Logins in a Dangerous Time: How Organizations Are Navigating Cyberwarfare

Nov 30, 2022
Kenna Security

Share with Your Network

In recent years, the art of warfare has been expanding to the digital realm. We’re witnessing the horrors of that reality play out on the cyberfront in Ukraine. Cyber attacks on the Ukrainian government-military sector nearly tripled within just a few days of Russia’s invasion in February and now new strategies are upping the ante. Russian intelligence has adopted quick and dirty tactics that allow for faster intrusion and broader damage across networks by targeting “edge” devices like firewalls, routers, or wide-area networks (WANs). This shift enables infiltrators to maintain stealth access, then breach other network devices and deploy data-wiping malware within just weeks, compared to months. 

A breach of IT service providers is a game-changer for bad actors: they could open gateways to downstream clients’ networks, in both public and private sectors. At the Black Hat conference earlier this year, a top Ukrainian cyber official described this onslaught of attacks as “the biggest challenge since World War II.” But Russia is not the only nation-state committing digital acts of war.

The U.S. Intelligence Community identified top nation-state cyber threats to national security: Russia, China, North Korea, and Iran. Many criminal organizations carry out attacks on behalf of these nation stations, targeting U.S. and global critical infrastructure. One such Iranian hacker group was recently charged with launching global attacks on hundreds of computers in health care, transportation, utility companies, state and county governments, and even a domestic violence shelter. In Asia-Pacific, a decade worth of cyberattacks across Australia, Cambodia, Hong Kong, Singapore, and Vietnam were recently linked to Chinese hacker gang Aoqin Dragon, suspected to be nation-backed. The gang reportedly targets unpatched routers and network-attached storage devices in government, education, and telecommunication sectors, revealing weaknesses in organizations’ security hygiene practices. 

Cyberwarfare poses a sobering reality for businesses. Nearly nine in ten organizations believe they have been targeted by a nation-state cyber organization, blurring where the frontlines are really drawn. The evolution of warfare and cybersecurity is forcing businesses to rethink core security policies to better manage vulnerabilities and reduce risk.

Trusted access in the future of security operations

Duo’s Trusted Access Report analyzes more than 13 billion authentications from almost 50 million devices in North America, Latin America, Europe, the Middle East, and Asia Pacific. This year’s report was especially illuminating in the shadow of the unfolding turmoil taking place in Ukraine and its global repercussions. Even though these physical and digital attacks are hitting thousands of miles away, the impact can still be felt. Because of these devastating realities, security leaders are forced to make new and difficult decisions about the future of their security operations. To help navigate this new era of cyber threats, we’ve gathered three key findings from Duo’s Trusted Access Report:

Multi-factor authentication is gaining ground 

As the majority of organizations are adopting zero-trust policies in their security architecture, they are also beefing up verifications with Multi-Factor Authentications (MFA). According to Duo, the use of MFA has grown 38% over the past year, and a growing number of countries are adopting it.

MFA establishes user trust by requiring more than one method of verifying identity and allowing access. With a whopping 74% rise in password attacks in the last year, 50% of businesses are turning to simplified, passwordless MFA solutions that don’t interfere with user productivity and strengthen security posture. By eliminating passwords at access points, password-based vulnerabilities can also be eliminated that stem from phishing, stolen or weak credentials, password reuse, and brute force attacks.

Easy rules that add extra layers of protection are underutilized

Despite growing threats, many organizations are still missing out on simple access rules that reduce risk, like implementing location-based policies. Duo’s findings indicate that a startling 1% of enterprises implement explicit location-based access policies that restrict access to selected geographic traffic and automatically deny others. Among organizations that do deny geographic locations, Russia or China are blocked 91% of the time, and 60% of those organizations block both nation-states. As global cyber warfare rages, it is concerning that 99% of organizations are not utilizing this vital aspect of risk-based vulnerability management that could save their most valuable assets. 

Organizations also need to more seriously consider device posture when defining access requirements. Since the pandemic, organizations have been facing the cost of employees using their own devices: expanded attack surfaces that can compromise systems. The good news is, device posture can be assessed at all access points, requiring systems to be up to date before allowing access. 

The bad news is, these access rules are not enforced by a majority of organizations. Duo’s report showed that 42% of all browsers were patched to the current, but over 50% of browsers were identified as out of date. Of the remaining 8% are deadly “end of life” browsers and “unknown” states, meaning the version could not be assessed. When systems are outdated and unpatched, organizations put their data at risk—and they simply can’t afford to in today’s climate. 

Cloud consumption continues to climb

As remote and hybrid work continues to normalize, so does cloud use. Last year, Gartner predicted that 85% of organizations will be “cloud-first” by 2025, and we’re seeing that increasing adoption in real-time. According to Duo, cloud applications rose by 24% in 2022 and authentications to cloud apps increased by 13%. While this data highlights how organizations are enhancing their cloud security posture, it also underscores the need for enhanced identity and access management that creates hurdles for attackers, not employees. Effective zero-trust organizations constantly monitor user, device, and application posture at access points to networks and clouds, but that doesn’t have to mean extra work for users. 

This is leading many organizations to find more effective ways to frustrate attackers, not users, and meet the needs of growing cloud-based activity. Single sign-on (SSO) is a solution provided by leading enterprise vendors which allows for a simple, stress-free login experience. One secure set of credentials grants trusted access to a unified dashboard of applications—both cloud-based and native—minimizing the steps users need to take to keep your company’s assets secure.

It all boils down to streamlining risk management

In the midst of growing cyberattacks, managing risk for remote and hybrid work operations is not easy. As global connectivity increases, digital blows can be dealt from virtually anywhere in the world, amassing an immense and dangerous battlefield. And if Gartner is correct, in a few short years much more than data and business operations hang in the balance; human lives could potentially be added to the list of casualties. Before that prediction comes to pass, organizations must do what they can to reinforce entry points and safeguard defenses.  

The name of the game is reducing risk where it matters while keeping operations smooth and efficient for users, wherever they are working. Taking advantage of solutions like MFA and SSO, and implementing access rules that allow for automated risk-based vulnerability management, are crucial actions for the modern, hybrid and remote business enterprise to keep network and cloud-based assets secure. 

To learn more about how your organization can streamline security and risk management operations with trusted access operations, download your copy of Duo’s 2022 Trusted Access Report

Read the Latest Content

Cybersecurity Best Practices

Want Less Cyber Stress This Holiday Season? Do These 4 Things.

For a less stressful holiday season, here are four critical musts to have in place, especially when you're OOO.  
Cybersecurity Best Practices

4 Ways to Protect Your Neck Beyond National Cybersecurity Awareness Month

We’re highlighting four ways you can safeguard your environment and lay the groundwork for more hygienic cybersecurity, this month and beyond.

5 Cybersecurity Terms Everyone Should Know 

In the spirit of Cybersecurity Awareness Month, we want to help you #BeCyberSmart by keeping you updated the latest cybersecurity lingo.

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.