Key Takeaways From the Recent Targeting of Cloud Services and Remote Workers

Feb 03, 2021

Key Takeaways From the Recent Targeting of Cloud Services and Remote Workers Image

This month, the Cybersecurity and Infrastructure Security Agency (CISA) released a report discussing several recent successful cyberattacks against multiple organizations’ cloud services. Most notable was the link between these attacks and remote workers, who were using a mixture of company laptops and personal devices to access their organization’s cloud services. These attacks were conducted using various techniques, including phishing and brute force login attempts to exploit organizations that demonstrated poor cyber hygiene, specifically regarding their cloud services configuration.

CISA observed the successful use of phishing emails with malicious links that harvested credentials for users’ cloud service accounts. Hackers then utilized the users’ accounts to phish other accounts within the organization. In some instances, the organization didn’t require a VPN for accessing the corporate network. Despite their terminal server being located within their firewall, it had been configured with an open port to allow remote workers access. Hackers were then able to exploit this through brute force login attempts.

There are two main points we can take away from this report. First is the increased risk organizations take when they incorporate remote workers into their networks. Second is the need for more discipline by organizations when expanding their cloud systems. Both of these come down to practicing good cyber hygiene.

An organization’s employees are their most likely asset to cause a breach, and when employees work remotely, they pose an even greater risk to their organization. Remote employees are more likely to use company computers for personal use, use personal devices to access an organization’s cloud services, and engage with phishing emails. Remote workers also have a heavy reliance on, and connection to, an organization’s cloud systems. Without implementing specific and consistent cyber education for remote workers, organizations are putting these systems in harm’s way by neglecting their frontline of defense against cybercriminals.

In the past, organizations needed time and resources to set up and implement new servers. Due to reduced cycle times, organizations can expand these services through the cloud rapidly. As these cloud systems grow, misconfigurations can occur undetected, and an organization’s ability to identify misconfigurations is negatively affected. Many of these services operate under some level of autonomy as well. Without continuous monitoring, breaches can go undetected for long enough to allow cybercriminals to access other systems and cause considerable damage. When working with these systems, organizations must be vigilantly monitoring, patching, and working to mitigate the occurrence of misconfigurations and correct them when they occur.

“With the increase in decentralized work environments as well as the adoption of cloud technologies, organizations must diligently work to secure employees, remote endpoints, and cloud-based resources. An effective security awareness training program addresses much of the human element of an increasingly mobile workforce. To secure cloud computing resources organizations should implement continuous monitoring capabilities built upon either cloud-native tools or third-party applications which increase visibility and ensure the environment is properly hardened (and stays that way).”

Richard Rieben, Secuvant’s Director of Risk Services.

When organizations operate with remote workers or expand their cloud systems, discipline is key. Practicing good cyber hygiene is essential regardless; however, under these circumstances, it’s especially imperative due to the increased risks organizations take on when intertwining these efforts. If vulnerabilities exist in these areas, whether it’s due to improper training for employees or lack of monitoring and patching of cloud systems, it’s only a matter of time before they are exploited. Secuvant can help your organization mitigate these vulnerabilities by expanding both of these efforts and more. We deliver enterprise-grade cybersecurity services to businesses of all sizes and align these services to your organization’s needs and budget. When it comes to these efforts, being proactive is critical. Click here to learn more about Secuvant’s superior cybersecurity services, how we can benefit your organization, and to talk to a Secuvant Expert today.

About Secuvant:

Located in Salt Lake City, Utah, Secuvant is a global leader in integrated cyber threat analytics and risk advisory services, built on a value system of client focus, integrity, accountability, execution, and teamwork. Secuvant’s mission is to provide clients with a Clear Path Forward in their pursuit of establishing an acceptable security risk posture. Secuvant’s success is built upon strict adherence to its values, a functioning world-class advisory board, the unique combination of cybersecurity expertise and industry / vertical specialization, and a team of experts that repeatedly deliver best-in-class managed and advisory cybersecurity and risk services. Secuvant understands Cyber Risk is Business Risk™ and uses methodologies and metrics aimed at minimizing business risk. Services include, but are not limited to, Security Gap and Risk Assessments, Risk Program Management, Executive and Board Cyber Advisory, Penetration Testing, Security Monitoring, Managed Detection and Response and Incident Response services. To learn more, visit www.secuvant.com.