One of the biggest changes that the pandemic has created for enterprises is the need to incorporate digital strategies that support remote connectivity. Whereas IT and security teams didn’t necessarily need strong collaboration to support a limited number of remote devices and workers before the pandemic, that’s no longer the case.
Not only are enterprises still supporting remote work initiatives, but they’re also increasingly expecting that remote work is now the rule, as opposed to the exception. Meanwhile, cyber attackers also have continued to react and adjust to these changes, resulting in more varied attacks that target enterprise networks.
This can clearly be seen through the use of Triple Extortion attacks, which combine Ransomware-as-a-Service (RaaS) and DDoS extortion to increase the odds of the extortion payment. The triple extortion attempt consists of:
- Encrypting data with ransomware and demanding payment for a decryption key
- Stealing data with the threat to expose or sell publicly unless payment is received and
- The attacker launches a Distributed Denial of Service (DDoS) attack to prove the seriousness of the threat, block communication to internal network resources and overwhelm security teams.
Attackers also have amplified the seriousness of such attacks by waging attacks against devices that enterprises are using to support remote work initiatives. This includes everything from attacking VPN concentrators to brute force Remote Desktop Protocol (RDP) attacks. The end result is that enterprises are not only experiencing a substantial increase in attacks overall, but they’re also being hit with secondary and tertiary attacks as well.
The Changing Role of Cyber Resiliency
Not surprisingly, the increases and changes to the attack vectors have required enterprises to rethink their approach to cyber resiliency; or their ability to predict, resist, recover from, and adapt to attacks. While developing a cyber resiliency plan was viewed as more of a security initiative before the pandemic, all of the changes enterprise IT and security have undergone has likewise transitioned cyber resiliency to a much-needed business strategy.
That strategy dictates a company’s ability to predict, resist, recover from and adapt to the massive changes in cyberattacks. Cyber resiliency requires visibility across the entire enterprise – including how a business operates, its value chain, the flow of data and information across the enterprise, and the identification of critical applications and systems.
When done correctly, cyber resiliency improves a company’s ability to identify and measure risk, while also improving visibility for both IT and security teams tasked with protecting company resources. To incorporate cyber resiliency as a business strategy, companies should look for scalable solutions that use curated threat intelligence data to identify potential threats.
Organizations should have comprehensive packet level visibility into all internal east-west network traffic, no matter where the internal network may reside (e.g. inside corporate walls or in a public cloud) to identify anomalous behavior and attacker lateral movement. In addition, organizations need packet level visibility into north-south traffic at the network edge, where they can both detect and block cyber threats.
To learn more about how to make cyber resiliency part of your company’s business strategy, read the new white paper, Why Cyber Resilience Is Needed In The Post-Pandemic World, or reach out today to learn more from one of our security experts.
Originally published on the Netscout blog, December 9, 2021.