By Rajesh Ganesan, Vice President at ManageEngine
After the ransomware attack on Colonial Pipeline in May, cybercrime has become top of mind for many regulators, legislators, and corporations. DarkSide, the group responsible for the Colonial attack, supposedly disbanded; however, they have recently reformed and rebranded as BlackMatter, according to blockchain analysis group Chainalysis.
Although DarkSide has denied this rebranding, Allan Liska, a self-proclaimed “ransomware sommelier,” finds the denial difficult to believe given the technical and financial connections between DarkSide and BlackMatter. Regardless, ransomware attacks are becoming more prevalent, and enterprises need to take the necessary precautions to defend their organizations — especially given the current remote work landscape.
The migration to remote work has made networks less safe
According to ManageEngine’s 2021 Digital Readiness Survey, 83% of IT professionals say that the recent transition to remote work has increased their enterprise’s security risk. Due to this increased security risk, 56% of companies adopted a security strategy to deal with the plethora of remote workers.
More by Rajesh Ganesan:
IT lessons the world learned from 2020
ManageEngine shares technology trends for 2020
It is important to note that remote work is not going away any time soon. As the survey reveals, 96% of companies are planning on supporting remote workers for at least the next two years. Unfortunately, all of these elements have created a perfect storm, making the current cyber landscape ideal for ransomware groups, malicious insiders, and other bad actors. In the midst of this new remote work climate, 46% of North American respondents said that endpoint network attacks have increased, and 37% saw an increase in malware attacks. Given this increase in attacks, perhaps it’s not surprising that 19% of North American companies adopted a zero trust framework after the pandemic.
It is vital to take a zero trust approach
Soon after the aftermath of the Colonial attack, the United States government mandated that all systems with federal information adhere to zero trust security requirements. Originally created by cybersecurity strategist John Kindervag, the zero trust security approach mandates that all employees in an organization are provided with the bare minimum level of access needed to complete any given task. Often called “just-in-time access” or “just-enough-access,” employees should have access to systems and applications for the least amount of time possible. According to the principles of zero trust, one’s IT department should always assume that there has been a breach, and all access requests should be treated as though they came from an insecure network. Moreover, all internal communication should be encrypted, and any anomalous activity on a network should be identified.
Crackdown on the use of shadow IT
Due to the recent migration to a remote work environment, employees are increasingly using devices, applications, and services not sanctioned by IT personnel. According to the aforementioned survey, 78% of companies across the globe reportedly fail to control the applications and services that their employees use.
Unsanctioned, mobile-based applications are a significant problem in North America, as roughly a third of employees (33%) admitted to downloading mobile-specific apps without direct approval from their IT department.
It is vital that IT personnel are able to identify all of these non-sanctioned apps, as they can jeopardize network security. Through the use of mobile device management (MDM) tools, organizations can easily monitor tablets and phones, ensuring that only IT-sanctioned apps are accessing corporate data on these devices.
In addition to cracking down on shadow IT, all apps and servers on the corporate network should remain up-to-date and completely secure. An adequate unified endpoint management (UEM) solution can help facilitate this process by automating server maintenance and patch management.
Do not let privileged users off the hook
It is important that everyone in the company is on the same page. All employees, including those at the highest regions of an organizational chart, should be cognizant of the latest cyberattack vectors, social engineering campaigns, and best practices for keeping the network secure. Also, IT personnel should engage in privileged session monitoring.
It’s of little surprise that cybercriminals target C-level personnel. After all, if a criminal is able to breach a privileged account, he or she can then gain access to particularly sensitive corporate data. Thus, it’s important that everyone within an organization is monitored.
Be sure to pay particular attention to privileged user behavior analytics, and fetch VPN logs, and generate traffic and security reports for all top executives as well. If there have been problems with a particular user in the past, consider recording that user’s privileged sessions. These recordings can be helpful during a compliance audit. Lastly, by overseeing privileged users’ behavior on remote servers, databases, and other critical systems, IT personnel can easily terminate any session that seems suspicious.
The pandemic has caused the number of remote workers to skyrocket, which in turn has resulted in more security risk. In fact, a whopping 58% of North American respondents said phishing had increased as a result of the pandemic. Moreover, remote work is here to stay for the foreseeable future; hence, it is important for IT departments to take the necessary precautions. By embracing a zero trust architecture, cracking down on shadow IT, and monitoring privileged users, one can rest assured that their network remains safe and secure.
ManageEngine is the Enterprise IT Management Software division of Zoho Corp. ManageEngine offers more than 90 tools to help organizations manage all their IT operations, including networks, servers, applications, service desk, Active Directory, security, desktops, and mobile devices.