September 16, 2020
As digital transformation continues to pick up steam, companies need to be aware of the significant security implications at hand.
For most businesses, one of the most noteworthy aspects of the current pandemic has been its impact on digital transformation. Businesses across all sectors have been forced to pivot and embrace digital operations. For some companies, digital transformation has merely involved a shift to remote offices, with employees moving to virtual desktops, video conferencing platforms, and cloud services. Yet, for many companies, the current world situation has required an even bolder leap into digital markets. For example, MGM Resorts International is now making a pivot into online sports gambling, as they look to recoup lost profits and cater to customers who can’t make it into physical casinos.
As digital transformation continues to pick up steam, companies need to be aware of the significant security implications at hand. Digital transformation is permanently changing the way that companies communicate with workers, partners, and customers. Three critical security issues are emerging as the way we live and work changes. Across the globe, we’re seeing an increased reliance on virtual interactions; more vulnerable end users; and outdated network architectures.
1. Increased Reliance on Virtual Interactions
The pandemic has led to widespread brick and mortar closures, forcing non tech companies to digitize to survive. For example, many regional retailers have all been forced to update and expand their online shopping strategies, to protect their market share and compete. Unfortunately, many smaller organisations — like small restaurant owners and retailers — are now in over their heads. One issue that businesses are facing is that customers are increasingly moving to virtual hubs to make transactions. As a result, companies are at increased risk for threats like distributed denial of service (DDos) attacks, which can lead to lengthy bouts of downtime. Sustained DDoS attacks, after all, can sometimes last up to 24 hours. It’s one thing for a large enterprise to be knocked offline for this long, It’s quite another for a small to medium-sized business to go 24 hours without internet, especially during busy times.
It should be noted that DDoS attacks remain a top cybersecurity threat heading into 2H20. By the end of 2019, as many as 167k DDoS attacks were detected, for a total of 437k TB of traffic. This was a 30% YoY increase. And about 170k IoT devices were found in DDoS attacks last year.
Enterprises can protect against large-scale DDoS attacks by “scrubbing” or cleaning IP traffic before it reaches the network. This typically involves routing incoming network traffic to multiple data centres, so that DDoS attacks can be filtered and eliminated. Filtering separates legitimate traffic from false traffic and is done as close to the attack sources as early as possible — shielding the organisation from getting overwhelmed by malicious data packets.
However, it’s important to keep in mind that routing traffic to thwart a DDoS attack can add extra time for data to transit the network, which can also negatively impact business operations. As such, it’s import-ant to use local scrubbing centres located at key peering hubs around the world where large volumes of traffic are exchanged.
2. Vulnerable End Users
One of the top reasons why many organisations have been nervous about allowing remote workers is because end-user behaviour tends to change on home networks. Staff members tend to become more relaxed about security when working from home, using insecure devices, running programs, and downloading files that may otherwise be avoided in a private office environment. In fact, many home workers don’t even run network security assessments, and use networks that are insecure — increasing the attack surface exponentially for the business that’s using the network to transmit sensitive data.
Cybercriminals are aware of this vulnerability and are actively targeting users over insecure networks via email. Google alone, for instance, has discovered hundreds of millions of daily spam messages related to COVID-19. The industry has seen a major uptick in phishing attempts, which mimic a “Trojan horse” approach to luring unsuspecting victims into opening emails that they think are safe, but in fact carry malicious payloads. Businesses need to try and minimise the chance of data loss from targeted email attacks and are strongly encouraged to use cloud email protection services, which leverage advanced threat intelligence data and machine learning engines, as well as URL protection, and forged email detection services.
3. Outdated Network Architectures
Organisations also need to update their remote network infrastructure and migrate away from the traditional combination of leased lines, and VPN-based structures to flexible software-defined wide area networking (SD-WAN) setups that can provide dynamic security management. SD-WAN can reduce infrastructure costs and provide the required flexibility to build or tear down sites in a short period of time— making it faster and easier to provision network services to remote users.
One of the most important things to consider when deploying SD-WAN is that it can be much riskier running traffic over the public internet, versus a private carrier MPLS network. The public internet poses much greater levels of exposure to bad actors and malware. Allowing SD-WAN devices to access the internet directly with its limited onboard security protection is not adequate to protect enterprise assets behind it, so extra protection is needed. The best way to fortify SD-WAN outside of a private MPLS environment is to leverage an advanced managed firewall or cloud security solution, which incorporates a variety of advanced security functions, such as sandboxing, application control, intrusion detection and prevention (IDS/ IPS), quarantining, and web filtering.
This article in its original form was published in the August/September 2020 edition of SAMENA Trends.