Alex Cunningham, October 1, 2021
In our first installation of FinTech Conversations, Advisor360° Chief Information Security Officer Alex Cunningham and Michael Szabados, Chief Operating Officer of NETSCOUT, talk about the increase in enterprise-level cybersecurity attacks amid the shift to permanently remote and dispersed workforces. As we redefine “the workplace,” companies must examine whether they are managing and securing their networks adequately to defend against increased attacks from bad actors.
Alex Cunningham: Michael, one of the most talked-about changes brought about by the pandemic is the shift to remote workforces. What was once a lockdown necessity is now part of a new work culture at some level. What has been NETSCOUT’s back-to-work approach?
Michael Szabados: Like it or not, the hybrid of remote/on-site workforce model is here to stay. NETSCOUT is back to about 25% of our workforce on-site at the office. I don’t think we’ll get back to 100%, but we’ll probably end up at around 75% in the office.
I know the popular narrative is that “people working from home are more productive,” but I’m a firm believer that workplace culture is tied to the ad hoc communications that result from in-person interactions, whether scheduled or impromptu. Think about the 30-second office pop-in, getting lunch with a colleague… those moments of collaboration and creativity can’t be replicated through a stream of scheduled videoconference meetings. As I see it, the downsides to remote work are a negative impact on organizational efficiency and the increased risk of a security event. And we are seeing that occur for companies everywhere.
Alex: I agree that it’s easier to monitor and secure technology when the majority of the workforce is in the office. As security practitioners, we also need to ensure we’re protecting our information assets regardless of where our staff are and what devices they use, in some cases. Many companies are discovering the hard way that the all-remote all-the-time workplace has its unique security risks. Cultivating a culture of security awareness with a remote workforce, for example, can be challenging! Not only do employees need to understand how to use the company technology, but they also need to understand their own technology at home and that it is also potentially being used against them by bad actors.
Talk to me about the cybersecurity trends you’re seeing globally that are a result of the remote workforce shift.
Michael: The pandemic forced a rapid migration of workforces to home and workloads to the cloud. As a result, the use of virtual private networks, VPNs, is also way up. This has increased the fragility of company defenses everywhere because a dispersed environment is simply harder to keep secure and protected. For organizations large and small with dispersed and distributed infrastructures, the #1 challenge has become network security.
The increased dependence on VPNs is putting a tremendous burden on their capacity and performance, making them more susceptible to DDoS attacks. A distributed denial-of-service (DDoS) attack happens when cybercriminals bring down a company server, network, or VPN by exhausting resources with more requests than these systems can handle.
These attacks can be tricky to detect because they do not always register in terms of extra volume. Many times, these attacks are very small in size, but are nonetheless specially crafted to impact the availability of their targets. Also, in many cases, the DDoS attack is part of a pre-designed ransomware or data exfiltration campaign, which uses a DDoS attack designed to distract the target. And the bad actors behind these attacks have no problem waiting—sometimes months or years—in order to avoid detection, because they can do damage quickly once the attack starts.
Alex: Yes, it’s not just DDoS attacks that are increasing in frequency and intensity, but sophisticated, multi-layered attacks are also on the rise. We should never be focused on just one type of threat because cybercriminals have multiple tools available to them. Bad actors continue to find new and inventive ways to attack—I’m hearing about increasing usage of double and triple extortion tactics, for example.
Michael: The pandemic has absolutely accelerated some of the types of attacks that were already on the uptick. As I said before, highly sophisticated criminal networks use DDoS as a diversion tactic, so while an organization is busy fending off the DDoS, the attackers coordinate the data theft.
DDoS attacks are also being used for cyber extortion. We’ve seen a major increase in this tactic during the pandemic and are still seeing it occur today on a worldwide basis. As you said, you’ve heard of double extortion. These are ransomware breaches where the criminals first hold an organization’s data hostage with encryption, and also threaten to leak or sell their exfiltrated data unless paid. These ransomware gangs are now adding DDoS attacks to their campaigns to triple extort their victims.
Alex: We’ve seen recently that cybercriminals have been reaching their intended targets by infiltrating commonly used software or solutions first and exploiting those weaknesses as a way of gaining unauthorized access to an organization’s network. But while the intensity of the game may have changed, it seems like their motivations are mostly still the same. What are your thoughts on the best approach to defending against cybersecurity attacks these days?
Michael: One thing that hasn’t changed is that companies need IT solutions that are free from vulnerabilities, and these solutions must be scalable and trustworthy. Without this, how can you trust that your network is secure? So how do you get there? First, you must have full visibility into your network. If you can’t see it, you can’t prevent it. NETSCOUT goes to great lengths to help our clients have the utmost visibility across their entire digital enterprise. And second, companies need security protection at the perimeter of their network—we use Arbor Edge Defense (AED)—to automatically detect and mitigate inbound and outbound attacks or indicators of compromise (IoC). Situated on the customer premises, between the internet router and firewall, AED protects data going in and out—essentially acting as a first and last line of defense for organizations.
Finally, there’s no question that devices on the customer premises are more responsive than cloud-based solutions that are remote. Of course, you need the cloud-based solutions, but they are not enough. Think of it this way, in today’s remote work world, companies need the belt and the suspenders to keep their networks secure.
Alex: That makes perfect sense. Strong analytic capabilities are also key to understanding what’s normal activity on your network and better identifying what’s not. In keeping information assets secure across a dispersed workforce, we need to make sure our defenses are built on a strong foundation regardless of geographical location. Good stuff, thanks for your time, Michael.
You might also be interested in this blog post by Alex Cunningham: How to build a people-centric information security ethos.
NETSCOUT protects enterprises from cyberattack disruptions and solves their most challenging network performance and security problems. Using its patented and proprietary Smart Data technology and continuous monitoring, NETSCOUT provides real-time, pervasive visibility, and the insights customers need to accelerate and secure their digital transformation.
Alex Cunningham is Senior Vice President, Chief Information Security Officer at Advisor360°. He leads the Information Security team in protecting the Advisor360° enterprise, keeping all company and client data safe and secure.