We’ve been taking a close look at the post-pandemic environment that MSPs are finding themselves navigating in 2021. One of the questions for many is what happens if the new normal doesn’t resemble the old normal? What if corporate campuses don’t fill back up and water coolers have no one gathered around them?
Smarter MSP reached out to Doug Rime, who has spent decades working in cyber compliance for the housing industry, and is now an independent cybersecurity consultant specializing in penetration testing, to get his thoughts on this topic.
Rime says the biggest challenge in the post-COVID era will be adapting cybersecurity to the workforce, which is now scattered, working from home, and in coffee shops or other places. In an office setting, workers are more guarded, more likely to take threats seriously. In the comfort of one’s pajamas, it’s easier to fall prey and harder to police oneself.
“I believe there will be more challenges than ever before given the curious nature of workers in these more casual and relaxed environments. This can lead to an upward trend in successful phishing attacks,” Rime stresses.
He adds that a year has passed since many offices sent their workers home. The last twelve months have allowed many businesses to reimagine cybersecurity. Some companies will decide to keep people home, rather than bring them back into the office, and that entails more risk.
“It’s a common refrain that you can’t legislate social behavior,” Rime declares, adding that this hasn’t stopped many governments from trying. So, Rime asks, if you set up every tool or widget possible to ensure security, how do you also successfully influence remote workers’ behavior?
The behavior you want to keep workers from indulging in, Rime says, is opening phishing emails with spoofed return addresses and then surfing through malicious links and sites, or falling victim to zero-day threats.
Zero-day attacks the norm
Because zero-day attacks are increasingly becoming the norm, Rime advises that it will change the pandemic’s long-term impact on cybersecurity.
“You can ensure a VPN is in place, and protocols for antivirus are up to date, but what about the remote worker’s machine?” Rime asks. He adds that many backdoors compromise computers without people realizing it.
#ZeroDay attacks are increasingly becoming the norm and this will change how #MSPs must build their clients’ #CyberSecurity defenses.
“Let’s face it, how many average corporate workers understand how to find viruses, let alone discover zero-day attacks?” says Rime. According to a recent study from Panda Security, 72 percent of the encrypted malware was classified as zero-day, pointing to the fact that there is no antivirus signature to slow it down as it becomes increasingly undetectable to organizations.
This vulnerability can also allow other successful chainlink privilege escalation attacks that can compromise all points of contact that the machine connects to, Rime adds. So, how do security stakeholders keep their clients safe in the post-pandemic world?
Incentivizing good behavior
Ongoing training from MSPs and other security stakeholders is crucial, but so is incentivizing people to do better, Rime advises.
“Depending on management’s mindset, there’s either going to be a leaning toward rewarding good habits or punishing the bad to meet agreed-upon goals,” he says, adding that what seems to work the best from the beginning is positive peer pressure.
Since phishing is currently regarded as the biggest threat, fake phishing emails should be routinely sent to various departments and then the results viewed as a group. Results can be announced in the following way:
“Our group did well, but we have room for improvement. Seven out of our team of 35 clicked on the malicious link we sent to each of you in a recent operation to see how ready we are.”
Over time, no one is going to want to be on “that list” whether their names are called out, or they get the privilege of having “that conversation” with their superior, Rime aptly points out.
Where are the highest risks?
The short answer: anywhere there are humans. While hackers and criminals will continuously pursue whatever they think is the highest value target, no single vertical is riskier than another. Whether it be healthcare, finance, education, government, or something else, the common denominator across all verticals is humans. Humans are the weak link everywhere.
“People are people, and human behavior overall is much the same in large groups,” Rime says. People everywhere have a tendency to open a malicious attachment due to curiosity, or click on a link because they were in a hurry and didn’t check the varied grammatical errors or incorrect return address ( i.e. firstname.lastname@example.org). This can happen in any industry.
Ongoing training from #MSPs and other #CyberSecurity stakeholders is crucial to preventing cyber attacks, but so is incentivizing good behavior from employees and other end users.
Rime says that in the end, it comes down to which industries threat actors are targeting, and how much they believe they can obtain from them. For example, several years ago, the ransomware precursor TrickBot infection was mainly used against financial institutions like banks, as they had plenty to lose in the event of a ransomware event. Hence, the likelihood of payment in some amount was ever-present regardless of the actual stated demand. In recent months, however, Rime adds that TrickBot has been used against other target verticals.
“Likely because the cybercriminals woke up one day and found that there was too much ‘competition’ extorting the big boys in one vertical and decided to move on to another,” he says.
Hackers are now targeting any corporation with robust bank accounts. Verticals that tend to have legacy systems (banking/finance was notorious for this for a while) could lend themselves to more potential threats leveraged against it.
“But generally, it seems that cybercriminals are widening out and targeting a bevy of verticals as long as they have pockets deep enough and servers exposed enough to make a successful attack,” Rime adds.
So, the continued message from cybersecurity expert is that while MSPs will continue to have to police networks and install software, people will continue to be the biggest vulnerability. With all the changes in the workplace over the past year, humans being the weak link, that hasn’t changed at all.
Photo: Andrii Yalanskyi / Shutterstock