How businesses unknowingly leave themselves at risk
Article by Bitglass co-founder and CEO Nat Kausik.
Recent cyber-events highlight the real risks confronting enterprises that depend on a single vendor for their infrastructure, tools, and security.
Last year’s SolarWinds attack created a major stir among the cybersecurity community. The question on everyone’s lips was a big one: were hackers now honing their attack techniques with a specific aim in mind? Namely, targeting companies solely reliant on Microsoft’s security infrastructure to protect their systems and users.
Subsequent high profile ransomware attacks on Colonial Pipeline and JBS have provided further disquieting insights into hackers' modus operandi that exploit flaws and vulnerabilities in Microsoft’s software and cloud platforms.
With ransomware as a service (RaaS) schemes booming in the wake of today’s new remote and hybrid workforce realities, organisations that don’t want to be the next victim of an attack should take note.
Rather than launching a raft of opportunistic attacks, professional hackers and state-sponsored threat actors can leverage Microsoft services to gain access to an organisation’s network – and deliver their ransomware payloads – in a highly targeted way.
Industrialisation of ransomware
Hackers are smart operators that are only too aware that today’s enterprises will be utilising technologies and cloud services from market-leading vendors like Microsoft. It makes perfect commercial sense for ransomware attackers to go all out and specifically target Microsoft environments at scale.
Having perfected their infiltration techniques, cybercriminals are now intent on leveraging these capabilities to access Microsoft products. Utilising the RaaS model to achieve the widespread distribution of turnkey hacking services at a cost that will generate the maximum financial return.
That’s bad news for any company that is heavily reliant on exclusively Microsoft architecture.
In theory, having a single vendor for IT and security should make life easier. Alongside minimising compatibility or interoperability issues, deploying new applications from the same vendor won’t require a lot of training to get users up to speed.
However, the SolarWinds attack highlights just how easy it was for hackers to take advantage of a highly connected Microsoft architecture to conduct an end-to-end breach.
Having first gained access to the SolarWinds’ network via a compromised laptop, the cyber-criminals next moved to the company’s Active Directory before leaping to the Azure Active Directory and then onto Office 365 to achieve complete control, gaining access to cloud resources along the way. All this was achieved by simply riding the connected fabric of an all-Microsoft shop.
What happened in the Solar Winds incident highlights why relying on a single vendor for infrastructure and security is equivalent to laying out a red carpet for hackers.
To circumvent this risk, organisations need to compartmentalise their Microsoft environments. This means inserting third-party security products which will prevent attacks from flowing across the distributed enterprise without restriction.
Multi-layered tech stack approach
Separating applications from security tools to mitigate risk is just the start. Today’s distributed work environments mean data, devices, applications, and users exist outside the corporate network. So organisations need to ensure they implement security practices that encompass their entire network estate.
Today’s cloud-based secure access service edge (SASE) solutions streamline the delivery of comprehensive security controls to every segment of the infrastructure. This makes it harder for malicious actors to exploit security vulnerabilities.
Key SASE functionalities include:
- A modern cloud access security broker (CASB) that delivers end-to-end protection for data in any cloud service
- On-device secure web gateway (SWG) that decrypts and inspects traffic on user devices for content filtering and threat protection in real-time
- A zero trust network access (ZTNA) solution that enables secure remote access to internal resources.
Organisations that are heavily reliant on Microsoft infrastructures can take several steps to shore up security and minimise the spread of a cyber-attack.
Interfacing each connected component with a standards-based partition and inserting a third-party security product between the application and security stack represent the foundation stones for protecting their Microsoft estates. After which, deploying SASE technologies will assure comprehensive security across every infrastructure segment.
In this way, organisations can mitigate the risks presented by a single vendor security strategy and initiate a highly resilient infrastructure and cloud security posture.