By Hatem Naguib, SVP & GM, Security Business, Barracuda Networks
2017 has seen a lot of cyber-attacks globally and in India. Attackers are continually evolving their tactics to evade defences, and are more regularly targeting lower-level employees who might have access to sensitive information or who might have authority to approve or send payments. The level of exposure is broadening from what used to be high profile targets like big enterprises. Everybody within an organisation is to some level susceptible and at some level been held at ransom, or see other types of malicious attacks. We have seen new combinations of highly personalized tactics – spoofing your domain, impersonating your CEO, engaging in convincing conversations with your employees. It’s no longer just the large enterprises or C-suite that need to be on high alert.
Socially Tailored Attacks
Cyber criminals are able to take advantage of the fact that more and more individuals are becoming digitally connected. Due to this, attacks are becoming more common and mainstream! What we also see, is an increase of attacks using social media. As more individuals become available on social media, it becomes very easy to create a targeted socially engineered attack. These kinds of attacks are much more directed and establish a level of trust that can extract information or money from an individual at a very quick and
devastating level. Hence, we are witnessing attacks increase on both businesses and individuals, where somebody pretends to be someone they know and then request that person to transfer money or to provide important credentials. This is a very challenging form of attack as it is very difficult to dissect these types of emails.
‘Ransomware, Spear Phishing & Architecture’ - Biggest Challenges in ensuring a Secure Environment in an Organisation
There are three biggest challenges today that enterprises deal with due to rising cyberattacks. First one is Ransomware. Arguably everybody is worried about it. Our survey shows that over 70 percent of people surveyed have been hit. It is so prevalent that some of them succumb to the threat. Unfortunately, they give in to the demand rather than risk losing their precious data; because it is cheaper to deal with few hundred dollars than lose all data.
The other thing that is becoming prevalent is Spear Phishing which is a more personalised form of attack. This occurs at both the individual and company level. People who are developing this type of malware are socially engineering them. They are conscious of people online and their position in a company. They are taking advantage of this and very quickly establish a level of trust with an employee so that he or she easily provides them with financials or even personal information. This has become more prevalent these days, and its’ effect is a lot worse because people do feel the financial impact but there is also a bigger issue of brand credibility. There is a certain level of trust and credibility that comes with giving your personal information to a company when you’re an employee or a customer. That trust needs to be protected.
The third one is the distribution of services and the architecture within an IT infrastructure of an organisation. All of this distribution requires you to understand your threat and the components of the architecture available. Hence, knowing what’s available and how it is being used becomes important for your overall security strategy. We are seeing this third level of threat, where companies using cloud are not realising the things they might have on public cloud and thus are being exploited because they don’t have the right set of compliance in place. I think this is the newer area where we are seeing an increasing number of security breaches.
Tips to be Keep in Mind to be Secure in the Cloud
It is very important to make security a part of the conversation right from the beginning when moving to pubic cloud. Unfortunately, in large enterprises, security is an afterthought. This thought process needs to change. Additionally, within the security domain, there are 5 key areas that are important for customers to think about from a security perspective.
The first key area is Identity and Access. Customers need to identify and plan various factors such as accessibility to the cloud, nature of workload in the cloud, etc. It is very important to understand that context because the world of public cloud is global. Say, something that sits in a repository in one of the locations and is not secured properly in the public cloud, can be easily accessed by a person with mal-intent.
The second key area is monitoring and detection. Organisations need to know what is happening within their cloud infrastructure and track breaches or issues carefully within the infrastructure. The third aspect is protecting assets i.e. protecting infrastructure security. The fourth is data security - this entails how you protect and encrypt your data, how you ensure that it is secure, etc. And the fifth key area is, the incident response - if there is a problem that occurs what is the process that follows.
We find that these five conversations occur irrespective of public cloud or on-premise, and it really helps the customer get a context on how they should be thinking about their security in the cloud infrastructure.