Hybrid workforce security and human-operated ransomware are among CISO’s Top of Mind
November 23, 2021, Hong Kong – The state of cybercrime has evolved much in the past two years with most industries shift to remote work due to the pandemic. Globally, 81% of enterprise organizations have begun the move toward a hybrid workplace, with 31% already fully adopted. With hybrid work is here to stay, a continuing threat vector is email compromise with phishing is responsible for almost 70% of data breaches, with more than 25 different kinds of malicious email techniques in addition to phishing.
Some of the top threats that today’s Chief Information Security Officers (CISOs) are concern with are hybrid work security and human-operated ransomware, according to a recent Microsoft report.
Hybrid Work Security
While most industries made the shift to remote work due to the pandemic, it created new attack surfaces for cybercriminals to take advantage of, such as home devices being used for business purposes. The huge acceleration in remote services, both at home and in the workplace since the onset of the COVID-19 pandemic, increases the likelihood of risk materializing.
With phishing is responsible for almost 70% of data breaches, cybercriminals are using malware that is posed as a legitimate software update to target unsuspecting employees. In addition, Ransomware attackers are now offering ransomware as a service (RaaS), which uses a partner network to carry out an attack, making it tough to determine who the real bad actor is. Adversaries are also targeting on-premises systems, reinforcing the need for organizations to move infrastructure to the cloud where security is more difficult to penetrate.
Organizations need to focus on applying basic security hygiene such as patching, applying updates, or turning on multifactor authentication (MFA), to minimize impact. However, less than 20% of Microsoft’s customers are using strong authentication such as MFA. Organizations that do not apply or maintain basic hygiene practices will face much greater exposure to attacks.
Human-operated ransomware is a large and growing attack trend that represents a threat to organizations in every industry. Human-operated ransomware is different than commodity ransomware. These “hands-on-keyboard” attacks target an organization rather than a single device and leverage human attackers’ knowledge of common system and security misconfigurations to infiltrate the organization, navigate the enterprise network, and adapt to the environment and its weaknesses as they go.
Hallmarks of these human-operated ransomware attacks typically include credential theft and lateral movement and can result in deployment of a ransomware payload to high business impact resources the attackers choose.
These attacks can be catastrophic to business operations and are difficult to clean up, requiring complete adversary eviction to protect against future attacks. Unlike commodity ransomware that only requires malware remediation, human-operated ransomware will continue to threaten your business operations after the initial encounter.
Basics Matter: Zero Trust Approach and What’s Next
The increasing prevalence of cloud-based services, mobile computing, IoT and “bring your own device” (BYOD) in hybrid work environments has changed the technology landscape for today’s enterprise.
Security architectures that rely on network firewalls and virtual private networks (VPNs) to isolate and restrict access to corporate technology resources and services are no longer sufficient for a workforce that regularly requires access to applications and resources that exist beyond traditional corporate network boundaries. The shift to the internet as the network of choice and the continuously evolving threats led Microsoft to adopt a Zero Trust security model.
Zero Trust has become a priority of enterprise security leaders around the world. It is also a dynamic model that will continue to evolve. Moving forward, the focus of Zero Trust is shifting from securing individual pillars with the right policies and controls to policy unification across pillars, ensuring consistent enforcement and holistic protection. For example, the convergence of access controls between identity and network, allowing security teams to apply granular, consistent policies for all users to all resources. This will enable security teams to automate enforcement across their entire estate and achieve an even stronger security posture.
Identity Protection: Go Passwordless
Hackers don’t break in, they log in. In Azure Active Directory, we observe 50 million password attacks daily, yet only 20% of users and 30% of global admins are using strong authentications such as MFA.
Although blocking legacy authentication and enabling MFA are still the most important defenses for any organization, phishing protection is becoming more relevant than ever. Even with MFA enabled, users can still have their credentials phished by real-time man-in-the-middle phishing tools that replicate the sign-in page and replay the MFA prompt to collect the one-time password sent to the user.
For identities, verifying explicitly means ensuring the identities are using strong authentication when accessing resources. Microsoft research shows that requiring strong authentication can protect against 99.9% of the identity attacks because the majority of the attacks are related to passwords. While augmenting passwords can help defend against those attacks, eliminating passwords altogether with password less authentication methods can provide the most usable and secure authentication experience.
Photo 1: Welland Chu (Left), VP (Certification) & Secretary, ISACA China Hong Kong Chapter and Fred Sheu (Right), National Technology Officer Microsoft Hong Kong, shared their insights of CISO’s top priorities in 2022 and development of cybersecurity talents in Hong Kong
Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.