By Sarah Hall
The widespread shift to remote work created a perfect scenario for cyber attackers. Workers were signing into corporate websites from personal devices without the usual firewall protections. Or they were clicking on questionable emails, hungry for any update about the global health crisis. The result: an uptick in costly data breaches.
getty
Phishing attacks rose 11%; ransomware increased by 6%; and misrepresentation cases skyrocketed 15 times from the previous year, according to the Verizon Business 2021 Data Breach Investigations Report. Plus, the average cost of a breach where remote work was a factor was $1.07 million higher than incidents where it wasn’t, according to IBM Security’s Cost of a Data Breach Report this year.
For organizations, these growing threats should trigger a renewed look at their security efforts with a goal toward building responsive, resilient and automated systems, experts say.
“It’s a technology war,” says John Asquith, ServiceNow’s head of innovation for government. “The only way, really, to fight that war is for organizations to fight technology with technology.”
“State Of Chaos”
Before the pandemic, security teams might have relied on software to identify potential threats. But, without a holistic approach to the problem, they may have fielded thousands of security alerts in a day with no direction about which incident would cause the most disruption.
They often worked in isolation, contacting IT departments weeks after a problem was identified. “It was all a very slow and manual process to actually get to someone who knew how to fix it,” Asquith says.
In many cases, those efforts focused on technology vulnerabilities, not the varying risk profiles of individual employees who might be more or less likely to fall for a cyber attacker, says Masha Sedova, co-founder of security firm Elevate Security. Yet that’s an overwhelming cause of breaches: 85% of incidents in the Verizon report were caused by human blunders such as an errant click on an email attachment that was filled with malware.
These days, individuals may be even more likely to open that attachment because nearly any topic is fair game in work email inboxes—from Covid-19 testing protocols to return-to-work policies and severance package details, Sedova says. It’s increasingly difficult for employees to discern whether a malicious actor or their human resources department is behind a message. “We’ve entered into a state of chaos,” she says.
Goal: Resilience
No silver-bullet solution can protect organizations from every cyberattack in today’s distributed workforce, Asquith and Sedova acknowledge. But, with the right processes, companies can contain the damage.
To reduce human errors, Sedova recommends gauging the risk level of each individual employee, rating them based on whether they navigate to blocked sites or don’t install the latest software patches to bolster security features. Sedova also suggests one-on-one conversations with employees about their risk levels, with less supervision as they prove themselves trustworthy.
For security teams, Asquith says, the goal should be resilience—that is, how quickly can they respond to any exposure. That requires moving away from time-consuming manual processes and toward automated solutions that connect the dots when a vulnerability or breach is identified, allowing security and IT teams to work hand-in-hand.
“It was taking months to resolve issues,” Asquith says. “If you want to protect an organization, that’s got to collapse down to hours or days at the most. It’s all about aiming to respond in real time.”
Educating employees and automating processes are key components of risk resilience.
getty
Automating The Grunt Work
A modernized security system should integrate an organization’s entire technology stack, document all current software versions and discern whether they’ve been updated with the latest patches, Asquith says. A ServiceNow study found that 57% of cyberattack victims said simply installing a patch would have blocked a breach.
That system of record, sometimes called a configuration management database (CMDB), should also identify how the software is being used to determine the extent to which an organization is exposed. Is it a rarely used back office function that will have little impact on the business if it’s down? Or, is it a customer management system that’s integral to daily operations? “If that’s the case, that’s the highest priority,” Asquith says.
Once that integrated system of record is in place, security teams must pair it with automated workflows that assess the threat level of every incident and ensure the right people are working to resolve it. Automation through machine learning and AI can help throughout the process, Asquith says, informing which issues to tackle first. The aim is to automate the grunt work so people can focus on the critical tasks that need the most attention.
“Using artificial intelligence, realistically, is the only way that organizations are going to be able to scale,” he says.
“Not Going Away”
Going forward, the need for stronger and faster security teams will only grow. Even as offices reopen, it’s likely that workforces will remain distributed. Companies will always need to manage workers accessing information inside and outside of their firewalls, Asquith says. At the same time, during the pandemic, cybercriminals have only been emboldened to prey on vulnerable systems, people and organizations.
“They have seen an opportunity to make money out of this,” he said. “They’re getting really smart at it, and they are not going to go away.”