Ray Kafity, the Vice President for Middle East, Turkey, and Africa (META) at Attivo Networks, speaks about the security threats faced by companies in the region
How has the security threat landscape evolved over the past few months?
Like everything else, the COVID-19 pandemic is having a direct impact on the increasing cyber risk level. Remote workforces have increased the attack surface, cloud breaches have increased, and ransomware demands have hit staggering levels. As we embrace the digital world, the cyber threat landscape changes. We see IoT devices becoming more vulnerable to cyber-attacks and the rollout of 5G, which introduces a new set of security risks.
In the past few months, we witnessed an increasing number of cyber-attacks globally, affecting organisations of all sizes, including Microsoft, SolarWinds, Acer, Sierra Wireless and others. We also saw a significant rise in ransomware attacks and payouts, with demands recorded over $50 million.
What sort of security challenges are people facing when working from home, and how is your company equipped to handle those challenges?
Working from home means factoring in a significantly expanded attack surface of devices and unsecured Wi-Fi networks that can make devices directly vulnerable since home Wi-Fi networks may use weaker security passwords and protocols. Once attackers compromise a system, they will look for vulnerable connections to exploit and gain access to company networks. Security practitioners must also be conscious that employees might use devices that are already compromised when they return to the office.
Reconnecting them to the central network might pave the way for cybercriminals to access the enterprise. Users may also mistakenly store their account credentials on their workstations, leaving them available for attackers to steal and reuse.
How has ransomware evolved during the pandemic period and what are you doing to tackle the problem?
Ransomware attacks increased by an astounding 485% in 2020 compared to 2019, according to Bitdefender’s 2020 Consumer Threat Landscape Report. The pandemic caused most of us to work from home, causing a significant increase in the risk of a successful ransomware attack. This increase is due to weaker home IT security and a higher probability of users clicking on COVID-19 themed or other persuasive ransomware lure emails. Criminal groups are craftily taking advantage of employees working from home, allowing them to leverage weaker security to insert themselves into the business networks.
Ransomware-as-a-service is also on the rise, making it easier for nonskilled people to become cybercriminals. In addition, cybercriminals have adopted more creative ways to extract payments, like extorting an organisation’s customers for additional payouts. While it is impossible to prevent every possible attack, proper planning and use of lateral movement prevention technologies like deception and concealment technologies could avert a more significant impact on the organisation.
How can companies overcome digital security and privacy challenges?
One of the strongest ways to provide better digital security and privacy protection is to take an identity-first security posture. Instead of thinking about layered protection at the edge of a network, businesses should start with how best to protect credentials and privileges and provide least-privileged access to data. This approach requires a different level of security architecture and must cover endpoints, Active Directory and cloud environments. A primary place for security teams to start is with protecting Active Directory.
It is the prime target for attackers seeking to access the credentials and privileges they need to elevate their attack. Despite being such a critical control, it is intrinsically insecure, which attackers leverage to their advantage. The loss of Active Directory Domain control can create a devasting and game-over situation for an organisation’s digital security and ability to maintain privacy for its customers.
Do you believe companies today have accelerated their digital transformation initiatives?
Companies used to be careful about how quickly they introduced new technology solutions and how advanced they were. However, the responses to the COVID-19 pandemic have sped up the adoption of digital technologies by months or even years as they raced to maintain uninterrupted operations. According to a new McKinsey Global Survey of executives, their companies have accelerated the digitization of their customer and supply-chain interactions and their internal operations by three to four years. Additionally, the share of digital or digitally enabled products in their portfolios has accelerated by a staggering seven years.
What are the cybersecurity trends for 2021?
Like the rest of the world, the cybersecurity industry in the Middle East will witness increased use of AI in applications and in-depth analysis of network traffic to spot anomalous behaviour. AI will also help to stress-test security measures to ensure maximum protection. On the other hand, cybercriminals will also have equal access to AI. They will use it continue to crack codes, break encryption and unlock passwords.
In 2020, the industry and analysts did a big push to educate the world on the benefits of cyber deception. With the increase in sophistication and destructiveness of attacks, it became clear that organisations needed cyber deception capabilities to detect attackers as they attempt to break out and move laterally from a compromised endpoint. Deception has also gained recognition for its efficiency in detecting exposed and misused credentials, which attackers use in most attacks. Although modern deception platform availability began to appear around 2014, many security professionals see 2021 as the “year of deception.”
Although many organisations may think they have already taken the steps required to avoid ransomware attacks, systems infections are still occurring at unprecedented rates. The ransomware attack on Oman’s largest insurance company in Jan 2020, which caused data loss but no publicized monetary loss, is a good example of how aggressive these attackers can be. Given the attacker’s success rates, one can expect ransomware to continue to be a significant threat throughout 2021.
So-called ransomware 2.0, where humans rather than automated code guide attacks, will continue to increase in 2021. Attackers will take more sophisticated and aggressive paths to gain domain control to inject their ransomware code en masse into systems. Security teams must continue to guard against attacks. They should look at adopting security controls that provide visibility into Active Directory vulnerabilities and misconfigurations and prevent attacker privilege escalation by hiding and denying their access to Active Directory privileges. Using concealment technology can also be a significant deterrent. In this case, the technology can hide files, folders, and the data the attacker seeks so that they can neither steal nor encrypt a company’s files.
Businesses stabilized working from home in 2020, which seems to continue in 2021, causing a higher cybersecurity risk with employees accessing the network remotely and sometimes using personal devices. Internal security controls must adapt to addressing these increased risks. CISOs and CTOs should immediately assess their VPN and cloud security programs. They should also put in programs to detect the misuse of a legitimate employee’s credentials and in-network lateral movement, privilege escalation and data collection activities.
What are the key factors to consider to make sure the digital economies of today are secured?
A trusted digital economy could stimulate valuable additional growth for organisations over the years. The Covid-19 pandemic has fueled tremendous growth in internet commerce, and organisations are adopting new and emerging technologies faster than they can address related security issues. The pandemic has also motivated businesses to accelerate efforts to grow their digital presence and speed app development to meet consumers’ demands and expectations as they move online.
This situation comes with inherent supply chain risks if the organization cannot properly vet providers and their software. Just as companies head online to where the consumers are, cybercriminals are doing the same, targeting the weaknesses of these companies. Hence, cybersecurity is emerging at the top of risks companies face in the age of the digital economy. To meet these threats, organisations must scale up their security efforts. These should include security automation, AI and increasingly assessing critical systems like Active Directory for credential and privileges protection.
With edge perimeters dissolving, an identity-first security posture will better position the company to protect its employees’ identities, credentials and privileges. Viewing this across the entire threat landscape from endpoint to Active Directory to the cloud will provide comprehensive coverage for today and as the company continues to expand on its digital transformation.