CDW Tech Talk: Building a Secure Future in the Age of Remote Work
Remote working has made valuable data more vulnerable to cyber threats due to the expansion of the attack surface. With employees working from home and using multiple devices, security has become a more complicated concern.
Unsurprisingly, cybercriminals took advantage of this situation, as evidenced by the increase in high-profile ransomware attacks across all industries in recent months. Successful breaches have targeted health systems, financial institutions and even a gas pipeline. And these crimes can also make suppliers and customers vulnerable.
Tyler McChristian, Field Solutions Architect for Information Security at CDW, expressed concern during CDW’s Tech Talk webcast, but warned of panic when responding to reports of recent attacks from CDW. ransomware.
“I don’t think panic is ever appropriate, and I think when it comes to security we can always be the type to be pessimistic,” he said. âBut we should never take a fear-based approach, so I encourage everyone listening today – whether you’re a key stakeholder or in the trenches – to tone down those emotions a bit, because the last thing you want to do is make a decision to act quickly that leads you down the wrong path with an investment that might not make sense for your organization.
WATCH THE WEB BROADCAST: Unlock the exclusive Insider video to learn more about the benefits of dynamic infrastructure.
What has changed for cybersecurity in recent months?
McChristian pointed out that computer security is nothing new. However, concerns have grown due to an increase in incidents in the first half of 2021.
âFirst, I think we’ve had a variety of high profile incidents in the news, so I think everyone is a little nervous in the world today,â McChristian said. âAnd the second element, partly in response to the first, is that we are now seeing stakeholders in organizations, as well as external forces, pushing people to increase their security posture. So, the one that I have seen a lot lately is that cyber insurance providers are increasing the demands of the organizations they cover.
For organizations reviewing their security strategies, McChristian said, âThe first thing I always say is to be proactive. And that might not necessarily be another set of security tools. I encourage organizations to look at their security posture from a technical or political perspective. So starting with something like a penetration test or aligning with a security framework is going to really help you as an organization assess where you are today, where you might need to improve. and what is the best way forward.
He recommended two common frameworks that companies can use as best practices. According to McChristian, the Center for Internet Security‘s 18 core controls and the National Institute of Standards and Technology’s cybersecurity framework are great starting points for any organization.
Sign up below for an upcoming CDW Tech Talk, to be held Tuesdays at 1 p.m., to hear from IT experts live.
Cyber ââsecurity has changed as businesses respond to the pandemic
Andrew Mundell, Senior Security Engineer at Sophos, also joined the conversation to offer suggestions on how businesses can target the cybersecurity challenges they face.
âI think I would divide it into three broad areas, and the first is the issues we’ve had in trying to get organizations to understand the power of cloud management,â Mundell explained. âThese are really tough conversations with segments of the market that were highly regulated, concerned about their intellectual property, for example. So we really saw the 2020 pandemic highlight that. Not only do organizations have to make drastic changes to their scope, but many of the traditional tools they have been able to rely on simply weren’t suitable.
Mundell said the second major problem he saw was the changing perimeter. âI think back to a few years ago, and we had a very clear understanding of what the perimeter was, inside the network and outside the network. Not only must that have changed a lot, but we’re starting to see that blurring those lines is actually much more effective. And users want the flexibility to work where and when they want.
âAnd I think the third piece is the sophistication of the striker,â he said. âI think we are definitely seeing an increase in widespread attacks. And while traditionally I think we’d hear a bit of news here and there, now what we’re seeing are long-lasting attacks. These are not things that are built in a few days.
Ransomware attacks continue to evolve
Mundell highlighted the ways cybercriminals have changed their attack methods. He talked about a new platform for criminals, which he called Ransomware as a Service. âWhat you can do is join a platform and have that platform manage your ransomware executables, ransomware payments, and encryption keys. So now, as an attacker, you don’t have to worry about those complicated and pesky stuff to do the encryption anymore.
In recent attacks, Mundell has said that cybercriminals have been able to “use techniques and tools that have historically been viewed as things within the capabilities of nation states. So we are certainly seeing the bar for some of these attacks. incredibly long and complex human-operated lowering. “
âThere’s a second thing that typically happens in the majority of ransomware attacks that we see, and it’s some of that data access, not necessarily data exfiltration,â Mundell said.
Cyber ââsecurity experts are now seeing incidents in which attackers not only take data, but also disable an organization’s security tools. The attackers were able to “do things like break database services so that the files in the database were unlocked and then they could be encrypted.” So if you think about the length of time that attackers have access to the interior of some of these environments, there’s a lot of information they’re able to gather. And it’s certainly different from what we thought of attackers and hackers just a few years ago. “
Zero Trust can be effective in providing additional protection
Many organizations are basing some of their hopes for better security on a zero security approach, hoping that multi-factor authentication can offer a better defense.
Chris Frenz, assistant vice president of IT security at Mount Sinai South Nassau, shared his experience in implementing a zero trust strategy in a healthcare facility. Speaking of the architecture he used while in another hospital, Frenz said, âWe have become very concerned about the possibility of ransomware or a widespread malware attack in the organization. So, one of the things we decided to do was simulate what it would look like if a malware attack actually hit the hospital.
âBy doing the exercise, we learned a lot about which controls worked, which didn’t and, in some cases, how people reacted to the attack, both the users and the incident response. Now, one of the controls that has proven to be really effective in performing a test was network segregation. “
For many organizations, Frenz said figuring out the different traffic flows and mapping them would likely be the biggest challenge of a zero trust initiative. âA lot of the more modern zero trust tools give better insight into the traffic that is happening between systems, which just got a little easier. But that’s always where your biggest challenge is going to be, âhe said.
Any organization implementing a zero trust initiative should spend a lot of time learning the required traffic flows in the organization, Frenz said. By taking the time to understand which systems should communicate with other systems, “the less likely you are to break something when putting policies in place, because these identified traffic flows will form the basis of your zero trust policies.” .
To pursue BizTechfull coverage of CDW Tech Talk series here. Insiders can register for the series of events here.