As work-from-home policies persist for several enterprises amid the worldwide pandemic. And will become permanent within the long-standing time. The cyber threat landscape has become far more complicated. Current work arrangements are thus far from the norm that a different threat has emerged: the “disrupted” employee. Let’s se how thiis new working modelis disrupting the CyberSecurity
We are all conversant in the concept of a malicious employee actively trying to wreck the corporate or exfiltrate data out of monetary interest or revenge. Far more common is an employee who is fully compliant and follows your security policies as habit .
A disrupted employee is someone in between: trying to try to to their job right but with less secure means. He or she may face challenges in getting projects done. It is because of not having access to the office’s infrastructure or face-to-face interactions. Gone are the device conversations or impromptu meetings within the hallways. Now a days we rely on Zoom or WebEx calls to remain connected. Informal information exchanges are about gone.
Another challenge is that the new headquarters , where spouses could also be working remotely, often alongside their children attending school online. Home networks lack typical protections and bifurcations of the company office. As a result , they should be susceptible to attacks using lateral movement techniques.
In these scenarios, after gaining initial access through an insufficiently protected device, like a family computer, attackers move deeper into a network, checking out other devices to compromise or obtain increased privileges. This continued probing could eventually cause the exfiltration of sensitive corporate data or high-value property .
Disrupted environments susceptible threat to CyberSecurity
To do our jobs, we may obtain information necessary for “situational awareness,” lacking in newly remote workspaces. Bits and pieces of data – ASCII text file , marketing materials for a product launch, notes from a rebranding exercise, or business development activities – may find yourself on a computer of a disrupted employee.
Having all this information in one place might not be even necessary for a successful attack. Hackers are becoming increasingly better at generating a composite of a company’s proprietary data from disparate sources to form stealing it worth their while.
Much of this activity is anomalous, like accessing databases generally not a part of one’s knowledge base or downloading software code for an unrelated product. But with the upheaval that went on in corporate networks as many workers suddenly relocated to home offices, these anomalies and lateral movements could also be tougher to trace and analyze. A couple of missed red flags may mean severe and unpredictable consequences down the road.
The need for East-West visibility
Firewalls are typically our go-to devices to detect and disable malicious North-South traffic (the traffic entering and exiting the network). But as networks evolve, quite one-half of the traffic within the data center, either physical or virtual, is now East-West (moving laterally from server to server). Security tools haven’t yet trapped with the necessity to examine and analyze these movements to detect vulnerabilities and threats.
Modern-day networks include containerized applications in highly distributed and hybrid-cloud-based environments. Therefore, gaining proper visibility has become increasingly difficult, especially with East-West traffic.
Accurate East-West security analytics depend upon packet data because the single source of truth, especially in virtualized environments lacking a firmly established network perimeter. Thus, pervasive visibility is a foundational requirement for cybersecurity. It could also be effort-intensive or costly to realize. This can result in requiring new approaches or specialized tools.
Better data for better analytics
Packet data is usful when converted to smart metadata and actionable insights. It helps pinpoint the source of information leaks or security disruptions impacting the network. Granular analytics affect alert fatigue by directing security teams to the foremost critical or time-sensitive issues.
Even if well-intentioned, a “disrupted employee” remains an insider threat. He requires a comprehensive approach of security controls, analytics, acceptable use policies, and education. Understanding a replacement baseline through analytics is that the first and essential step in creating the right controls and academic programs to assist your employees securely accomplish their goals.
It is the need of time that foreffio ensure CyberSecurity o your businesscient CyberSecurity we adapt the the measures that are must for protection against Cyber attacks. Vigilancy and proper measures are the only way t0 ensure CyberSecurity of your business.
The post Are “disrupted” employees a brand new cybersecurity threat? appeared first on DSRN Blogs.