In the world of cybersecurity, security defenders have to look far ahead to outpace the speed of business, technology, and cybercrime innovations while also keeping active threats at bay. In a year that has seen the most dramatic changes to business operations in recent memory, maintaining a strong cybersecurity posture is no easy feat.
These changes are mostly driven by a rapid shift to work-from-home models, which are truly testing companies' tolerance for risk. Businesses of all shapes and sizes are now leaning on technology more heavily than ever before. Unfortunately, many of the security guardrails normally in place have fallen by the wayside in the process - and criminals are waiting in the wings to take advantage.
In fact, times of chaos and uncertainty are when cybercriminals thrive the most - from attempts to trick individuals working under stress into clicking malicious links, to looking for open doors into companies' networks introduced during the rapid deployment of new tools for remote work and operations.
Today, businesses are facing many of the same challenges that they've been addressing for the last decade - just at greater scale and speed. Now is a critical time for organisations to re-evaluate security strategies to ensure they have visibility across their IT infrastructure, understand and prioritise the most critical threats, and have comprehensive plans on how they respond to cyberattacks in a way that works for today's new normal.
Protecting New Tech Frontier
As new technologies are being adopted at a breakneck pace, the traditional IT landscape that security teams are charged with protecting has grown exponentially more complex and dispersed. There's no question that the future of business operations is digital - and increasingly, cloud-based apps and infrastructure are the foundation of that shift. Companies spent $31 billion on cloud computing services between January and March of this year, up 34 per cent compared with the same period in 2019.
The ease at which new cloud tools and resources can be deployed can create a wild west of broad and distributed resources, which can be harder to centrally monitor and secure. Individual employees introduce the element of human error into the equation, and as new cloud-based apps and infrastructure become easier for anyone to deploy, opportunities for misconfiguration or introducing vulnerable applications become a major concern.
Overall, 86 per cent of records compromised last year were due to misconfigured cloud servers and other improperly configured systems - that's nearly 7 billion records exposed due to common mistakes, which often could be avoided through following proper policies and checkpoints.
With employees now working from home - often from personal devices or without new security policies or technologies in place - the opportunity for attackers to take advantage of human error is more present than ever.
Staying Ahead of Emerging Threats
Cybercriminals have never been known to let a crisis go waste - and the fear, uncertainty, and rapid business shifts taking place during the pandemic created the perfect storm for attackers to capitalise on. Phishing attempts, which lure individuals into clicking malicious links to steal work credentials, are the primary way attackers gain initial access to systems.
Beyond just leveraging the latest crisis as a guide for phishing, cybercriminals are also constantly evolving their techniques to target emerging technologies and to avoid security defences. Ransomware is an attack vector that has grown around 70 per cent in recent years, and these attackers are innovating new ways to break into networks and hold critical company systems hostage. Ransomware is an industry agnostic threat, impacting everyone from local governments to retailers, financial services, and critical infrastructure suppliers. To defend against these attacks, it's essential to have the right data and recovery plans in place - yet many companies have still not evolved their security response plans to account for this breed of attack.