network visibility. Cybercriminals know this and have happily capitalized on the opportunity.

Spam is up 6000% since March 2020 and data breaches are up 175% over the same period last year, according to an IBM study. Phishing emails have always taken advantage of the biggest news events of the moment, and none has been bigger than coronavirus.

Expect remote work to continue having an impact on current and emerging cyberthreats. Eighty percent of businesses expanded or implemented a universal work-from-home policy, and 67% said remote work will remain permanent or long term, according to an S&P Global Market Intelligence Digital Pulse survey.

Remote work continues to create new vulnerabilities, said Andrea Carcano, co-founder of Nozomi Networks. VPNs or company-issued computers offer a level of control of security protocols, but it hasn't been foolproof against preventing cyber incidents. Carcano suggests deploying technologies that give security teams full vision into network activities as another level of defense.

Security awareness training is an important layer for the risks introduced through remote work. While most employees are aware what a phishing email looks like, they may not have the same awareness of social media phishing attacks nor realize that sharing their computer with a family member creates a data privacy compliance violation.

Cyberthreats in the cloud

Before remote work became necessary, many companies were already transitioning more workloads to cloud computing. With the increase of cloud deployments, threats targeting cloud integration and management interfaces, exposed orchestration layers, and default-open system deployments are also on the rise.

"As part of the business transformation, more organizations are adopting SaaS services," said O'Connor. However, IT administrators, who have received additional responsibilities and have less time to effectively manage and secure their SaaS environment.

"This is where cyberthreats are headed today. Adoption of new technology and services coupled with lack of time and expertise by IT is a perfect recipe for bad actors," O'Connor said. "The benefit of anywhere access of SaaS application and data would seem mighty attractive to bad actors that no longer need to wade through different layers of security implemented in a typical office and data center settings."

Some organizations are trying to maximize their existing investments to secure the growing dependence on SaaS, but this approach yields limited returns, according to O'Connor. Although companies gain the benefit of familiar technology and existing policies, you also bring the reactive nature of these solutions and architecture not well-suited to maximize the benefit of cloud services.

When organizations forget to protect cloud assets, it creates vulnerabilities that can turn into a data breach. Preventing a cyber incident requires monitoring for unauthorized access and unusual user behavior on networks and applications.

"Ideally, you are continuously monitoring these deployments for threats, and acting in real time when unauthorized behaviors are detected. This is a great place for tools like cloud workload protection that constantly monitor activity," said Gavin Matthews, technical product manager with Red Canary.

Emerging cyberthreats

Some cyberthreats, like phishing, are a constant, while others slowly build in intensity as technologies change. IoT-based cyberthreats are already an issue that companies should be addressing, but as Carcano warned, industrial IoT (IIoT) is an emerging target for attacks.

IIoT is the fastest growing area for IoT, so expect threats to mirror the growth of the devices.

"An attack on a consumer gadget could be limited to a privacy issue, whereas the effect of a successful breach on a commercial device can have a significant production or safety cost. That's why it's more critical than ever for IT and OT security professionals to understand and be prepared to defend against this growing threat," he said.

Overall, the single biggest threat to enterprises today is underestimating and failing to address cybersecurity across all systems.

"In general, IT/OT and physical systems are converging and it requires a new, holistic approach to cybersecurity for effective protection against changing dynamics across the threat landscape," said Carcano.