Antivirus programs based purely on signatures of known threats? This can be considered the medieval age of cybersecurity. Today’s digital space requires advanced protection through exploit methods and running suspicious files in an isolated environment. To access the inside of the network, it is necessary to choose a secure VPN connection. Multi-factor authentication at login is already used as standard. However, the following still applies: the Zero Trust approach, authentication and the need to access strict identity management and governance policies.
But what about the old familiar ransomware, data backup or innovations such as artificial intelligence or IoT (Internet of Things)? While they increase productivity, they are still more used in attacks on other devices on the network. Take a look at the new and old challenges in business and home security.
The year 2020 has brought many changes to working life. Intertwined with the pandemic crisis are the necessities for working from home. This has brought new challenges for companies, especially in the area of cyber security.
In the case of working from the office, the company has oversight of most of its digital assets. It controls access to the internet when it is able to use a perimeter firewall with nextgen functionality to control employee access to internet services, thus partially protecting itself from threats.
However, in the case of teleworking, the protection functionality must be pushed to the employees’ end devices. And endpoint protection can no longer rely on traditional antivirus programs. Therefore, it is more than necessary to provide more advanced protection based on sophisticated solutions. These include, for example, various explitation methods and running suspicious files in an isolated environment, so-called sandboxing.
The employer must also make the necessary services available to employees from the internal network or from the cloud. To access the internal network, a secure VPN connection must be selected.
Multi-factor login authentication is standard. In the case of using services from public clouds, it is recommended to increase data protection, for example, by deploying CASB (Cloud Access Security Broker) technology, which is able to detect suspicious access and manipulation of data stored in the public cloud.
Secure identification via Zero Trust
The aforementioned transition to the home office is also leading to an expansion of the possibilities of so-called attack vectors. So what to protect and from whom? The answer lies in taking stock of a company’s assets and then analysing the risks, as well as an approach called the “Zero Trust Network”.
The idea is to trust no one, authenticate everyone, and require strict access control and identity management policies. Enterprise Management Associates (EMA), an analytics and consulting firm, defines this approach as a network security model that minimizes risk by using detailed policies and controls for network access and for network communications.
Zero Trust requires the introduction of micro-segmentation and the allocation of access rights to assets based on user identification, location and other relevant information to determine the trusted user, device or application.
It is based on the use of multi-factor authentication, Identity Access Management (IAM), orchestration and encryption at different levels of access rights to systems and files. It very strictly requires a security approach and users must be assigned the rights they need to perform their work.
Ransomware attacks are multiplying. What to do about it?
Ransomware has become perhaps the most well-known cyber security threat. It is a type of malicious code whose primary task is to encrypt stored data and then demand a ransom from the attacker for providing the decryption key. The most notorious attacks on international companies such as UBER, Garmin and Maersk will have come to your attention.
In these types of attacks, hackers are very well organized. They share information with each other and have sophisticated internal structures. It is even possible to buy a ransomware attack as a normal service, called RaaS (Ransomware as a Service). This means that a potential attacker no longer even needs to be particularly technically proficient for the chosen target.
The way to protect against extortion and data loss is to back up your data properly. The problem is that data is also leaked before it is encrypted. Ransomware attackers hold stolen data and threaten to release it without paying a ransom. In many cases, this is data under GDPR protection, which can have other unintended consequences for organisations.
The basic protection against this type of attack is the user himself, who is aware of the risks of opening spam and phishing attachments. The latter requests sensitive information from users via spoofed sites. Consequently, security mechanisms need to be applied to eliminate ransomware attacks.
Artificial intelligence in the process of protecting against attackers
Modern security systems to protect against cyber-attacks already routinely use both machine learning (ML) models and artificial intelligence (AI) to detect suspicious events. Watch out here! Because working from home means expanding to a larger and more vulnerable space, and also to a lot of unusual user behaviour. This can lead to a large number of false detections, so-called “false positives”.
The given risk factors can be eliminated by using “deception” technology, which is better known as honeypot. It is based on the principle of deploying fake databases and servers into the environment, acting as traps and decoys for attackers.
Artificial intelligence and machine learning are used to manage those systems and to evaluate incidents and attacks that fall for those traps and decoys. Using honeypots, a large number of attackers and their methods can be captured and can then be used to model their behavior.
Artificial intelligence is also used, of course, on the attackers’ side. A large amount of modern malware tries to recognise the environment it is in, the sandbox or the hardware. In this case, it is a rivalry between two networks or systems that are trying to deceive each other.
Extraordinary danger IoT Devices
The number of devices that are connected to the internet is increasing. In the home, we can talk about voice assistants, cameras, televisions and, increasingly, kitchen appliances. In the corporate environment, these are mainly sensors for measuring various physical quantities such as time, luminosity or temperature.
IoT (Internet of Things) devices pose a particular risk. Often, the world of conventional IT and IoT devices are interconnected, with security an afterthought. It also happens that support is not provided by the manufacturer in the event of security vulnerabilities being discovered. This can result in IoT devices being exploited by an attacker as an entry point to attack other devices on the network. There are known attacks where different IoT devices have been used in distributed denial of service (DDoS) attacks.
Many organizations are introducing IoT devices into their organization without treating the emphasis on IoT selection throughout the process. Because of this, they often have only a vague idea of their quantity and status in the company’s overall infrastructure. It then happens that many devices connect directly to the Internet, including, for example, IP cameras. Another problem is sending data via IoT devices, as a large percentage of transmissions are not encrypted.
IoT devices should also be part of regular vulnerability scanning through automated tools designed for this purpose. They should be separated from other systems and classified in the network using segmentation. At the same time, their communication should be allowed only to the necessary systems and only using well-defined protocols.
IoT security must therefore be addressed in the procurement process, especially with regard to support in the event of security risks. It is necessary to have a detailed overview of all deployed IoT devices in the company, connected to the network. Of course, it is essential to update them regularly.
