It took a global pandemic for all industries to become equipped for remote working. And although there are many benefits to a Work from Home (WFH) environment, this phenomenon has created new opportunities for cyber attackers to target remote workers who don’t have the benefit of corporate firewalls and other defences to keep them safe. This has significantly raised the security stakes when accessing the corporate network from home.
The recent supply chain attack on the software build system of US firm SolarWinds’s Orion infrastructure performance monitoring platform makes it painstakingly clear how important it is for remote workers to have the right security tools at hand.
The case demonstrated that even the world’s top cybersecurity firms — whose employees are required to use multi-factor authentication — can still be compromised by well-resourced, persistent hackers.
Asking the right questions
With so many different threat actors and the potential for a permanent shift towards remote working, it begs the question what approach organisations should take in a world where business leaders can no longer assume the network has a border, and most computing and network needs are moving to the cloud.
In the case of the SolarWinds breach, hackers managed to access a system used by the company to build updates for the Orion platform, inserting malicious code into an otherwise legitimate software update. Once deployed, government agencies and other organisations automatically downloaded and installed the infected software.
While this attack is known to have mostly targeted high-value US federal agencies and about 100 private firms, it’s mistaken to think it only targeted the US. This was a global cyberattack that has long-term implications for Australian organisations in the legal, finance, healthcare and government sectors.
Referring to this attack, Microsoft’s president, Brad Smith, said:
“… from a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen.”
Brad Smith, President, Microsoft
That’s quite the statement given the examples of devastating malware in recent years, including Stuxnet, Shamoon and the NotPetya and WannaCry destructive ransomware attacks of 2017.
Australian organisations not immune from attacks
The Australian Cyber Security Centre (ACSC) noted in January that multiple Australian organisations were using Orion, meaning they were exposed to the Sunburst backdoor within the software, even if none of these organisations reported instances of further compromise.
State-backed attackers are not the only threat. Slovak antivirus vendor, ESET, recently reported it had seen a whopping 768% growth in attacks on Microsoft’s remote desktop protocol (RDP) for Windows from the beginning of 2020 to the year’s end. RDP, a key tool for remote working, has been widely exploited to spread ransomware.
The Maze ransomware group, which has targeted Australian healthcare organisations, has recently started threatening victims with leaking corporate data on top of ransom demands that often exceed $100,000. The ACSC also recently warned that attackers are using the SDBbot, a Remote Access Trojan (RAT) to target the healthcare sector with ransomware. And ACSC has alerted aged care providers over Maze attacks.
The battlefield is at the edge
It’s no longer about a network of PCs behind a firewall, but laptops, Android phones and iPhones out in the wild that are being used to access critical business information. Tools like legacy VPNs just aren’t good enough any longer – once an employee’s credentials have been stolen, bad actors can move laterally throughout the network with very little effort.
At NetMotion, our technologies are improving lives of remote workers everywhere, and trusted by more than one million workers in over 3000 organisations to stay secure, protected and connected. NetMotion’s newly launched cloud platform is built on Microsoft Azure to take advantage of NetMotion’s zero trust network access (ZTNA) technology, enterprise VPN and experience monitoring capabilities.
Taking the SASE approach
Our approach to cloud, zero trust and secure remote access ticks a lot of the boxes within the SASE (Secure Access Service Edge) framework, too. SASE was originally coined by Gartner in 2019 and is now considered the new frontier in cybersecurity. It is not a product category or technology, like the software defined perimeter (SDP) or VPN, but a broader cloud-based framework for managing endpoint devices in a world where networks are borderless.
At its core, SASE represents a set of network and security technologies designed to protect the user at the ‘edge.’ This principle is even more prevalent in a world where cloud adoption is at record levels and remote working has been thrust into this new degree by the COVID-19 pandemic.
In 2021, it’s not a ‘brave new world’ but a world that demands sensible answers to tech challenges that help people get the job done remotely, productively, with ease and, most importantly, in a ‘friendly’ way that reduces the cognitive load on workers who are juggling a job, children, school projects, entertainment and more from home networks.
It’s not all doom and gloom. Australia is getting SASE!
Taking a step back, a recent NetMotion survey conducted in Australia, the UK, Germany, Japan and the US, found that many organisations still lack a true understanding of SASE. However, Australian IT leaders proved to be comparatively ahead of the pack when it comes to SASE, with 78% being able to confidently explain the principles of the framework; well above most other markets, including the US, where only 67% of IT professionals could do so. Likewise, 86% of Australian IT professionals are or have already adopted a zero-trust posture, which is above the average of 77% for other markets. Australian IT leaders employ more WAN optimisation networking solutions than any other market, which could be chalked up to the bandwidth availability issues faced by many Australian organisations.
The survey also revealed that over half of respondents were using a VPN. VPNs have been particularly popular with law firms and financial service organisations during the pandemic (56% and 49%, respectively), while 56% of private-sector organisations reported having utilised VPNs for their employees. In the public sector only 29% of business leaders reported VPN adoption, and instead prioritised cloud secure web gateways (SWG) (37%) and firewall-as-a-service (42%).
No quick fix
Digital transformation is not a quick or easy project, but there are certain times when IT needs to lead business transformation to suit prevailing conditions. In our current environment, where securing remote workers has become a priority, any organisation looking to modernise, fortify and even future-proof its network and security operations should choose where it wants to be in three or even five years. The important thing is to start the journey as soon as possible.
Continue reading…
- Creating a Cyber Security Culture with former Arsenal F.C IT Director, Christelle Heikkila
- Demand for ZTNA continues its upward trajectory in 2022
- What does “cyber resilience” mean to Legal IT?
- Where are you on the machine learning and artificial intelligence roadmap?
- Voices of NetMotion: reflecting on 2021
