The massive shift to a remote workforce landscape has expanded the technology perimeter for most organizations and correspondingly increased their overall exposure to the most common cybersecurity threats of 2020.
Throughout these challenging times, the team of experienced cybersecurity professionals at Schneider Downs continue to work hard every day to make our firm, clients and communities better prepared to prevent, detect and respond to modern cybersecurity threats. The graphic below highlights some key vulnerability trends in our findings.
- Social Engineering – As you can see, user susceptibility to phishing attacks is higher than ever. Although there are likely a number contributing factors, we attribute this increase to the dangerous combination of new internal processes and individual distractions. With so many new standards of communication and remote workforce procedures, users are struggling to follow basic email security principles, which can be particularly challenging for those with high-traffic home office setups where they may experience increased interruptions and background noise.
- Logical Access Controls – We’ve also observed a significant spike in the number of remote resources lacking the enforcement of multifactor authentication (MFA). The utilization of remote resources has understandably exploded throughout 2020, but too often these resources have been rapidly deployed without proper security configurations, like MFA, the single most effective cybersecurity control an organization can implement.
- Data Governance – We continue to see data governance issues on the rise. As we all continue to adjust to a remote workforce landscape, increased dependence on collaboration tools like Microsoft Teams has made it easier than ever for individual users to share and manage data. However this is a double-edged sword, and has significantly contributed to the volume and variety of sensitive files stored within unstructured and often unprotected data.
- Patch Management – On a positive note, patch management issues have declined. Don’t get me wrong, we still see our fair share of missing critical security patches, and we are far from done worrying about the zero-days of tomorrow, but it’s nice to see a more widespread adoption of effective patch management efforts. A long overdue win for the cybersecurity community.
Be sure to check out this recent recording from a speaking engagement where I discuss these trends and much more, including a deep dive into some of the most effective methods to-date, in which pentesters and threat actors alike are successfully compromising the average network.
Lastly, keep in mind that not all penetration tests are created equal. Far too often, we see organizations of all sizes and industries relying on a glorified vulnerability scan to fill the increasingly important role of a proper penetration test. I challenge us all to maintain high expectations when it comes to the methodologies, toolsets and techniques of those performing these types of highly technical consulting services. If a penetration test comes back with no significant findings, be skeptical of the tester’s capabilities. Now more than ever, it’s crucial for decision-makers to have an accurate and actionable understanding of the cybersecurity risks we all face.
For more information about penetration testing please visit our penetration testing service page or download our penetration testing service overview.
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
In addition, our Incident Response Team is available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident.
Related Posts
No related posts.