“Work from anywhere” is a reality for many organizations today, but as teams take advantage of cloud tools to enable better collaboration, criminals are also upping their game to take advantage of the new environment. Adenike Cosgrove, Cybersecurity Strategy, International, Proofpoint, discusses why defenders need to prioritize email security when operating in the cloud, as well as how CISOs can best protect themselves against the many different attacks of ‘today.
Today’s global threat landscape is fundamentally characterized by this human element, and it is no different in the Middle East. “Working from anywhere” is now a reality for a significant percentage of the workforce and we see organizations around the world being more exposed than ever to cyber threats.
That’s why 66% of CISOs in the UAE agree that working remotely has made their organization more vulnerable to these targeted cyberattacks, according to Proofpoint’s 2021 study. CISO Voice Report.
Here we break down some of the key questions that CISOs in the region may be asking, with advice on how to strengthen their cybersecurity postures.
What types of attacks do CISOs in the region expect?
Nearly 100% of attacks require somebody to do Something through human interaction to succeed.
Criminals use social engineering as a key tool to trick someone into clicking or interacting with their payload. Statistics point out that 99% of data loss incidents are human-caused, while 75% of ransomware attacks start with email phishing. There are also business email compromise attacks or email fraud attacks – where the criminal pretends to be someone the victim trusts – cause more financial loss than all other attacks combined.
Given the overall success rate and low cost of executing these email fraud attacks, we find that CISOs in the UAE are particularly concerned about these. Security professionals are recognizing these new ways criminals are trying to social engineer people – they end up logging in instead of hacking.
What trends have you seen in terms of regional organizations migrating to the cloud and what challenges does this present?
The ability for employees to work from anywhere is here to stay and we’re seeing an increased need for organizations to enable things like virtual collaboration, cloud services and the ability for people to collaborate more effectively from anywhere. anywhere, on any device, in any place.
Many businesses now house a significant portion of their sensitive information and corporate data in the cloud. They are migrating from on-premises data centers to Microsoft, Amazon, and Google to ease this transition to working from anywhere. But that means our security strategy and controls need to change as we take advantage of cloud services.
And criminals recognize this change. That’s why, instead of hacking Microsoft, they trick our employees into giving those credentials to those cloud services. Why hack Microsoft, if you can just steal someone’s credentials and log in using their real identity and just download the data from the cloud? Criminals also exploit cloud services to host malware, which is used to launch ransomware attacks.
Many organizations have migrated to Office 365. What are the hidden costs and security limitations?
Microsoft is truly a business enabler and businesses around the world, including those in the Middle East, are reaping the benefits of Microsoft and these collaboration services.
But we have seen that criminals also exploit this infrastructure. We’ve seen malicious messages sent from Microsoft 365, targeted at 60 million users in 2020, according to Proofpoint threat data. These are criminals who use Microsoft’s own infrastructure and trusted domains to spread this malware.
Email remains the number one entry point for cyber threats, putting everyone at risk: internal employees, external vendors, external third parties and customers we work with.
A central concern is that these emails use outlook.com, for example, as the domain, which has a trusted reputation – so these emails are much more likely to land in the inbox. .
Criminals actually use a wide range of tactics to hijack these cloud email and app accounts. That’s why 71% of CISOs in the UAE are more concerned than ever about the repercussions of cyberattacks.
Why should email security for Office 365 be a priority?
Fundamentally, we need additional controls on top of the basic functionality provided by Microsoft 365. If criminals leverage a platform approach, we as defenders need to leverage a platform approach too.
If criminals are using a number of different techniques, from credential phishing to malware to compromising work email, we need to take this in-depth platform defense approach to protect the user. and the threat the user is facing in the messaging channel.
How concerned should CISOs be about insider threats? And how does the great reported resignation cause these to rise?
As cybersecurity professionals, we spend a lot of our time and budget on threat protection. We want to make sure we protect our data and for good reason. However, not all attacks are perpetrated by outside criminals. Sometimes that risk is inside our home. Two main trends are driving this increase in insider risk.
The first is the move to the cloud. We leverage more cloud services, more data goes into the cloud, more people have access to that data.
And second, there’s this work from anywhere – we have a lot more flexibility, but with increased access comes increased risk. Do we monitor where this data resides? Do we monitor who has access to this data?
With the big quit, we’ve seen an increased risk of insider threat incidents, because when people leave organizations, they take data with them, thinking it’s theirs.
We see these trends where individuals are taking data or accessing data in interesting new ways. Forrester coined an interesting phrase, stating that COVID-19 introduced ideal conditions for insider threats – and it’s ultimately because we allowed greater access. So we have to monitor this data.
How can CISOs best protect themselves against these various attacks and ensure that employees are aware of the threats presented to them?
First of all, it’s about understanding – what kind of insider are you dealing with? This should indicate how your security team reacts. If you are dealing with someone who has made a mistake, you may want to re-send them for training or make them aware of a security policy and their responsibility to protect that data.
Your response plan will be completely different if, for example, you are dealing with a compromised user, someone who may have inadvertently given their password and username to a cybercriminal and the criminal is now taking action. like that person, because they log in using their credentials.
Also, you would react slightly differently if you are dealing with someone who intentionally steals company data and tries to harm the organization.
But fundamentally, the foundation of any defense is visibility. You must have total visibility of your data and your collaborators. The data they create and how they access it, where it resides, who has access to it, whether on-premises or in the cloud, and how people work with that data.
It’s not just about confidentiality. It is also about the integrity and availability of this information. Then you need to implement technical controls like DLP solutions or security solutions that ultimately prevent these criminals from stealing credentials and gaining access to those crown jewels and cloud stores. You can then implement appropriate controls to protect the landscape from that individual’s threats.
Additionally, you need to create a strong safety culture. It means understanding people’s behavior, what good behavior you want to implement, and then creating a cultural program and an awareness program to ultimately change the behavior towards that good.
As a final recommendation, people are the new perimeter, so we recommend setting up a layered defense. This includes dedicated insider threat management solutions, a robust security awareness training program, and ultimately a robust critical threat protection solution that prevents threats from reaching your staff, regardless of either the channel, technique or platform that the criminals are exploiting.
Click below to share this article