What’s preventing organisations from protecting themselves from cyberattacks?

Amidst the COVID-19 pandemic, many organizations have shifted their operations and business models to facilitate work from home for employees. However, with this transition, organizations across the globe must deal with many security challenges. PurpleSec highlights a 600% increase in cybercrime since the start of the COVID-19 pandemic, and that is alarming!  Cyberattacks are on the rise. Hackers and cybercriminals are using advanced and sophisticated technologies to disrupt enterprise data and applications. 

What are the most popular form of cyberattacks?

The sudden, unplanned, and forced work-from-home situation due to extended periods of lockdown is one of the key factors for an increase in cyberattacks. Over the last 12 months, many enterprises that weren’t well-positioned to address cyber threats have had to pay dearly—monetarily and with a loss to their reputation. What are the top cybercrimes that cybersecurity teams need to be prepared for?

Ransomware attacks

In March last year, ransomware attacks that VMware Carbon Black monitored jumped 148% in comparison with the previous month. The numbers are increasing by the day, and as per Palo Alto Networks' threat intelligence team, these attacks cost $570,000 as the average ransom amount in the first half of 2021, up 82% from 2020.

Phishing attacks

Cybercriminals are using COVID-19 themes to execute phishing attacks, and according to KnowBe4, there was a 600% surge in pandemic-related phishing e-mail attacks in Q1 2020. Many users who typed in personal credentials and passwords on malicious domains that looked genuine fell prey to these attacks. Many also became cybercrime victims due to clickbait that asked them to check e-mails for suspicious login alerts and password resets.

Cryptojacking

The rising popularity of cryptocurrency has led to an increase in cryptojacking where cybercriminals are mining cryptocurrency by unlawfully logging in to people's computing devices and servers. As per a Kaspersky report, in the first quarter of this year, 432,171 users had miners illicitly utilizing their devices. There was a four-fold increase in code changes to crypto mining malware during the period.

IoT attacks

The remote work environment is ideal for criminals planning attacks on Internet of Things (IoT) devices. A study by Zscaler reported a 700% increase in IoT malware attacks during the pandemic. As per a Juniper Research report, there will be 46 billion connected devices by the end of 2021. Considering this growing number of devices at the digital user’s disposal, IoT attacks aren’t surprising.

All of these attacks possess the potential to cause a data breach or loss of information. Enough awareness has already been created on cybercrimes, and on the other hand, there are hundreds of products out there boasting a 100% success rate in preventing such attacks. In such a scenario, what is preventing organizations from protecting themselves?

Why aren’t organisations able to protect themselves from cyberattacks?

Though chief information security officers (CISOs) and IT security experts are aware of the cyber threats and risks that their organizations could be exposed to and possible solutions to prevent them, there still are a lot of unanswered questions associated with fighting threats and countering risks.

What technologies are right for my organization?

Most organizations invest in at least 20 tools and technologies to manage their cybersecurity requirements. There is an abundance of security tools, but enterprises aren’t sure if they are spending on the right technologies and which tools would address their security challenges. A few organizations have over 50 different tools protecting their IT infrastructure and multiple vendors assisting them. 

A niche product is often perceived as a shortcut to solving a security risk or vulnerability. In the end, enterprise infrastructure has greater exposure to malware and ransomware attacks. There is increased complexity and not-so-strong security architecture with spiraling costs and operational overheads. 

There are just too many alerts, what do I focus on?

The various disparate security tools and technologies send millions of alerts. Typically, an organization sees over 10,000 alerts every day, with a majority of those alerts being processed manually. To this day, enterprises haven’t been able to capture, manage, and react to all these alerts on time. That’s a real challenge that neither security teams nor the technologies that they have deployed have been able to solve. What can they do?

Organizations should be able to leverage technology to translate millions of alerts into a few meaningful insights. IT security tools should not only detect but also contextualize, prioritize, and respond to issues with limited human intervention. When will such technologies come into the picture? Well, such all-inclusive technologies do exist but are still alien to many organizations.

Does my IT security team have the right quantity and quality of skills?

An organization is only as robust as its human cyber operators. The delivery of cybersecurity will continue to depend on people who form a critical part of cyber protection. However, the availability of cyber defense professionals has always been a challenge. These professionals are busy addressing hundreds of alerts manually—activities that can be easily automated. Furthermore, there is a gap between the skills owned by organizations and what the current cybersecurity market demands. As the complexity in the threat landscape increases, the team’s skill levels too need to grow. 

Organizations should invest in security training programs for all employees and specialized workshops for their cybersecurity teams. In addition to ensuring the right tools are available, decision makers should allocate sufficient funds for security training and encourage upskilling of their cyber defense teams.

How can my cybersecurity team cover all devices and traffic?

There are too many devices and an unthinkable amount of traffic. At the same time, there’s limited time and capacity at the cyber experts’ disposal to cover, monitor, and address all alerts and threats. If organisations were able to efficiently track all devices and traffic, detect all anomalies, and respond to or fix every threat, they would be 100% secure. However, the cost, effort, and manpower needed to achieve this would go beyond limits and that has been posing as a real challenge for organisations.

The solution: an intelligent and smarter way of dealing with the various devices. Enterprises need to understand how these machines run, the nature and purpose of data residing in the devices, the different levels of access that they require, etc. Accordingly, they need to shift the focus of their cyber defense efforts and strike a balance between cost and security. That is the real puzzle that enterprises are struggling with and need to solve.

Act now!

The remote work model is going to stay for a little longer. Considering the current highly vulnerable situation, cybercriminals are constantly hunting for information that they can take advantage of. Hence, only an understanding of cyber challenges and threats is not enough anymore. Irrespective of work locations, the size of the organisation, and where the enterprise’s critical information resides, IT teams need to be prepared. Organisations need to act smartly and have a strong incident response plan clubbed with automation capabilities and analyst expertise to protect their digital assets, intellectual property, and client and user information against cyberattacks.

The article has been written by Priya Kanduri, CTO,  Infrastructure Management & Security Services, Happiest Minds Technologies