Tech
“Good riddance, 2020. I’m so glad to get that year behind us so we can get back to normal!” is a phrase you may have uttered more than once. The last year has been hard; that’s undeniable, but from a cybersecurity perspective at least, few things have changed. The cyber threat landscape, the threat actors, the state-sponsored hacker groups, and the malware they produce do not care what year it is, or even that it’s not the same year anymore.
Exchange Hack
Quickly on the heels of several other state-sponsored attacks such as Solarwinds, we got the zero-day Exchange hack. Krebs-On-Security estimates that there were nearly 30,000 on-premises Microsoft Exchange systems targeted and installed with persistent malware to exfiltrate data. Once identified, Microsoft immediately released a patch, followed by a workaround for organizations that were simply not able to patch quickly enough. Not only has this attack highlighted for many organizations that patching is still the cornerstone of a comprehensive cybersecurity policy, many also were surprised to find out they still had Exchange within their company while being on Office 365 for years. The severity of this vulnerability also became a point of reference for the GSEs and multiple-state regulatory agencies to ask about what mortgage companies are doing around cybersecurity to protect themselves and the consumer.
Remote Workforce Shifts
2020 brought significant change to everyone’s strategy for securing the enterprise, the very sudden shift to a most or all remote workforces. With the lockdown of public gathering areas, organizations found a need to quickly expand their remote work infrastructure or implement one if it did not already exist. This often resulted in the expansion of the discoverable attack surface of the enterprise by exposing insecure services, systems, and protocols to the Internet to enable the workforce to continue business as usual in a remote fashion.
Another unanticipated challenge was a lack of laptops to issue to staff. The squeeze on tech vendors being able to source new equipment, resulted in the use of personally owned devices in half implemented Bring Your Own Device (BYOD) programs.
End Users
The weakest part of the majority of networks is the human element. Attackers know that tricking a human into compromising a system for you is still one of the most successful attack methods. The numbers simply don’t lie:
Ransomware
2019 Ransomware was the main stage concern for mortgage companies. Going into 2020 while it wasn’t he number one issue, this attack vector is showing no signs of slowing down. In fact, December of 2020 saw a 7x increase over July 2020, as well as consistent growth in Ransomware as a Service (RaaS) (Fortinet Global Threat Landscape Report 2/21). RaaS provides attackers with “one-click” solutions for automating and managing an attack. Even if you have the discovery and containment process as streamlined as it can be, the frequency of backups and the time to restore that critical data determines your overall productivity loss to the business.
Recommendations
Below is a list of what we consider the most effective controls to put in place to mitigate the most prevalent threats facing the enterprise today.