Work From Home Was The Sprint, Now Comes The Security Marathon

66
8971

The last few months have seen enterprise IT changes at lightning speed. The pace is unlikely to slow.

As the pandemic led to national stay-at-home orders, hundreds of millions of workers suddenly found themselves working from home. As internet traffic increases, it’s not only coming from an increased number of remote workers but also from a spike in online video streaming and gaming.

Companies needed to expand and transform their application availability and security perimeters overnight to address the surge in external application traffic and increased security demands. At Radware, many of our large enterprise customers turned to us during this time for guidance on how to maintain business continuity with minimal disruptions under these extreme conditions.

Cloud providers can provide virtually infinite scalability, and we’re seeing many companies accelerate their investment into public environments. At the same time, the increase in working from home has expanded the attack surface, with more people working from desktops on unsecured home networks.

These trends will endure. And it’s time for security teams to develop long-term strategies.

[You may also like: There’s No Silver Bullet to Deal with Cyberattacks]

Attackers Take Advantage Of Chaos

Unfortunately, many companies’ business continuity plans did not envision the effects of the pandemic. Rather, they were focused on disasters that shuttered offices but allowed them to work at backup sites. With many organizations unprepared, attackers have stepped up their responses, and a number of trends will likely continue in the future:

• Expect more zero-day attacks. Most hackers don’t have the technical skills to deploy and exploit zero-day vulnerabilities. Instead, they typically buy tools from organized crime groups. But we’re seeing more zero-day attacks this past year, particularly as it relates to the theft of intellectual property against high-value targets. That tells us that well-funded organized crime groups and nation-state level intrusion teams (the only groups that are likely to have access to zero-day hacks) are taking advantage of the chaos in enterprise IT.

• DDoS attacks are likely to become more prevalent. In March, our cloud DDoS (distributed denial-of-service) mitigation systems blocked 300,000 attacks globally, representing a two-fold increase over February. Increased reliance on SSL (Secure Sockets Layer) connections may make it easier to launch successful attacks with fewer resources because the resources required by the server to handle the handshake are significantly greater than those required by the initiator. 

[You may also like: Why You Should Reconsider DDoS Mitigation from Public Cloud Providers]

• Phishing scams and credential theft are much riskier. When the U.S. government announced that it would send $1,200 to adults in the U.S. as part of a pandemic economic response plan, we saw a wave of phishing scams and attempted credential theft. In Germany, the failure to put in place a citizen verification procedure allowed fraudsters to steal millions of euros during the crisis. When businesses rely on remote access and public clouds, stolen credentials offer the keys to the kingdom. Security teams need full visibility into their cloud environments to ensure that the principle of least privilege is being followed.

• Where business goes, bots will follow. As businesses increasingly rely on e-commerce, expect to see an increase in malicious bot traffic, which can tie up inventory, conduct price arbitrage and scrape content.

Security For The Long Haul 

The changes brought about by the pandemic are the new normal. When the global economy gets back to work, it’s likely that fewer people will return to offices and more people will work from home. The changes in the enterprise IT environment mean that the threat landscape will also evolve.

Many IT teams are still handling the massive capacity increases and now must also refocus their attention to long-term safety and security of their networks. Here are a few places to start: 

• Develop a pervasive and regular employee cybersecurity training program.  Through regular cybersecurity training, employees can better identify and react to threats. This should include information about phishing, password protection, etc.

[You may also like: Security Jobs: What’s Hot and What’s Cooling]

• Automate cybersecurity incident responses with security orchestration.  Cybersecurity hackers are using automation to boost their attacks, and organizations must counter this by automating their defenses and orchestrating their security policies. Automating incident response activities improves the efficiency and effectiveness of incident response.

• Use machine learning to automate tasks. Rely on algorithms to perform tedious and repetitive tasks. This allows security analysts to be freed up to focus on higher priority responsibilities.

It’s important that executive management heads up the creation of the company’s long-term security plan, and it’s vital to communicate the value and investment of automation and orchestration.

[You may also like: 4 Tips for Securing Your Public Cloud for Remote Work]

Best Practices For The Long Term

• Keep your company productive. The first priority is to keep your company productive in the short-term, which means keeping applications available. In the aftermath of the pandemic, organizations will continue to support remote access to applications to keep people productive.

• Ensure VPNs are available. Virtual private networks (VPNs) may need to be updated to accommodate larger volumes of people and traffic. To protect against a loss of connectivity, VPNs should be redundantly clustered.

[You may also like: How to Protect Your VPN: Lessons From a DDoS Attack Test]

• Invest in IT security tools. The best IT security strategy covers your company for the long term. This means investing in security tools that use artificial intelligence (AI) and positive security models to identify zero-day attacks and partial decryption of SSL traffic for DDoS mitigation. 

The decisions and tools that organizations choose now, and the training they provide to their employees, will have enduring effects on security for years to come. It’s crucial that companies get it right.

Note: A version of this article originally appeared on Forbes.com.

Read Radware’s “2019-2020 Global Application & Network Security Report” to learn more.

Download Now

Previous articleCracking Passwords and Taking Over User Accounts
Next articleSeven L7 DDoS Attacks to Watch Out For
Anna Convery-Pelletier joined Radware as the Chief Marketing officer in December 2016. As a member of the executive leadership team, she leads the global marketing organization, which consists of the corporate, product, field and channel marketing teams. Ms. Convery is responsible for the marketing strategy that shapes the future of the Radware brand while directly increasing the marketing contribution to drive revenue and increase market share. Prior to Radware, Ms. Convery held the position of Chief Marketing Officer and Executive Vice President of Strategy for OpenSpan Inc. (now Pega Systems Inc.) for five years. Ms. Convery has more than 25 years’ experience in enterprise technology, helping FORTUNE 500 companies drive operational and financial excellence, leveraging technology innovation to deliver digital transformation and world-class customer experience. At OpenSpan, Ms. Convery’s responsibilities included global go-to-market strategy and strategic enterprise growth for the company. Prior to OpenSpan, Ms. Convery held senior executive roles at NICE Systems Ltd., ClickFox, Inc., and Nexidia Inc., as well as global marketing and business development roles at IBM Corporation, Jacada Ltd. and Unibol Inc. Named a “Woman of the Year in Technology” by Women in Technology (WIT), Ms. Convery has received numerous industry awards and is a respected customer experience and enterprise transformation thought leader.

66 COMMENTS

  1. Thanks for the detailed article Anna!
    All points are valid and I totally agree that regular employee cybersecurity training programs are a must!
    Indeed we are all in a Marathon now or maybe even a Triathlon…
    Stay Safe and Be Smart!!!

  2. whoah this blog is wonderful i like studying your posts.
    Keep up the great work! You know, a lot of people are hunting around for
    this info, you can aid them greatly.

  3. Arlo is a smartphone app developed by NETGEAR that helps you take control of the P2P camera and monitor the camera. With Arlo, you can easily change camera mode, access camera feed, monitor your house or office real-time remotely, and much more

  4. Hi there very cool blog!! Guy .. Excellent ..
    Superb .. I’ll bookmark your blog and take the feeds also?
    I’m happy to seek out so many helpful info right here within the publish, we’d like develop extra techniques
    on this regard, thank you for sharing. . . . . .

  5. Great goods from you, man. I have keep in mind your stuff prior to
    and you are simply too magnificent. I actually
    like what you’ve bought right here, really like what you’re stating
    and the way in which in which you say it. You are making
    it enjoyable and you still care for to stay it smart. I can not wait to
    learn much more from you. This is actually a great site.

  6. Hey there great blog! Does running a blog such as this take a large amount of work?
    I have absolutely no knowledge of computer programming however I was hoping to start my own blog soon. Anyway, should you have any recommendations
    or techniques for new blog owners please share.
    I know this is off subject however I simply wanted to ask.

    Cheers!

  7. I do agree with all of the ideas you have introduced in your post.
    They are really convincing and can certainly
    work. Nonetheless, the posts are too short for beginners.

    May just you please extend them a little from subsequent time?
    Thanks for the post.

  8. Thanks , I have just been searching for info approximately this subject
    for a long time and yours is the greatest I’ve discovered till now.
    However, what concerning the bottom line? Are you positive in regards to the supply?

  9. Hi I am so excited I found your web site, I really found
    you by error, while I was searching on Askjeeve for something else, Anyhow I am here now and would just
    like to say thanks a lot for a fantastic post and a all round thrilling blog (I also love the theme/design), I don’t have time to read it all at the minute but I have saved it and also added
    in your RSS feeds, so when I have time I will be back to read a great deal more, Please
    do keep up the superb work.

  10. Fantastic beat ! I wish to apprentice whilst you amend your site, how could i subscribe
    for a weblog web site? The account helped me a applicable
    deal. I had been a little bit familiar of this your broadcast offered vibrant clear concept

  11. May I simply just say what a comfort to find somebody who genuinely knows what they
    are talking about over the internet. You actually know how to bring a problem to light and make it important.

    A lot more people ought to look at this and understand this side of the story.

    I was surprised that you are not more popular because you most
    certainly have the gift.

  12. The Illuminati is an elite organization of world leaders, business authorities, innovators, artists, and
    other influential members of this planet. Our coalition unites influencers of
    all political, religious, and geographical backgrounds
    to further the prosperity of the human species as a whole.

    Contact us
    Phone: +14433517928

  13. Ꮤhat’s Happening і аm new tο this, I stumbled սpon tһіs Ι hace fοund It aƄsolutely սseful and
    iit has aided mе out loads. I’m hoping to gіve
    a contribution & aid ԁifferent customers ⅼike its helped me.

    Grsat job.

  14. Have you ever thought about writing an e-book or guest authoring on other blogs?

    I have a blog centered on the same information you discuss and would love to have you share some stories/information. I know
    my readers would enjoy your work. If you are even remotely
    interested, feel free to send me an e-mail.

  15. Hi terrific website! Does running a blog like this take a great deal of work?
    I’ve very little knowledge of programming however I was hoping to start my own blog in the near future.

    Anyways, should you have any recommendations
    or tips for new blog owners please share. I understand this
    is off topic but I simply wanted to ask. Kudos!

  16. It’s a shame you don’t have a donate button! I’d certainly
    donate to this fantastic blog! I suppose
    for now i’ll settle for bookmarking and adding your RSS feed to my Google
    account. I look forward to brand new updates and will share
    this blog with my Facebook group. Chat soon!

  17. Admiring the dedication you put into your blog and detailed information you
    provide. It’s awesome to come across a blog every once in a
    while that isn’t the same old rehashed material.
    Great read! I’ve bookmarked your site and
    I’m including your RSS feeds to my Google account.

  18. I like the helpful information you provide to your articles.

    I’ll bookmark your blog and test again right here frequently.
    I’m quite certain I’ll be informed lots of new stuff proper here!
    Good luck for the next!

  19. Therefore, for therapeutics, an animal or a human, suspected of
    having a disease or disorder can be treated by administering molecules in accordance with this disclosure.
    While animal studies can be performed to determine toxicity, it is neither ethically nor economically
    desirable to perform animal studies where a large number of animals die due to a large
    number of the molecules being tested having toxic
    properties. There are more possibilities here than we can possibly cover, but
    some suggestions include having your partner “clean up” your grool with their mouth and tongue.
    We have gathered here the best and most gorgeous looking naked webcam TS models, who they proved in time that they have a
    burning desire to seduce and sexy chatting with their fans.
    You sound like a sensitive, thoughtful person who loves your
    friend very much. Sundance Institute Terry “Hulk Hogan” Bollea sued Gawker after the publication posted bits of a sex tape involving
    him and a friend. It is one of the largest community of sex
    swingers and sex seekers like you.

  20. Thanks for a marvelous posting! I really enjoyed reading it, you happen to be a great
    author.I will make sure to bookmark your blog and definitely will come back at some point.
    I want to encourage that you continue your great
    posts, have a nice holiday weekend!

  21. This is the right web site for anybody who hopes to find out about this topic.
    You understand a whole lot its almost tough to argue with you (not
    that I actually would want to…HaHa). You definitely put a fresh spin on a topic that has been discussed for years.
    Wonderful stuff, just great!

  22. Unquestionably believe that which you said.

    Your favorite justification seemed to be on the internet the easiest thing to be aware of.
    I say to you, I definitely get annoyed while people think about worries that they
    just don’t know about. You managed to hit the nail upon the top as well as defined out the whole thing without
    having side-effects , people can take a signal.
    Will likely be back to get more. Thanks

  23. It’s actually very complicated in this active life to
    listen news on Television, so I only use world wide web for that purpose, and get the hottest information.

  24. Hello there, just became alert to your blog through Google, and
    found that it’s truly informative. I am gonna watch out for brussels.
    I’ll be grateful if you continue this in future. Numerous people will be benefited from your writing.
    Cheers!

LEAVE A REPLY

Please enter your comment!
Please enter your name here