Worst cybersecurity strategies and how we can overcome them

 

Towards the end of March 2020, almost all businesses across the globe had enforced remote work policy. And as governments are easing the social distancing rules and restrictions, some organizations have gradually reopened over the last few weeks. However, the pandemic has clearly had an adverse impact on small businesses and large corporations alike, and business leaders are not aiming for a quick comeback. Whether they have decided to resume work from the office or extend the remote work policy to 2021, companies in various sectors are strategizing for a transformation in the way they work and communicate. 

Cybersecurity witnessed a dramatic change during the last couple of months and unsecure remote workforces have forced organizations to recognize the importance of cybersecurity preparedness. Cyber attacks have increased multifold since the Coronavirus outbreak where cyber criminals preyed on an unready, unaware workforce. There has been a spike in the number of phishing attacks and malware, ransomware campaigns. So, as more organizations plan their comeback, hopefully every company’s plan and strategy prioritizes information security. It is also important that organizations steer clear of any security blunders that could cost them their reputation and financial standing. 

In this article we list some of the worst cybersecurity practices and strategies that could be detrimental to your organization, and compare them with alternate solutions and best practices.

 

Achieving 100% security vs. Minimizing risks

Although 100% security might sound like the perfect answer to emerging threats, it is likely that an entirely secure system is possible only when it is disabled. So the best alternate solution is to identify technological and financial resources your organization can spare, and minimize the risk of incidents that may occur. Simply being aware of this can help you build a better strategy of detecting the threat, establishing a mechanism to respond to the threat or prevent it, thereby minimizing the impact of the threat. It is also essential to understand the various attack vectors that actors use to infiltrate your organization, and to allocate available resources to address all these threats.

 

Lax with security updates vs. Regular software fixes

Security vulnerabilities are found on a daily basis and developers release patches frequently. However, businesses that have integrated such software usually fail to apply these patches and update the software. This could be because of stretched resources or lack of awareness. Harmful software vulnerabilities can create a security weakness/ holes which allows attackers to exploit and infect your systems, gaining access to your sensitive, personal information. The solution to this is a dedicated IT team to ensure that network and software are updated regularly. 

 

Pursue attackers vs. Prevent attacks

Attackers, these days, are pretty sophisticated and are quick to come up with new technologies that enable them to hack into your systems. Staying ahead of these actors is critical to save your organization from the humiliation and loss the attacks could cost you. This is why it is important to take proactive measures to prevent attacks and outrun cyber criminals, instead of pursuing them. Organizations should also be aware of the implications of a possible attack and should be able to defend their valuable assets. 

An assessment of the following attack vectors and technologies that could assist you in avoiding attacks altogether. Employees form a major part of the threat vector, thus making it important to keep them aligned with the organization’s cybersecurity practices.

  • Security vulnerabilities
  • Firewall settings
  • Anti-malware and anti ransomware technologies
  • Data egress points
  • Creating awareness among employees 
  • Training them to combat social engineering tactics
  • Practice good internet hygiene

 

Weak passwords vs. Password management programmes

Despite the increasing number of cyber attacks most users tend to fall back on weak or easy passwords, sometimes reusing the same passwords for multiple accounts. An online security survey by Google indicates that 52% respondents reuse the same passwords for several accounts. The Ponemon research, “The 2019 State of Password and Authentication Security Behaviors Report,” reports that 69% respondents have shared their credentials among colleagues. Also, 57% respondents have not changed their passwords even after enduring phishing attacks. Which also means that they have not considered alternate solutions such as Password Manager. 53% respondents mentioned that they rely on memory to manage their credentials. 

Password Managers assists users in memorizing passwords of all their accounts, for which the users simply have to remember the master password of the Password Manager. Password management programmes will also generate random, strong passwords when you create a new account. Organizations should also make sure that the access to company-related documents and software is limited. Password Managers also support two factor authentication methods, which adds an extra layer of security. 

 

Assume you’re not a desirable target vs. Prepare for the worst

Although it is true that cyber criminals target popular brands and companies, companies that are part of any industry are vulnerable to cyber attacks regardless of its size. In fact, small businesses are soft targets, considering the lack of resources allocated to protect their systems. Data breach of any scale is significant and the ramifications can be devastating. Privacy, data breaches can cost you more than a financial loss, it can tarnish your reputation and leave yourself wide open to lawsuits and legal action. 

Therefore, it is important for organizations to gear up against emerging cyber threats. Companies should resort to cyber threat monitoring solutions such as CloudSEK’s XVigil, to detect and prevent undesirable actors trying to target your security posture.

 

Using public Wi-Fi and unknown devices vs. Network Security

Unauthorized access to your computer network can lead to several forms of attacks such as Man-in-the-middle attacks, malware delivery, snooping, sniffing, breaches, etc. A major concern regarding public as well as home Wi-Fi is unencrypted networks which exposes your online activities to hackers. Similar is the case with unknown devices and unsolicited software. The use of such devices and software opens the door to malicious actors looking to abuse your systems. 

Establish a secure network and secure communications (SSL connections) over the network, and also make sure to log out of all your accounts once you’re done using them. While on a public network avoid accessing any sensitive information, including PII, addresses, banking information, etc. 

 

Coronavirus has brought about an extensive change in the workplace and in the way we work. Technology will surely have a significant role to play in all of it. Meetings, conferences and collaborations are increasingly conducted over the internet, adapting to a more decentralized organizational structure. These changes can also contribute to an undesirable impact on cybersecurity. When organizations are busy building contingency plans to accommodate COVID-19 into the way they work, we hope their plans won’t fall short of cybersecurity strategies.

Shadow IT

What is shadow IT and how do you manage shadow IT risks associated with remote work?

With cyber threats on the rise, and the recent implementation of remote work across businesses and organizations, in-house IT teams are struggling to preserve their security posture. Furthermore, an increasing number of employees are using applications, hardware, software, and web services that their IT departments are not aware of. A Forbes Insights survey found that more than 1 in 5 organizations have experienced a security incident due to shadow IT resources. 

Amidst the COVID-19 crisis, with entire workforces confined to their homes, the use of personal networks and devices is growing rapidly. This allows employees to install or work with external applications and infrastructure that complements their skills and/ or requirements. While this may improve employee productivity, it exposes employees and their organizations to a wide range of cyber threats. 

 

What is Shadow IT?

Shadow IT refers to the use of diverse Information Technology (IT) systems, devices, software, applications, and services, without the authorization of IT departments. Although shadow IT enhances efficiency, it also subjects users and their organizations to heightened risks of data breaches, noncompliance issues, unforeseen costs, etc. 

Microsoft 365, work management apps such as Slack, Asana, Jira, etc., messaging apps like Whatsapp, cloud storage, sharing, and synchronisation apps such as OneDrive and DropBox are the most common examples of shadow IT. Obviously, these applications are not inherently threatening, and are usually installed with the best intentions, but they tend to endanger the overall security of the organization, in the event of misuse or negligence.

 

What are the different forms of shadow IT and which is the most popular one?

Users employ various forms of shadow IT applications and services. Broadly, they can be classified as:

  • Hardware: Personal devices, systems, servers and other assets.
  • Ready-to-use software: Adobe Photoshop, MS Office, etc.
  • Cloud services: Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) services.

While users subscribe to various IT services that are not administered by their IT departments, the most common form of shadow IT are SaaS-based cloud services. SaaS based applications are gaining popularity across workforces, regardless of the industry or sector. This is because, such publicly available applications, often outperform on-premise applications and infrastructure. 

 

Why do employees prefer shadow IT?

A research by the Everest Group found that shadow IT accounted for 50% or more of the IT spending in large organizations. So, dismantling shadow IT means, organizations have to devote more funds to build and maintain approved applications and infrastructure. However, employees prefer external applications even with the availability of in-house applications, simply because they are comparatively sophisticated. 

Here are some common reasons for employees opting for shadow IT solutions:

  • Efficiency and agility

This is probably the most common reason behind the increasing use of shadow IT. Users employ external IT resources to produce better results. Also, because it makes work pretty easy. Latest research by Entrust Datacard reported that 77% of the surveyed IT employees believed that organizations could be frontrunners if they were successful in meeting the shadow IT needs of their employees. 

  • Inadequate coordination

Poor communication and coordination between various teams and the IT department is not conducive for productivity. Therefore, it could cause employees to choose shadow IT over onsite software and applications.

  • Inconsistency

If customers’ programs cannot be integrated with the organization’s systems/ software, employees may resort to using external services for better results. 

  • Readily available tools

Clearance from the IT department could be time-consuming. So, when the necessary software, service, or hardware is readily available, and is compatible on any device, naturally employees would choose to use them. 

 

What are the potential risks associated with shadow IT?

 

Security

On the subject of employees using shadow IT, security is definitely the principal concern. As IT departments are not aware of certain applications that employees use, it would be impossible for them to provide security updates and patches, or test the newly adopted applications. Unpatched vulnerabilities can cost organizations a fortune, such as in the case of Maersk in 2017, when hackers exploited their computers because it lacked the latest Microsoft security patches. This incident cost Maersk over $200 million in lost revenue. 

 

Data breaches, leaks

Shadow IT applications that support file sharing, storage, and collaboration are prevalent among employees of every organization. As effective as they are, they can cause data breaches and leaks. Since IT departments are not familiar with these additional software deployed on its network, they eventually lose control over the organization’s data. In 2018, Gartner predicted that in 2020, one-third of successful attacks that target organizations will be through their data located in shadow IT resources and shadow IoTs. 

 

Non-compliance and violation of regulations

If and when organizations fail to conduct risk assessments and take preventive measures with regard to unauthorized applications, it could burden them with severe sanctions for non-compliance. These actions also risk violating regulations such as HIPAA, GDPR, etc. On becoming aware of such shadow IT applications that are in use within the organization, they are forced to conduct a separate security audit which results in unforeseen costs. 

 

What can organizations do to avoid these risks?

 

  • Regular monitoring of networks and vulnerability scanning

Monitor your organization’s network continuously for any shadow IT applications. And scan such applications along with other in-house assets for vulnerabilities that could expose your organization to cyberthreats. Ensure to install the latest updates. 

 

  • SaaS Management

The IT department could set up a system of SaaS Management or simply Software Asset Management, to keep track of all the applications used within the organization. 

 

  • Internal monitoring tools

We would also encourage organizations to leverage digital risk monitoring tools such as CloudSEK’s XVigil. XVigil helps to detect data leaks, pertinent to the organization, caused by shadow IT, early on. Giving you sufficient time to address these issues, before it affects your security posture.

 

  • Train employees

Security/ IT teams should create awareness among employees. This could also give you an idea of the various shadow IT devices, or applications that your employees use. While security/ IT teams are on it, they may also want to educate employees on the different types of data that they deal with and the responsibilities that come along with it.

 

  • Address employees’ technology needs

Organizations should address employees’ technology requirements, to eliminate the need for external applications. Employees often cite long approval processes and delays in acquiring sanctioned applications, as reasons for adopting external solutions to meet their immediate needs. 

 

  • Prepare a list of usable applications or devices

Keeping in mind that not all applications or devices pose a threat, organizations could prepare a list of approved applications/ devices and encourage employees to use them.