This Forbes article sparked my interest as it crossed my desk today. For one, not many people are willing to stick out their neck to make such bold predictions as Mr. McBride did in his article. At the same time, the logic behind his prediction and his reasoning appear quite sound. The analogy of trying to break into two different types of buildings was also quite apt for describing how the best way to defend against an attack and hackers is by reducing the “attack surface”.
As we’ve written previously, COVID-19 has caused many organizations’ “attack surfaces” to be greatly increased as they grapple with the issue of enabling their employees to work from home (WFH). Although these organizations probably spent a boatload of money fortifying their corporate networks in the workplace with EDR / MDR / Sandbox / NGFW, etc., with COVID-19 forcing workers to work from home, these corporate fortifications are no longer protecting them.
From what we’ve seen we wholeheartedly agree that WFH is going to continue, even after the pandemic eases up. This is clearly evidenced by recent news where tech giants Facebook and Google asked their employees to continue WFH for the rest of the year. Canadian Universities are also preparing for and advising their students that for the 2020/2021 year, classes will be online with only labs being carried out in person. This is echoed in the corporate world with Gartner analysts forecasting, from over 74% of CFOs polled, that there is a plan to shift at least 5% of previously on-site employees to permanently remote positions post-COVID-19.
Unfortunately, organizations have been struggling to cobble systems together in order to enable WFH resources; usually starting by activating VPN features on their firewalls. Workers who were previously on secure corporate computers and laptops in their offices, now find themselves trying to make-do with their home computing devices accessing their corporate networks through unsecured home internet connections. Again, based on today’s cybersecurity practises, the key for security has always been to keep the threat landscape as small as possible. There was already and explosion of IOT and IIOT endpoints happening (to the tune of over 75 Bn devices being connected over the past couple of years and more being connected daily). Adding the effects of the current WFH trend is overwhelming security teams and is quickly exposing the fact that the Detect, Quarantine and Remediate mode of operations does not work.
As we’ve mentioned before, companies that are relying solely on an overwhelmed VPN infrastructure is a recipe for disaster. Home traffic from devices that the companies do not control is leaving them wide open for a breach. Even if they are utilizing legacy VPNs to access work networks, without security that can detect and block malware and hackers, their non-VPN traffic is left wide open to security breaches. Those companies who are trying to avoid overloading their VPNs by electing to use split-tunnelling to offload users’ internet browsing traffic are also leaving themselves wide open for hackers to get into their corporate networks. Instead of hacking the corporate network directly, hackers are compromising in a roundabout method by gaining access to WFH devices first, with the ultimate goal of accessing corporate networks through these unprotected devices.
So, why do we feel that this prediction has a good possibility of coming true? Well, current available security is not sufficient. Although some VPN solutions enforce “security checks” on devices, this enforcement is static; they can discover vulnerabilities on the system while scanning but do not actually prevent traffic-borne malware at the endpoint. On the more stringent end of the spectrum, although some organizations are mandating that their WFH employees install sophisticated endpoint detection and response (EDR) solutions, which would enable IT staff to treat home assets similar to business assets, this is defeated again by the fact that the home network security setup is typically far from the level of the fortified corporate fortress; and often times non-existent. Although we may see Mobile Device Management (MDM) approaches trickle down to WFH devices, where they may be partitioned to support business usage, when it all boils down, the issue really becomes traffic malware detection.
As the Forbes article mentions, the alignment of all of the issues that COVID-19 has opened up is a “dream come true for cyber criminals”. Hackers have stepped up their games and quickly started crafting COVID-related malware that would prey on individuals’ fears, tricking them into clicking on links that purported to provide information on how they could protect themselves during the pandemic. With targeted phishing attacks on employees who are WFH, and who are prone to distractions from having to WFH, hackers are finding it easier find cracks in corporate security armour. They only need to “gain access through one entry point to seize control of a whole network. Once they’re in they can steal data, secrets, and even lock you out of the network.”
To make matters worse, hackers have been targeting those organizations whose resources are already stretched thin trying to battle the pandemic on the front lines. As of this past week, it was reported that healthcare insurance giant Magellan Health was the victim of a ransomware attack and data breach. The attack resulted in temporary system outages and exfiltration of confidential company and personal information. With the company under “immense strain as it attempted to meet the demands onset by the COVID-19 pandemic”, hackers were just waiting for the optimum time to strike and cause most harm.
Back to the Forbes article, it was noted that over the past couple months, hackers have targeted the US Department of Health and cyberattacks against the World Health Organization (WHO) have more than doubled. Intelligence reports also revealed that coronavirus-related cyberthreats have increase by 600% between the months of February and March with no abatement in sight.
Hence, based on current trends, and current approaches to security, the prediction looks very likely to come to fruition. So, if it is no longer a case of “if” but “when”, how do organizations try to protect themselves from being part of that largest cyberattack in history? How can they try to minimize their “attack surfaces”, even though WFH requirements have basically left them wide open and vulnerable? Well, if you don’t want your organization to become part of the statistics, you should look into the Wedge Absolute Real-time Protection (WedgeARP) Secure Home Office and Secure Remote Office solutions that are helping organizations greatly reduce their attacks surfaces during this time of growing WFH requirements.
With our “Detect and Block” approach that underpins the WedgeARP platform, we espouse a proactive instead of reactive way of dealing with malware. Wedge’s solutions are cloud-managed, on-premises or cloud-enforced security services offerings that provide a vast array of optimized Security-as-a-Service (SECaaS) features to enterprises and those working from home; enabling effective security solutions for any cloud-connected computing devices. WedgeARP provides real-time threat protection for all types of endpoints in different types of networks (mobile data, 5G, SD-WAN, SASE, and smart-city/IIoT). It enables situational awareness for the entirety of managed networks, with security event tracing, rapid response, centralized policy management, reporting, and analytics; all of the things that the legacy VPNs are missing. To find out more about how this solution can help reduce your organization’s attack surface, contact us at: info@wedgenetworks.com.
For those organizations who already have a VPN infrastructure in place, WedgeARP can be easily deployed into their VPN Cloud to protect all connected systems and devices. For those organizations who have not yet implemented a VPN infrastructure, Wedge provides professional services to help quickly set up remote offices with Microsoft Azure vWAN, secured by WedgeARP.
Although it seems that Mr. McBride’s dire prediction looks very likely to come true, we believe that by incorporating solutions such as WedgeARP Secure Remote Office and Secure Home Office into your organization’s WFH infrastructure it may give you the chance of stopping “The Largest Cyberattack in History”. Don’t be a victim. As Benjamin Franklin once wrote,”An Ounce of Prevention is Worth a Pound of Cure”.
Main Website Links
Wedge DCI Search
Wedge Calendar
-
Recent Posts
- Wedge Networks Presents at the Canada Trade Mission to the Indonesia and Philippines
- Wedge Networks announces the general availability of WedgeARP v3.3
- vKey and Wedge: Protect and Extend Device Life in an Education Environment Webinar
- Wedge Networks Inc. Selected for Government of Canada Innovations Direct Buy Program
- Prevent the Rooting of Rootkits: The Critical Role of Real-time Threat Prevention
Recent Comments
- Ram Bathala on Calgary’s Wedge Networks Looks to Channel for Enterprise Push with Malware-Blocking Product
- Eva on Milliseconds Versus Minutes – The Difference Between Prevention and Remediation
- Smithb on Wedge Adds AI for Better Malware Blocking
- Abram on Wedge Joins MEF to Boost World’s Third Network Security
- David Millar on 5G & IoT Dominate MWC16
Archives
- December 2024
- November 2024
- June 2024
- March 2024
- February 2024
- December 2023
- October 2023
- June 2023
- May 2023
- February 2023
- January 2023
- November 2022
- September 2022
- August 2022
- July 2022
- June 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- September 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- October 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- March 2018
- February 2018
- July 2017
- June 2017
- May 2017
- April 2017
- February 2017
- November 2016
- October 2016
- September 2016
- May 2016
- April 2016
- March 2016
- February 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- June 2015
- May 2015
- April 2015
- March 2015
- December 2014
- November 2014
- October 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- April 2013
- November 2012
- October 2012
- September 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- June 2011
- May 2011
- February 2011
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
Categories
Meta
Kaspersky ThreatPost
- Student Loan Breach Exposes 2.5M Records August 31, 2022
- Watering Hole Attacks Push ScanBox Keylogger August 30, 2022
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms August 29, 2022
- Ransomware Attacks are on the Rise August 26, 2022
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras August 25, 2022
- Twitter Whistleblower Complaint: The TL;DR Version August 24, 2022
- Firewall Bug Under Active Attack Triggers CISA Warning August 23, 2022
- Fake Reservation Links Prey on Weary Travelers August 22, 2022
- iPhone Users Urged to Update to Patch 2 Zero-Days August 19, 2022
- Google Patches Chrome’s Fifth Zero-Day of the Year August 18, 2022