News Articles

Work From Home Was The Sprint, Now Comes The Security Marathon

Source: Radware, 04/09/2020

As the pandemic led to national stay-at-home orders, hundreds of millions of workers suddenly found themselves working from home. As internet traffic increases, it’s not only coming from an increased number of remote workers but also from a spike in online video streaming and gaming.

Companies needed to expand and transform their application availability and security perimeters overnight to address the surge in external application traffic and increased security demands. At Radware, many of our large enterprise customers turned to us during this time for guidance on how to maintain business continuity with minimal disruptions under these extreme conditions.
Cloud providers can provide virtually infinite scalability, and we’re seeing many companies accelerate their investment into public environments. At the same time, the increase in working from home has expanded the attack surface, with more people working from desktops on unsecured home networks.
These trends will endure. And it’s time for security teams to develop long-term strategies.
Attackers Take Advantage Of Chaos
Unfortunately, many companies’ business continuity plans did not envision the effects of the pandemic. Rather, they were focused on disasters that shuttered offices but allowed them to work at backup sites. With many organizations unprepared, attackers have stepped up their responses, and a number of trends will likely continue in the future:
• Expect more zero-day attacks. Most hackers don’t have the technical skills to deploy and exploit zero-day vulnerabilities. Instead, they typically buy tools from organized crime groups. But we’re seeing more zero-day attacks this past year, particularly as it relates to the theft of intellectual property against high-value targets. That tells us that well-funded organized crime groups and nation-state level intrusion teams (the only groups that are likely to have access to zero-day hacks) are taking advantage of the chaos in enterprise IT.
• DDoS attacks are likely to become more prevalent. In March, our cloud DDoS (distributed denial-of-service) mitigation systems blocked 300,000 attacks globally, representing a two-fold increase over February. Increased reliance on SSL (Secure Sockets Layer) connections may make it easier to launch successful attacks with fewer resources because the resources required by the server to handle the handshake are significantly greater than those required by the initiator.
• Phishing scams and credential theft are much riskier. When the U.S. government announced that it would send $1,200 to adults in the U.S. as part of a pandemic economic response plan, we saw a wave of phishing scams and attempted credential theft. In Germany, the failure to put in place a citizen verification procedure allowed fraudsters to steal millions of euros during the crisis. When businesses rely on remote access and public clouds, stolen credentials offer the keys to the kingdom. Security teams need full visibility into their cloud environments to ensure that the principle of least privilege is being followed.
• Where business goes, bots will follow. As businesses increasingly rely on e-commerce, expect to see an increase in malicious bot traffic, which can tie up inventory, conduct price arbitrage and scrape content.

Security For The Long Haul
The changes brought about by the pandemic are the new normal. When the global economy gets back to work, it’s likely that fewer people will return to offices and more people will work from home. The changes in the enterprise IT environment mean that the threat landscape will also evolve.
Many IT teams are still handling the massive capacity increases and now must also refocus their attention to long-term safety and security of their networks. Here are a few places to start:
• Develop a pervasive and regular employee cybersecurity training program. Through regular cybersecurity training, employees can better identify and react to threats. This should include information about phishing, password protection, etc.
• Automate cybersecurity incident responses with security orchestration. Cybersecurity hackers are using automation to boost their attacks, and organizations must counter this by automating their defenses and orchestrating their security policies. Automating incident response activities improves the efficiency and effectiveness of incident response.
• Use machine learning to automate tasks. Rely on algorithms to perform tedious and repetitive tasks. This allows security analysts to be freed up to focus on higher priority responsibilities.
It’s important that executive management heads up the creation of the company’s long-term security plan, and it’s vital to communicate the value and investment of automation and orchestration.
Best Practices For The Long Term
• Keep your company productive. The first priority is to keep your company productive in the short-term, which means keeping applications available. In the aftermath of the pandemic, organizations will continue to support remote access to applications to keep people productive.
• Ensure VPNs are available. Virtual private networks (VPNs) may need to be updated to accommodate larger volumes of people and traffic. To protect against a loss of connectivity, VPNs should be redundantly clustered.
• Invest in IT security tools. The best IT security strategy covers your company for the long term. This means investing in security tools that use artificial intelligence (AI) and positive security models to identify zero-day attacks and partial decryption of SSL traffic for DDoS mitigation.


  •    * *A draft law by the Gauteng provincial government seeks to ban foreign nationals from opening and operating certain businesses in the province`s townships. * * *The proposal sparked praise and criticism, with social media users expressing concern that it may help fan the flames of xenophobia.... Read more...
  •    A long list of countries will be red-listed by South Africa, ministers announced on Wednesday, including the USA and UK. • `Ordinary` travellers ` tourists without business in SA ` will not be allowed from those countries. • Risk levels for other countries will be determined relative to SA`s rate of infection spread and deaths: high-risk countries are those with higher levels than SA. • Everyone travelling to SA will be required to show a recent, negative test for the coronavirus, and must have travel insurance in place.... Read more...
  •    It has taken four years of legal battles ` but now, if you were born in South Africa to foreign parents, you can apply for citizenship. It has been an “agonizing journey” for those who consider South Africa to be their only home.The department of home affairs’ opposition to the court bid by five adults, representing others in a similar situation, for the vindication of their rights, was dealt a death blow by the Constitutional Court last week. The court simply ruled that it would not hear any further argument on the matter.... Read more...
  •    South Africa`s borders open for all foreign travellers on Thursday, and airlines already have flights lined up. But there is still no list of countries for which travel restrictions will apply, based on their level of coronavirus risk.... Read more...
  •    A honeypot created by Cybereason to lure cybercriminals and analyze their methods showed that ransomware attacks infiltrate their victims in multiple stages.... Read more...
  •    A honeypot created by Cybereason to lure cybercriminals and analyze their methods showed that ransomware attacks infiltrate their victims in multiple stages.... Read more...
  •    The Gauteng government has published the Gauteng Township Economic Development Draft Bill for public comment. First announced in the 2019 State of the Province Address, the bill seeks to enhance the regulatory management of the township economy to ease the regulatory burden on local enterprises.... Read more...
  •    Security experts have given an insight into how a targeted ransomware attack took down the network of a food and drink manufacturer after hackers took advantage of common security vulnerabilities. The crooks used a phishing attack and took advantage of a number of vulnerabilities ` from old hardware to default passwords ` to first deploy Emotet and Trickbot malware before delivering the Ryuk ransomware and attempting to extort a fee from the victim to restore the network.... Read more...
  •    Ransomware has been one of the most prolific cyber threats facing the world throughout 2019, and it`s unlikely to stop being a menace any time soon.... Read more...
  •    The cabinet’s decision to open the country’s borders on 1 October 2020 to “most” countries is a significant milestone in placing the sector on the irreversible path towards full recovery, says Tourism minister Mmamoloko Kubayi-Ngubane.... Read more...

Get the latest Immigration News