As the nation continues to adjust to work-from-home initiatives, enterprises are having to find creative ways to keep operations running smoothly. One result of having most, if not all, employees working remotely has been a significant shift to cloud services.
But this is also exposing cloud-based technology to more cyberthreats, says Ned Miller, chief strategist for McAfee Public Sector, pointing to McAfee’s latest Cloud Adoption and Risk Report. The report focused on cybersecurity trends between January and April of 2020, as the millions of workers began to login to work from home.
“We observed a 630% increase in external cloud threats which were indicators of account takeover attempts, and data exfiltration. The threats involved stolen passwords, credential stuffing or what we call super-human anomalies,” says Miller. The report also found that threat events in the government sector has surged by seven-fold. The findings are based on aggregated and anonymized cloud usage data from more than 30 million McAfee customers worldwide.
Miller shares findings from the report and recommendations to CIOs and CISOs to improve security measures for their remote workforce in this podcast produced by CyberScoop and underwritten by McAfee:
Increased use of collaboration tools amplifies security risk
“Enterprise use of collaboration cloud services more than doubled or tripled during this period,” for platforms like Zoom, Microsoft Teams, Slack and WebEx, says Miller. The report shows a 200% increase in cloud traffic from unmanaged devices, which in many cases can increase cyber risk for enterprise networks.
“There is no way to recover sensitive data from an unmanaged device. So, this increase in access to collaboration tools results in data loss events if security teams are not able to control that cloud access by device type and have cloud-based policy enforcement — that we refer to as data loss prevention capabilities — for the cloud,” Miller explains.
Another surprising finding, Miller says, is that for sanctioned cloud services such as Microsoft 365, ServiceNow and Salesforce, there was a 600% increase in the number of access anomalies. Those anomalies are access events that deviate from the normal curve of known user behavior, so most of the threats observed during this timeframe are targeting the cloud services directly.
Take-aways for CIOs and IT leaders
Miller explains that the VPN infrastructure is struggling to handle the surge in remote employees. Organizations are requiring employees to go through a VPN, while instead they should be modernizing security around cloud-based applications because the reality is that employees will do whatever is easiest and fastest.
“Modern applications like Microsoft 365 are delivered directly through the cloud, users will turn on their device, connect to their Wi-Fi and access applications in the cloud directly,” he says.
Modern security models require conditional access controls for internet-connected, corporate-issued and employee-owned devices with instant policy changes to remediate risks are going to be required as part of modern security going forward, says Miller.
Recommendations to strengthen security for remote workers
In order to make sure security teams can adapt quickly and provide visibility and control across all cloud services, Miller recommends five key areas for IT leaders to consider:
- Implement a cloud-based or hybrid on-prem secure web gateway so agency devices can be protected against web-based threats without routing through VPN.
- Allow agency or department employees to connect to sanctioned cloud services from their agency or department devices without using the VPN, protecting data with a cloud access security broker (CASB).
- Set policies in your CASB so cloud services have device checks and data controls, and are protected against attackers who can access SaaS accounts over the internet.
- Implement multi-factor authentication for sanctioned cloud services where applicable to reduce the risk of stolen credentials being used to access accounts.
- Allow employees to use their personal devices to access corporate SaaS applications to maintain productivity, with conditional access to sensitive data in the cloud.
Ned Miller is an adviser for government customers on strategies to provide secure operating environments. His focus is on architecture and risk-based outcomes. Ned is the co-holder of a series of next-generation security patents. He has authored numerous cybersecurity solution briefs and delivered hundreds of presentations to industry and government on cybersecurity best practices.
Download the full McAfee “Cloud Adoption and Risk Report – Work from Home Edition”. And listen to the podcast for the full conversation on the report findings.
You can hear more coverage of “IT Security Modernization” on our CyberScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by CyberScoop and underwritten by McAfee.