Content 1. Major Security Threats on IT Security During Pandemic 2. How Should CISOs Safeguard their Businesses with Security Testing? 2.1 Proper Monitoring of Endpoints 2.2 Identify Threats & Vulnerabilities with Security Testing 2.3 Incorporate Secure Video Conferencing 2.4 Intelligent Identify and Access Management 2.5 Increased Bandwidth Allocation 2.6 Ensure Proper Configuration of Personal Devices 2.7 Multifactor Authentication (MFA) Bypass 2.8 Split Versus Full Tunnel VPN Visibility 3.Conclusion

Undoubtedly, the coronavirus pandemic has caused a massive crisis for mankind and made us all reconsider our perception of this new world. This COVID-19 has led to an unexpected change in human life with a series of lockdowns and social distancing norms. Along with these new norms, especially the IT world has been dragged into the adoption of the new normal – ‘WFH.’

The pandemic has forced masses to work remotely and this new alignment of work adjustment has expanded the security threat landscape. As employees try to adjust to the WFH, still it underlies many security risks and mandates the IT team’s support that is much needed to make this WFH process a success.

Moreover, along with WFH normal, VPN, remote connections, multi-factor authentication, and video conferencing tools have become an integral part of this newly formed work culture. The World Economic Forum stated that the world is entering a volatile and unstable new phase. Scientists are increasingly confident that the COVID-19 pandemic threat will persist, possibly for years.

Another recent survey of 100 CIOs in North America conducted by Hitachi ID and social research firm Pulse state that, 95% of the respondents admitted that their IT teams have been bogged down by remote working efficiencies during the COVID-19 crisis. Among the challenges, employee password lockouts were the top issue cited by 71% of those surveyed. Specifically, IT support is being hit with more requests for sign-in assistance on the part of employees.

Evidently, today companies grapple with the pandemic situation as they continue to face security threats by hackers and other cyber attackers during this current situation. Organizations are unable to balance their business as usual processes.

Major Security Threats on IT Security During Pandemic

Phishing Attack:

This is a common cybercrime seen everywhere today, in which a fraudulent attempt is made through emails to steal an employee’s personal information. These emails appear to come from well-known organizations and other links wherein people fall prey to them and will lose their security access details as they tend to open these emails.

According to a Cyber Defence Centre (CDC) report, employees are the new perimeter for security. Attackers too have not been left untouched by the pandemic and we’ve seen a sharp rise in Phishing scams in the last few months. From our CDC, our team has observed that attacks which were Covid-19 themed (including phishing and brute force) rose as much as 100%.

In another survey by cyber security firm Check Point, it has been stated that “Phishing attempts (55 percent) and websites claiming helpful information on coronavirus (32 percent) have emerged as the leading threats to the organizations, the respondents said.

In phishing attacks, a bad actor steals sensitive information by tricking people to open an email, instant message, or text message containing malicious links or attachments.” The findings showed that the rapid changes to enterprise working practices, and broader concerns about the pandemic, are both being exploited by cybercriminals as they step up their attacks, generating a raft of new challenges for security professionals.

Ransomware Attack:

This is a type of malicious attack by cybercriminals observed, as they block the user from accessing their data. This attack process consists of encrypting the files in their systems and deliberately adds extensions to the attacked data and holds the user as a hostage and demands a ransom to be paid. Interestingly, most ransomware gangs demand payment in bitcoins, the most high-profile cryptocurrency, although some began shifting their demands to other currencies as bitcoin’s popularity made its value more unpredictable.

According to a report by Cybersecurity Ventures, it has been stated that over the years, ransomware has grown from curiosity and an annoyance to a major crisis deeply twisted together with top-secret spy agencies. Ransomware cyberattacks are big business, so big in fact, that research anticipates a business is attacked by a cybercriminal every 11 seconds and damage costs from these attacks will hit around $20 billion by 2021.

Port Number & Network Footprint Attack:

Keeping in mind the remote work concept, many cyber attackers are actively looking to make changes in port numbers and thus attack their web traffic.

According to a Tech Target report, hackers are watching for changes in network footprints and exploring how they can exploit security gaps. Chief Information Security Officers (CISOs) need to be aware that any change on the networks should be essentially watched as they occur.

There are certain instances of VPN attacks seen during these days, as attackers closely see that a new VPN connection has been established and thus, try to find credentials of that particular organization on the dark web and try to attack it.

Remote Desktop Protocol (RPD) Attack:

As employees continue to work remotely, there is an increase in the number of systems with open RDP that can be potentially targeted. This RDP provides network access for a remote user over an encrypted channel.

The IT teams and network administrators use RDP to diagnose network issues, essentially use it for logging into servers, and also perform other remote actions. Specifically, cyber attackers use misconfigured RDP points to gain access to various networks.

Distributed Denial of Service (DDoS) Attack:

Downtime from these DDoS attacks is also reported by many organizations and is detrimental when seen with a large remote workforce. At times, there might be an unintentional DDoS attack when numerous users try to access the services at the same time.

Cyber-attack on Business Applications & Digital Solutions:

Today’s cyber-attacks have been ever-increasing and any sort of security breach adversely affects either applications or networks. These cyber-attacks might lead to the loss of customer data followed by loss of brand loyalty and sometimes might also lead to legal complications.

How Should CISOs Safeguard their Businesses with Security Testing?

Proper Monitoring of Endpoints:

With the new normal of WFH, employees should be made to assess, manage, and monitor their network endpoints to build trust in their systems. Employees should leverage Zero Trust Architecture to address the lateral threat network movement within a network by using micro-segmentation and granular perimeters enforcement.

Identify Threats & Vulnerabilities with Security Testing:

Organizations should embrace end-to-end security testing and application security testing leveraging security testing companies to protect their websites, apps and digital applications from phishing and ransomware attacks. Organizations should proactively detect vulnerabilities within the network to understand internet exposure and get to know the probable susceptibility to phishing attacks.

Incorporate Secure Video Conferencing:

Video conferences have become the new means of communication for remote employees working globally. It is important to use private and password protected meeting links to ensure security. New meeting Id’s and passwords should be generated to use a fresh with each session of the meeting in order to protect their sessions.

Intelligent Identify and Access Management:

It is essential for organizations to manage identities on the go when there is a complex ecosystem of stakeholders operating globally. Effective, comprehensive and automated identity management solutions ensure that only the right people have the necessary access to critical or confidential data, computers, networks, and other resources.

Increased Bandwidth Allocation:

In order to handle DDoS attacks, organizations should have increased bandwidth allocations ready, and it is important to temporarily disable unused services to allow more bandwidth. Employees should be discouraged from using live streaming services through a VPN.

Ensure Proper Configuration of Personal Devices:

It is essential that all employees have been set up with new VPNs or virtual desktops. They should ensure proper anti-virus to be installed in their systems even within their personal devices. When an employee downloads a VPN on to their laptop that has already been compromised with some malicious attack then they could easily spread the malware into the organization’s corporate network and hence care should be taken.

Multifactor Authentication (MFA) Bypass:

Organizations should implement MFA to reduce credential spraying attacks. Employees should be trained to identify and report unauthorized push notifications. It is essential for organizations to evaluate the risk tolerance even before taking up the MFA implementation methods.

Split Versus Full Tunnel VPN Visibility:

In case there are numerous remote workers available, then it is preferred for organizations to move from a full tunnel VPN configuration towards Split Tunneling. Full tunnelling VPN helps to see that all traffic traverses the VPN allowing web proxies to filter traffic and security teams will be able to identify unauthorized activity if any. While Split tunnelling may reduce this visibility unless proper endpoint agents are installed to ensure proper control.

Conclusion

The COVID-19 pandemic has invaded the mankind in different ways and enforced social distancing and made a mandate of new normal of WFH for all IT employees. This sort of new normal has led way to some security compromise and made it easy for hackers to attack employee systems and also IT networks.

Hence, in order to protect your business and the new normal of WFH, it is essential to leverage security testing services to ensure proper protection from threats and vulnerabilities. In addition, businesses should also follow password protection, Split or Full tunnel VPN and other methods of security measures to make sure remote workforce is secure and protected from any sort of vulnerabilities either at the system-level or at the network-level.

Talk to our Security testing experts and understand how we can help your business avoid such cyber threats

The post IT Security Measures CISOs Must Take During and Post Pandemic first appeared on TestingXperts.

Cyber-attacks continue to shake the IT world across industries and domains, collapsing critical applications, paralyzing traffic and networks of systems.

Contents 1. Types of cyber-attacks 2. What are DoS and DDoS Attacks? 3. Major types of DDoS Attacks 4. Most common forms of DDoS attacks 5. Why DDoS Attacks Occur? 6. Challenges faced with DDoS attacks 7. Some Recent DDoS Attacks 8. How to mitigate DDoS Attacks 9. Conclusion

There are many types of cyber-attacks and some of the most common are:

These continue to cause huge economic losses to organizations and businesses. The CXOs across businesses continue to be perplexed with these attacks and have to bear huge economic losses (even in the form of bitcoins) and network inaccessibility leading to loss of brand reputation.

What are DoS and DDoS Attacks?

DoS attack specifically is an attack by hackers wherein they use a computer or a set of computers to flood a server with TCP and UDP packets thus preventing users to have no access to their service.

A DDoS attack occurs when multiple systems try to attack the target system and finally succeed it by blocking their traffic and subsequently those systems become inaccessible to the users. Moreover, the targeted network is then attacked with a sudden influx of packets from numerous locations, thus leading to the attacked systems going offline for a particular period of time.

The larger the attack, it becomes difficult for businesses to recover. Interestingly, all DDoS attacks are DoS attacks but not all DoS attacks are of DDoS type.

Major types of DDoS Attacks:

Most common forms of DDoS attacks:

Why DDoS Attacks Occur?

There are various reasons why these cyber-attacks occur but they preferably try to attack enterprises in hope of some ransom (Extortion) in a way to extort money from them.

Malicious competitors might also be a reason for causing these types of attacks where they might grab your customers by placing your network down.  Some of the others are Hacktivism, Causing Trouble, Boredom, or might even be due to Disgruntled Employees.

These attacks mostly occur after identifying a vulnerability observed by hackers. At times, cybercriminals use automated bots to keep track of vulnerable websites and thus attack them. It has been a scaring fact to know that about 86% of web applications have at least one vulnerability and might have a chance for cyber-attack.

Challenges faced with DDoS attacks:

– The attacked systems become inaccessible to users

– There could be loss of critical user data or any other important business data

– Blocks e-commerce sites if attacked and stops transactions

– Affects brands and companies by causing economic loss

– Holds your actions on the site for a specific period of time and causes networks and system’s malfunctioning

Some Recent DDoS Attacks:

Markets and Markets, a leading market firm, states that the DDoS protection and mitigation market is expected to grow to $4.7 billion by 2024, up from $2.4 billion this year 2019. The report also shows that small and medium businesses have become their major targets due to their existing gaps and vulnerabilities in their systems.

How to mitigate DDoS Attacks:

1. Adopt A Web Application Firewall (WAF): 

Firewalls are the best way to protect the HTTP traffic between an application and the internet. In situations wherein a cybercriminal or a hacker targets a DDoS attack, WAF blocks all malicious attacks on the application. Specifically, WAF blocks malicious HTTP traffic before it reaches the actual site. Certain policies can be formulated to determine which IP addresses could be blacklisted or which of the IP addresses should be whitelisted using WAF.

2. Patch up Network Security by Configuring with Firewalls and Routers:

There are many entry points into the networks that should be blocked by using configurable firewalls and routers. If a firewall is used, it helps in detecting the IP addresses that attack while routers have DDoS protection settings and filters that can be used to control access of protocols.

3. Scrutinize Networks with Regular Security Audits:

Frequent network security audits should be conducted by organizations, and it should be mandated to follow these audits. The strength of the password should be followed and software updates should be taken up across systems periodically. These security audits help to reveal how vulnerable is the organization’s network to threats!

4. Plan and Build an Incident Response Plan:

In order to protect your network and applications from cyber-attacks, it is important to develop an incident response plan that details various technologies and protocols necessary to protect from DDoS attacks.

5. Follow an Effective and Secure Software Development Lifecycle:

While the application is still in the development phase, it is essential to embed cyber-security options as a core component of SDLC. Most of the apps continue to be an easy point for hackers post-production, and hence it is essential to follow several SDLC protocols to protect applications from these attacks.

Conclusion:

Businesses should take up the right protective measures to safeguard applications using (WAF) firewalls. It is essential to be pro-active and be ready with a well-defined incident response plans to mitigate any possible cyber-attacks and protect your network and applications from them. Loss of critical data, inaccessible network, damage to brand reputation should be mitigated by embracing web application security testing from QA security testing experts.

The post What are DDoS attacks and How to Mitigate them first appeared on TestingXperts.