As Pandemic-Related Traps Spawn Cyberattacks, How Ready Are You?
As COVID-19 crisis progresses, Cybersecurity remains essential to the state of business operations. Many of the largest enterprises are greatly affected. Enterprises are shutting down or drastically reducing business operations as the number of persons infected by the virus worldwide continues to climb. With all the shadows of fear and stay-in-place orders, companies are putting aside their 2020 strategy to scale remote operations and adopt new business models, all to survive the crisis. Meanwhile, increased risk of pandemic-related traps and cyberattacks loom ahead.
COVID-19 has brought a surge in remote access and work-from-home policies that have many organizations ramping up to safeguard hosted applications and scale secured access, enabling employees, customers, partners, and service providers that keep business moving ahead. “The Internet has [suddenly] become the [single most important] channel for effective human interaction and the primary way in which we work, contact, and support one another.” (World Health Organization). In today’s state of crisis, Cybersecurity matters more than ever. Any vulnerable entry point to hosted systems, applications, or information could jeopardize an entire business and cause widespread infrastructure failures that bring down essential operations and systems on which communities or cities rely. In the wake of COVID-19, many organizations are taking a more in-depth look at their digital hygiene, as the attack field increases and threat actors become more aggressive.
Cyber Attackers May Not Stay in Place
With everybody so distracted, there is ample opportunity for attackers to capitalize on the Pandemic. Phishing scams are already through the roof. There have been reports of ransom attacks on hospitals and companies researching vaccines and antidotes to the virus. Recently the FBI warned of malicious campaigns using KWAMPIRS malware targeting healthcare, energy, manufacturing, and logistics as a result of a previously infected software supply chain. Such infections allow cyber attackers to more effectively spread malware, steal credentials, and gain legitimate access to critical systems, as we shelter in place. More than that, the timing may allow attackers unfettered chance to win control of systems.
Before the pandemic, companies struggled to resolve enterprise application vulnerabilities. Patching cycles had not kept pace with expansiveness of applications, nor with the surge in vulnerabilities discovered. Organizations remained overwhelmed by the shortage of expertise and resources required to maintain increasingly complex application security infrastructure, and while analyzing security data and ensuring immediate response to attacks. To the benefit of attackers, prior to the pandemic, many high profiled systems were left vulnerable [you mean before the pandemic or during?] and found as targets on their radar for exploit at the right time. We all know that at the height of the pandemic, attackers are pulling the trigger on newfound opportunities.
Enterprises Are Gearing Up Application Protections
All is not lost. As the pandemic lingers, some organizations are taking aggressive steps to revamp their security strategy, and some are even rethinking traditional approaches to application protection. Organizations deemed essential to our livelihood, including financial institutions, utilities, hospitals and health services, and online retailers of necessities, are embracing innovations that augment existing network and edge-based application security. New technologies that provide deterministic host-based controls heighten defenses against evasive attacks targeting application runtime. New approaches to runtime application memory protection are also helping enterprises eliminate attacks commonly used in cyber warfare that target critical-infrastructure, and application components edge-based which policy-based solutions can’t safeguard.
Minimizing costs and any windows of exposure to enterprise applications is paramount. Last week, one of the world’s central health services organizations put immediate plans in place to harden their most vital applications. Across 1000 applications, they aim to deploy technology geared towards ensuring application control flow integrity from inside the application runtime, while delivering API enforcement and continuous authorization in the face of a threat. This approach takes days to deliver but allows them to automate protective action against feared nation-state attacks with more certainty. The ability to prevent evolving attacks without prior knowledge and analysis is a significant step forward, especially as IT teams cannot be assured of the availability of skilled resources around the clock. Many organizations around the world are making similar decisions to move security beyond the network and edge of the enterprise application realm to curb potential losses they could otherwise face as the pandemic continues and business transformation accelerates.
As you ramp and scale your mobile and remote workforce, bear in mind or that your security must extend beyond access controls and network traffic monitoring, to cover every aspect of the application runtime. As you evaluate your security strategy, ponder the following questions to help you best understand problem areas. Reach out to us at Virsec for more information and a full assessment of where critical vulnerabilities persist and how best to implement runtime application protection.
Questions to ask yourself to understand your security posture during the pandemic and beyond
- How effectively are you protecting process memory? NIST and Gartner recommend that you do more.
- What approaches are you using to ensure the operational integrity of enterprise applications, thus preventing injections that cause applications to perform unexpected or malicious operations?
- How effective are your security tools? Discuss this especially if you are overwhelmed by alerts daily.
- How much effort is required to identify evolving threats?
- What protections are in place to stop threats that have already reached the host server?
Resources to leverage: