People will always be the weakest link
One of the most lethal combinations is a sophisticated attack that targets humans when they are in a state of fear, uncertainty, and doubt. The current COVID-19 pandemic is a great example of how attackers took advantage of a global event and were quickly able to adapt and use it in their favour to target vulnerable individuals and companies.
So says Doros Hadjizenonos, regional sales director for Fortinet Southern Africa, adding that people are, are and always will be, the weakest link in any corporate IT security system. “Even though so many corporations educate their employees using various awareness training, phishing techniques have evolved dramatically in recent years, making them increasingly difficult to detect by the average user.”
“Organisations need to upgrade their secure e-mail gateways and add machine learning (ML) to better detect e-mail-borne threats, and add a tool such as content disarm and reconstruct to neutralise those threats. ML should also be added to the analysis part as it is able to consume and correlate far more data than human analysts can process.”
Speaking of other threats that organisations are facing today, Hadjizenonos says threat intelligence teams around the world have been tracking a significant increase in phishing attacks. “These attacks coincide with a temporary drop in more traditional attacks, indicating that attackers, like workers, are modifying their efforts in order to accommodate changes due to the pandemic.”
The number of employees that can tell the difference between a legitimate e-mail and a malicious one remains frighteningly low.
In addition, with more people now working from home, and connecting back into the office from their home networks, often using their personal computers, bad actors are looking to target these users’ devices to get a foothold into the corporate network or cloud.
“They attempt to lure unsuspecting victims into going to malicious sites, clicking on malicious links, or providing personal information via e-mail or over the phone. They do this by impersonating legitimate organisations, such as the Center for Disease Control and the World Health Organization, and offering fake informational updates, discounted masks and other supplies, and even promises of accelerated access to vaccines. Similar attacks target healthcare workers, political movements, or even the recently unemployed using the same sort of tactics.”
Speaking of how he sees the threat landscape evolving over the next five years, Hadjizenonos says over time, digital resources are increasingly interconnected.
“Malicious threat actors are capable of adapting very rapidly to their current surroundings, and are able to quickly penetrate systems which lack proper security implementations. And now, with significant improvements and innovations in computer hardware, software, and artificial intelligence, interconnectivity between systems has increased even further, which leads to a broader attack surface. We don’t see this trend changing over the years to come, with the potential attack surface of organisations continues to expand, and the speed and sophistication of cyber attacks continue to make defending the network ever more challenging.”
Moreover, he says secure access service edge (SASE) is an emerging enterprise strategy that combines network and security functions with WAN capabilities to support the dynamic, secure access needs of today’s organisations.
Unfortunately, there has been a lot of hype that has left some organisations wondering what exactly SASE is. Understanding the basic concepts and components of SASE is important, as the benefits can be significant for many organisations. Fortunately, getting to the bottom of this is easy, as many of the fundamentals of SASE – such as bringing networking and security together – are trends that customers have been gravitating to for years. Conceptually, SASE converges SD-WAN and network security services—including next-generation firewall, secure Web gateway, zero-trust network access, and cloud access security brokers - into a single service model.
Offering a piece of advice to organisations, Hadjizenonos says they need to secure every device that connects to their network whether it is on their trusted network or an un-trusted network such as the home networks of many remote workers.
“Businesses should already have a robust ransomware strategy in place and networks need to be segmented as part of a zero-trust network access strategy to limit the resources that can be impacted should a breach occur. Encrypted traffic traversing the organisation should be inspected to ensure that there is no malicious payload in that traffic.”
He adds that despite organisations pushing training, the number of employees that can tell the difference between a legitimate e-mail and a malicious one remains frighteningly low. “It is critical that any organisation’s secure e-mail gateway is capable of detecting and filtering out phishing attacks and spam, and eliminating malicious attachments.
And finally, without true visibility and control over everything in an organisations infrastructure, they will miss the threats when they breach their networks and may only find out about the breach when it is too late, ends Hadjizenonos.
* Maxtec in partnership with Fortinet was a silver sponsor of ITWeb Security Summit 2020, hosted as a virtual event from 25 to 28 August.