The move to working from home and increasing remote access to corporate systems over the last couple of years has increased the potential attack surface for malware and general IT attacks against systems. The FBI has reported a significant increase in attacks, particularly ransomware. That has prompted, in turn, a heightened awareness of the need for better IT Security to counter the increasing frequency and ferocity of the old favourites and new attacks.
One area that has seen a particularly large increase in activity is fraud, both the theft of financial information and of intellectual property, often through phising attacks. Ransomware has become a particular worry. In both the commercial and home sectors.
The $100,000 question is, given that things are now slowly returning to normal, should we expect a slow-down in general malware exploits, or not. The answer is critical to our future IT Security strategy.
New IT Security Attack Surfaces
Even prior to the lockdowns and other pandemic control measures, the shape if IT infrastructure had been changing. Corporate systems had been migrating to the Cloud. Individual users had been increasingly using mobile devices to reach work and play websites because of the increasing availability of cellular and WiFi connectivity at home and in public spaces. Social Media was becoming a key player in marketing strategies.
The pandemic in 2020 accelerated these trends. Corporates moved to e-commerce and individuals increasingly used online shopping and home delivery sites. Workers began to work from home using remote access to corporate systems and teamwork management and communications systems such as Asana and Zoom.
The use of the Cloud and remote access opened new potential areas for hackers to exploit:
Insecure remote equipment
BYOD and cost pressures mean remote users use whatever equipment they have to hand to connect. In the past, IT could control the equipment and its anti-malware status. This was no longer possible. Even if implemented, the anti-malware apps on smart devices like tablets were in general were not industrial strength.
Some networks were prone to man-in-the-middle attacks, or general sniffing of the data transmitted over them. A VPN with encryption could go a long way to providing much-improved security but was not always implemented correctly.
The need to implement new systems in a hurry, and to manage costs often meant outsourcing to managed service providers (“MSP”) who supplied cloud infrastructure. The links to the MSP could be vulnerable, and it could be a risk to rely on the MSPs security measures.
Hybrid clouds, using dispersed public and private cloud resources increased the potential areas of vulnerability.
Insecure IoT devices, particularly in a manufacturing environment
Many IoT devices are based on Android or proprietary operating systems, and in general, do not have mature anti-malware protection. If an IoT device was accessible from outside the organisation, it could provide a back door into corporate networks and systems
AI is increasingly used to probe corporate defences and as a weapon in developing new threats. This is potentially the area of highest risk.
Finally, people are still the greatest threat to corporate security. They click on phishing email links, they bring malware in from home on removable storage. They upload corporate information to online storage like Google Drive or DropBox.
The increasing use of Social Media has made it easier for hackers to craft plausible phishing e-mails. They harvest information about individuals from Social Media and use it for a targeted spear phishing exploit where the email quotes personal details that lull the user into a false sense of security.
In summary, the new attack surfaces that IT needs to concentrate on are network endpoints, users, both local and remote and potentially insecure access devices. In the past, IT could concentrate all their security efforts at a central IT site. Now those efforts need to be applied to many places. One commentator likened it to a Castle. Formerly a single castle holding all the corporate goodies needed protection. Now that the corporate goodies are dispersed among several castles, each will need protection. A sea-change in vulnerabilities and the corporate IT Security strategy.
To answer the question, “Will the trend slow down”, the answer is an emphatic no. At least until corporate IT strategies catch up to the new realities.