Why Work-From-Home Policies Became A Gold Rush For Cybercriminals

The chart below shows the alarming rise of companies searching for help with "Advanced Pen Testing Services" recently.  What caused the sudden uptick in searches from companies needing more sophisticated pen testing after June 2020?

The answer lies in the rapid redistribution of America's employee base from traditional offices to home offices. As COVID restrictions spread in 2020, the workforce found themselves mired in the challenges of working remotely. Many were working from their own device or personal PCs. IT departments struggled to fill the demand for laptops and other company-approved equipment and were granted remote access to company data.

Most remote workers began to access customer and company data from their personal devices connected to their home networks, the same network utilized by other home-bound family members. Security teams lacked visibility into these home networks and needed more resources to monitor the new adequately and hastily expanding attack surfaces.

Malicious threat actors quickly took note of these new opportunities that had materialized virtually overnight. Suddenly, in the rush of establishing countless home networks and new cloud environments, these smaller and less secure networks across the country become easy and plentiful targets through compromised devices and networks.

Consider the following findings from Forrester's September 2021 Report, Beyond Boundaries: The Future Of Cybersecurity In the New World of Work, where security and business leaders report increased risk due to:

• 80% moving business-critical functions to the cloud
• 80% enabling a remote workforce
• 61% expanding our software supply chain
• 59% moving non-business-critical functions to the cloud

Implementing a Zero-trust Architecture

According to a September 2021 report from Atlas VPN, "ransomware attacks are up 151% in the first half of 2021, compared to the same time in 2020." Weaknesses exposed in home networks (including connectivity and underlying infrastructure) contributed to the unprecedented increase in the number and severity of these types of attacks.

To defend themselves, many organizations have begun implementing a zero-trust architecture to help better secure network environments transformed and weakened by the remote workforce.

Zero Trust & Advanced Pen Testing - Stay Ahead of the Security Risks

Even if your organization has begun its Zero Trust journey, an Advanced Adversary Simulation (AAS) will test your existing security controls to ensure your infrastructure, people, and process are protecting your most valuable assets. 

An AAS team performs covert cyber red teaming to identify critical security weaknesses and tests security control assurance and capabilities. The goal is to gain unauthorized access into the targeted IT system(s), establish persistence, and demonstrate an ability to access sensitive data while evading detection. Knowing if your network monitoring, firewalls, endpoint security tools, SIEM, and other security tools are properly deployed is just as critical as understanding whether your team is responding appropriately to the alerts. 

At the end of an Advanced Adversary Simulation, the security team will have spent weeks occupying the mind of an attacker and amassed a slew of data. Results collected during these simulations are then compiled into actionable reports which reveal your organization's susceptibility to such elevated cyber-attacks designed to obtain your most sensitive information and the potential impact. These comprehensive reports clearly show what was found, how it was found and provide detailed, proven recommendations for remediation. Reports are typically supported with evidence in the form of narratives, screen captures, and detailed drawings indicating the times and paths of the simulated attacker. 

Advanced Adversary Simulation as a Proactive Measure

Using an advanced penetration service like Advanced Adversary Simulation, you'll discover if you have:

• Properly implement the controls for your protected surface
• Correctly configured your segmentation gateway
• Deployed your zero-trust architecture effectively

Listen to Security Consultant Brian Halbach answer questions on how organizations can be proactive and utilize advanced adversary simulation services to protect their security.

Q: What are some new defensive tactics to protect organizations against advanced emerging threats?

Brian: There are a number of new tools out there and kind of security philosophies. You hear more about the emergence of zero-trust, the digital transition to the cloud, which can also increase security when done properly and done correctly.

Having multiple security tools that you can rely on and, importantly, having a well-trained staff that knows how to use those new security tools is great. If you have all the greatest tools, but you don't have anybody sitting there and monitoring them, they could be shooting off alerts all day, and then, yup, you may know that an attacker may be there, but then how are you going to stop them?

So yeah, one of the best things to do is to invest in the tools and the proper training so that your company can stay secure.

Q: Are advanced adversary simulations an affordable option for organizations ready to take their existing security program to the next level?

Brian: Yes, this is generally an affordable option if you're investing in your security. It's one of those things where you need to be sure that what you've just invested in for your cloud security on-premise security is actually working. Yes, you may have installed it and it may be up and running, and you can see that it's doing something. But how do you know that it's going to stand up when you have an advanced attack hit you? Or how do you know what an advanced attack is going to look like now that you have all these defenses in place? 

And so one of the best ways to kind of prepare and know that yes, our defenses are working and yes, this is how we know that we can see an advanced attack happening, is to have an outside security firm come in and do a simulation so that you can see, all right, just try all the attack factors, see what can stick, see where our weaknesses are, see where we can improve.