Data has become big business over the years. It is now one of the most valuable assets in the world. In fact, its value—both as an available asset and as a potential resource—is so significant that data researcher Clive Humby famously said that data is the new oil.
This is quite a lofty assessment of what can be considered as mere 0s and 1s. But it does hold a lot of merit. Data has tremendous value, and its value exponentially increases when viewed from the perspective of people who need it, and the people who generate it. This fact is not lost on criminals who see it as another score. Over the last few years, the number of cyber-attacks has been increasing annually. In 2020, it was identified as the fifth top global risk. Attacks through Internet-of-Things (IoT) devices are expected to double by the year 2025. But what’s alarming is the reality that there is only a 0.05 percent rate of prosecution or of detection for these attacks.
We are living in an age when a cyber-attack on your organization is not a matter of “if,” but rather a matter of “when.” No organization is truly safe. This is why the age-old mantra of “prevention is better than a cure” comes into play once again. One efficient way to prevent these attacks and data breaches is through user access review audits. As an organization, it is better to anticipate attacks from malicious actors, rather than have exhaustive protocols in place that are only utilized after an attack or data breach already happens.
Security protocols that anticipate attacks like the implementation of continuous security validation in the enterprise are extremely useful and beneficial. By simulating cyber-attacks and attempts to breach the network, IT administrators can determine the strength of their security stance and identify potential vulnerabilities as it is exposed through the simulation. This is done without compromising network security.
Continuous security validation execution is further enhanced by using the MITRE ATT&CK framework, which is a comprehensive database of all known adversarial tactics used by cybercriminals. This is then used to simulate the various attack protocols to determine if the cyber security protocols put in place can withstand these attacks.
Evolving cyber threats
Cyber security threats are always looming over organizations. But the security landscape has also changed because of the COVID-19 pandemic and the sudden, abrupt change in work paradigms. More organizations are now encouraging—if not outrightly requiring—employees to work from home and this has created new or enhanced threats to security. Some of the evolving cyber security threats that IT administrators are looking out for are:
Phishing attacks through applications
Phishing attacks are already considered an ubiquitous cyber security problem because many criminals see this as an easy gateway into breaching network security. But gone are the days of phishing attacks riding on dubious emails. Phishing attacks have now become more sophisticated.
For example, consent phishing is becoming more prevalent. This type of attack, also known as OAuth phishing, will trick people into giving out access to their Microsoft Office 365 accounts. When criminals get the credentials, they can then take control of the Microsoft account of the victim.
This is quite a prevalent problem that Microsoft has even issued a warning about.
Cloud security misconfigurations
As previously mentioned, the COVID-19 pandemic has driven organizations to mandate work-at-home arrangements for their workforce to ensure business continuity as well as the safety of employees. This has resulted in a dramatic reliance on remote access to data and cloud-based services and applications. This has put tremendous strain on many IT departments who now have to ensure that the workforce can still continue to work even at home.
With time not on their side, one of the evolving threats to security is misconfigurations of applications and services that reside in the cloud. Malicious actors are very much aware of the IT strain and have been increasingly focusing on looking for and exploiting these misconfigurations to gain access to networks and steal data.
Cloud misconfigurations are considered as one of the most prevalent vulnerabilities that exist right now. According to a study conducted by McAfee, the four most common misconfigurations committed on security group settings are unrestricted access to non-http/https ports, open outbound access, uncommon ports that have unrestricted inbound access, and Internet Control Message Protocol access that has been left unhindered.
An evolving threat that seems to be gaining in popularity among cybercriminals is account takeovers (ATOs). This kind of attack has the potential to create a lot of for organizations. It compromises not just your organization’s network but also your customers. Through an ATO, an account that has been successfully attacked and taken over can be used to access network data, move laterally in the network, gain access to other accounts, or be used as an initial step in mounting a bigger cyber-attack on the organization.
One of the most notorious examples of an ATO is the attack that was mounted against SolarWinds. Cybercriminals were able to control the network, and, worse, issue updates that carried malicious code. This update was then spread to the company’s users. The compromised status of SolarWinds has been so devastating, IT experts think it will take years to fix all of its problems.
Ransomware attacks have been growing in scope in the last few years. Just last year, over 2,474 attacks were logged by organizations. This obviously means that cybercriminals are taking out this method in this arsenal more frequently. As it is evolving, criminals are now developing more complex and intricate ransomware techniques like double-extortion attacks. Malicious actors are so confident about the effectiveness of ransomware techniques that they are now even emboldened to look for high-profile or big game targets.
With data now one of the most valuable assets in the world, criminals are working double-time to create new and more sophisticated malicious techniques to try and force their way into networks and gain access to valuable data. IT administrators need to be constantly on their toes in making sure that organizations are safe and secure from these attackers, hence, security tools like continuous security validation are important weapons in the security arsenal and will become essential in the fight against malicious cyber-attacks.