Connect with us

Expert Speak

Hybrid Workforce Needs Cybersecurity Rollout from Day One

Published

4 years ago

on

Written by Ali Sleiman, Regional Technical Director, Middle East & Africa at Infoblox

The hybrid workforce is a permanent reality for most companies these days. The sudden onset of the pandemic and associated shutdowns gave organizations very little time to prepare for such large-scale remote work, let alone time to think about how to secure their ‘work from home’ users who still needed to access enterprise applications in the cloud, and work with and store corporate data on their devices.

Security teams now have to think about protecting corporate resources and data as employees are working outside the corporate perimeter. The pandemic, widespread remote work, and the adoption of new technologies have brought in changes that traditional network architectures cannot deal with. The existing paradigm where the security stack is located within the corporate network is no longer sufficient to protect these teleworkers.

Teleworking also exposes the company to a much broader attack surface, as workers add personal devices and home and public Wi-Fi networks to the corporate network. The internet, cloud technologies, and the onslaught of wireless all contribute to a massive increase in the attack surface. This requires a different security skillset and an increased awareness of the vulnerabilities of today’s IT environment.

Bad actors are taking advantage of the chaotic nature of these times, by launching coronavirus-themed cyber-attacks and impersonating well-known websites that try to provide useful, timely information for the general public. Indeed, COVID-19 has become the subject of choice for phishing and spear-phishing campaigns that seek to take advantage of the heightened level of fear and concern.

In this scenario, cybersecurity needs to be rolled out from day one, or else companies and their employees will be at serious risk from partially secured cloud deployments, data breaches, insecure applications, and remote locations where the security and management of the remote user and the local branch LAN are often ignored, leaving end-users vulnerable.

In many cases employees working remotely ignore basic cyber hygiene rules like updating the operating system, using an effective antivirus or strong passwords, and backing up data regularly. However, companies also have a responsibility to have structured security policies that address all security gaps. These need to be implemented and adhered to by all employees.

Remote workers and end-users will likely be active on a variety of mobile devices, home networks, and public Wi-Fi networks, which make them more likely to face cyberattacks. Leveraging the position a core technology like DNS security has in the network, can play a critical role in preventing attacks like lookalike domains, DOH/DOT, data exfiltration, and content vulnerabilities. Without a security control, that can monitor such risks, teleworkers will be more easily targeted and vulnerable to attacks, especially in an age where character substitution is increasingly employed by cybercriminals to manipulate users into exposing credit card numbers, passwords, and other sensitive data.

End-users will always have the primary responsibility of being aware of increasingly sophisticated cyber threats, provided the organization provides proper education and training and enforces security policies. It is important to consider the risks in consumer-grade Wi-Fi connections, as home routers are usually not secure or patched. There are also risks in using shared documents on cloud folders. Additionally, home browsers configured with plug-ins and certain applications may introduce substantial risk. CISOs should consider implementing technologies that include a lightweight endpoint agent that helps end-users with all of these vulnerabilities and more.

While there are a number of different solutions available to protect remote workers, one of the best and most cost-effective is DDI (DNS, DHCP, IPAM). DNS is the foundation of the Internet and so every connection to the Internet goes through it, making it an ideal service that can be used to secure the network. In the corporate environment, DNS is often provisioned by the internal security team, but when working from home, employees typically use public DNS or DNS provided by their service providers – both of which seldom do security enforcement on DNS.

Today’s security decision-makers need to have a variety of skills, and an ability to understand the impact that new technologies like SDN, SD-WAN, Multi-cloud, and Network Functions Virtualization (NFV) have on their ability to assess the risk of such deployments and respond with the right security models like Zero-Trust and cybersecurity tools for the organization.

Related Topics:
Continue Reading

Artificial Intelligence

How AI is Reinventing Cybersecurity for the Automotive Industry

Published

4 weeks ago

on

April 23, 2025

By

Written by Alain Penel, VP of Middle East, CIS & Turkey at Fortinet (more…)

Continue Reading

Cyber Security

Positive Technologies Study Reveals Successful Cyberattacks Nett 5X Profits

Published

2 months ago

on

March 25, 2025

By

Positive Technologies has released a study on the dark web market, analysing prices for illegal cybersecurity services and products, as well as the costs incurred by cybercriminals to carry out attacks. The most expensive type of malware is ransomware, with a median cost of $7,500. Zero-day exploits are particularly valuable, often being sold for millions of dollars. However, the net profit from a successful cyberattack can be five times the cost of organizing it.

Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.

Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.

Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.

Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”

Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.

Continue Reading

Expert Speak

What the Bybit Hack Reveals About the Future of Crypto Security

Published

2 months ago

on

March 8, 2025

By

Written by Oded Vanunu, Chief Technologist & Head of Product Vulnerability Research at Check Point (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.