网络犯罪分子是如何在远程办公期间钻空子的?
春天向来都是万物更新的时节,而今年更是如此。在经历了一个被迫隔离的漫长冬天之后,随着安全有效的疫苗越来越容易获得,许多人期待着关闭Zoom,穿上真实像样的裤子,一年多来首次出门去见朋友和同事。正常生活,似乎就在眼前。
然而,过去一年的事件已经让世界发生了不可逆转的变化。我们重新走进的企业、学校和其他工作场所,将不再是我们去年3月离开的那个地方。
随着各行各业迅速接受远程工作,并建立起基础设施来确保居家工作的员工保持生产力,新冠疫情促使这些原本就存在的长期趋势进一步加速。
我们现在发现,其中有许多进展都相当不错——员工可以在任何地方高效工作,再也无需忍受漫长通勤和嘈杂的办公室带来的痛苦。因此,随着经济踏上重启之路,许多人正在设法让这些临时解决方案变得更加持久,并将其与更加“传统的”工作形式结合在一起,以创造一种混合的工作环境。
这些新的混合型工作场所将为企业创造新的机会,有助于我们创建比以往任何时候都更灵活、更高效、更容易接近的组织。但是,它们也会开辟新的不确定性途径,从而危及每个组织。毫无疑问,网络犯罪分子对此心知肚明,并且正在寻找利用这些漏洞的方法。
混合模式的危险
后疫情时代的工作场所将是一种新旧结合的混合体:员工既能够利用云技术在任何地方工作,同时还可以在必要时去办公室上班。
然而,从网络安全的角度来看,这有可能演变成一场噩梦。对那些完全利用远程方式工作的员工,企业能够采用一种足以保护中央网络的方式将其分割开来,但混合型员工每次返回办公室并重新连接时,都有可能携带他们不慎获取的恶意软件,从而将这些网络暴露在更大的风险之下。
2020年,在图谋不轨者发送的恶意软件中,有61%是通过云应用发送给远程工作者的。就在一个月前,每年处理资金高达1000亿美元的加利福尼亚州主计长办公室(California State Controller’s Office)遭到电子邮件钓鱼攻击——黑客经由一位员工获得内部文件的云访问权,并利用这个启动点对另外9000名员工进行钓鱼式攻击。
用它乘以数百名(或数千名)每周连接和重新连接中心网络好几次的员工,就会出现数百个(或数千个)新载体。通过这些新载体,恶意行为者可以在你的网络中获得立足点,这就让保护网络、网络用户和数据的任务变得更加复杂。
黑客嗅到了机会
在过去的12个月,新冠疫情,以及技术的采用、远程工作和对广泛数字化服务的需求所带来的种种混乱,创造了一场让黑客大显身手的完美风暴。而且,随着组织快速转向新的混合型工作场所模式,再加上我们的社会和经济系统越来越依赖这些数字技术,黑客攻击的规模、频率和复杂性只会不断增强。
这方面的典型例证是个人健康数据。国际征信巨头益博睿(Experian)将一个人的医疗保健数据的价值定为1000美元。网络犯罪分子知道这一点。而且,随着远程医疗蓬勃兴起,人们对医疗物联网设备日益依赖,黑客们感到有机会更容易地窃取敏感数据,破坏关键的数字基础设施,并勒索赎金。其结果是:根据我公司的一项研究,在过去12个月,超过一半的医疗服务提供商遭受数据泄露,涉及的患者医疗记录可能高达数百万份。美国犹太保健集团Northwell Health的首席信息安全官宣称,她所在的部门是“网络犯罪的头号目标”。她还指出,“鉴于新冠疫情爆发以来,远程工作者群体不断壮大,这已经成为一大挑战。”
这种情况将在整个经济领域重演。随着工作场所转型继续在州和地方政府等部门蔓延,攻击者正在发现越来越多的目标,以及可供利用的漏洞。我们对虚拟系统的依赖意味着,黑客有能力造成前所未有的破坏,并以无数种新方式扰乱日常生活——同时也会要求越来越多的赎金。
这些威胁并不容易应对。好消息是,现有的解决方案具有足够的灵活性和可扩展性,可以管理越来越多的远程连接——无论这些连接来自远程员工、物联网设备,还是来自学生——并且足够成熟,能够自动识别和解决用户和网络所面临的越来越多的威胁。(我的公司Infoblox致力于帮助世界各地的组织扩展和保护其数字基础设施。)
最重要的是,企业需要彻底评估自身的网络安全战略,并确保它为这个新世界做好了准备。即使软件即服务(SaaS)解决方案迅速崛起,向云端迁移蔚然成风,对云安全解决方案的采用仍然大大滞后,向远程工作的转换由此变得更加昂贵、风险重重、极其困难。从一开始就进行这些投资,可以让工作场所更加顺畅、更加安全地转向混合型模式,从源头上堵住有可能成为攻击载体的漏洞。
但这些解决方案要充分发挥作用,也有赖于观念的转变。首席信息官(CIO)和首席信息安全官(CISO)现在需要在决策层占据一席之地,从而让他们能够在重启计划仍在制定之际,就帮助企业识别和应对有可能成为威胁的潜在漏洞。是的,网络安全不再是一个技术或IT问题——它需要成为一个组织和运营的优先事项。
我们正准备进入的世界将由我们面临的威胁来定义。只有那些现在就意识到这一点,并且从一开始就高度重视网络安全(而不是在重启计划制定好之后才考虑这个问题)的企业才有望发展壮大。欢迎光临新常态。(财富中文网)
杰斯珀·安德森(Jesper Andersen)是Infoblox公司的首席执行官。Infoblox是一家为1.2万家客户提供核心网络和安全服务的领先供应商。
译者:任文科
春天向来都是万物更新的时节,而今年更是如此。在经历了一个被迫隔离的漫长冬天之后,随着安全有效的疫苗越来越容易获得,许多人期待着关闭Zoom,穿上真实像样的裤子,一年多来首次出门去见朋友和同事。正常生活,似乎就在眼前。
然而,过去一年的事件已经让世界发生了不可逆转的变化。我们重新走进的企业、学校和其他工作场所,将不再是我们去年3月离开的那个地方。
随着各行各业迅速接受远程工作,并建立起基础设施来确保居家工作的员工保持生产力,新冠疫情促使这些原本就存在的长期趋势进一步加速。
我们现在发现,其中有许多进展都相当不错——员工可以在任何地方高效工作,再也无需忍受漫长通勤和嘈杂的办公室带来的痛苦。因此,随着经济踏上重启之路,许多人正在设法让这些临时解决方案变得更加持久,并将其与更加“传统的”工作形式结合在一起,以创造一种混合的工作环境。
这些新的混合型工作场所将为企业创造新的机会,有助于我们创建比以往任何时候都更灵活、更高效、更容易接近的组织。但是,它们也会开辟新的不确定性途径,从而危及每个组织。毫无疑问,网络犯罪分子对此心知肚明,并且正在寻找利用这些漏洞的方法。
混合模式的危险
后疫情时代的工作场所将是一种新旧结合的混合体:员工既能够利用云技术在任何地方工作,同时还可以在必要时去办公室上班。
然而,从网络安全的角度来看,这有可能演变成一场噩梦。对那些完全利用远程方式工作的员工,企业能够采用一种足以保护中央网络的方式将其分割开来,但混合型员工每次返回办公室并重新连接时,都有可能携带他们不慎获取的恶意软件,从而将这些网络暴露在更大的风险之下。
2020年,在图谋不轨者发送的恶意软件中,有61%是通过云应用发送给远程工作者的。就在一个月前,每年处理资金高达1000亿美元的加利福尼亚州主计长办公室(California State Controller’s Office)遭到电子邮件钓鱼攻击——黑客经由一位员工获得内部文件的云访问权,并利用这个启动点对另外9000名员工进行钓鱼式攻击。
用它乘以数百名(或数千名)每周连接和重新连接中心网络好几次的员工,就会出现数百个(或数千个)新载体。通过这些新载体,恶意行为者可以在你的网络中获得立足点,这就让保护网络、网络用户和数据的任务变得更加复杂。
黑客嗅到了机会
在过去的12个月,新冠疫情,以及技术的采用、远程工作和对广泛数字化服务的需求所带来的种种混乱,创造了一场让黑客大显身手的完美风暴。而且,随着组织快速转向新的混合型工作场所模式,再加上我们的社会和经济系统越来越依赖这些数字技术,黑客攻击的规模、频率和复杂性只会不断增强。
这方面的典型例证是个人健康数据。国际征信巨头益博睿(Experian)将一个人的医疗保健数据的价值定为1000美元。网络犯罪分子知道这一点。而且,随着远程医疗蓬勃兴起,人们对医疗物联网设备日益依赖,黑客们感到有机会更容易地窃取敏感数据,破坏关键的数字基础设施,并勒索赎金。其结果是:根据我公司的一项研究,在过去12个月,超过一半的医疗服务提供商遭受数据泄露,涉及的患者医疗记录可能高达数百万份。美国犹太保健集团Northwell Health的首席信息安全官宣称,她所在的部门是“网络犯罪的头号目标”。她还指出,“鉴于新冠疫情爆发以来,远程工作者群体不断壮大,这已经成为一大挑战。”
这种情况将在整个经济领域重演。随着工作场所转型继续在州和地方政府等部门蔓延,攻击者正在发现越来越多的目标,以及可供利用的漏洞。我们对虚拟系统的依赖意味着,黑客有能力造成前所未有的破坏,并以无数种新方式扰乱日常生活——同时也会要求越来越多的赎金。
这些威胁并不容易应对。好消息是,现有的解决方案具有足够的灵活性和可扩展性,可以管理越来越多的远程连接——无论这些连接来自远程员工、物联网设备,还是来自学生——并且足够成熟,能够自动识别和解决用户和网络所面临的越来越多的威胁。(我的公司Infoblox致力于帮助世界各地的组织扩展和保护其数字基础设施。)
最重要的是,企业需要彻底评估自身的网络安全战略,并确保它为这个新世界做好了准备。即使软件即服务(SaaS)解决方案迅速崛起,向云端迁移蔚然成风,对云安全解决方案的采用仍然大大滞后,向远程工作的转换由此变得更加昂贵、风险重重、极其困难。从一开始就进行这些投资,可以让工作场所更加顺畅、更加安全地转向混合型模式,从源头上堵住有可能成为攻击载体的漏洞。
但这些解决方案要充分发挥作用,也有赖于观念的转变。首席信息官(CIO)和首席信息安全官(CISO)现在需要在决策层占据一席之地,从而让他们能够在重启计划仍在制定之际,就帮助企业识别和应对有可能成为威胁的潜在漏洞。是的,网络安全不再是一个技术或IT问题——它需要成为一个组织和运营的优先事项。
我们正准备进入的世界将由我们面临的威胁来定义。只有那些现在就意识到这一点,并且从一开始就高度重视网络安全(而不是在重启计划制定好之后才考虑这个问题)的企业才有望发展壮大。欢迎光临新常态。(财富中文网)
杰斯珀·安德森(Jesper Andersen)是Infoblox公司的首席执行官。Infoblox是一家为1.2万家客户提供核心网络和安全服务的领先供应商。
译者:任文科
Spring is always a time of renewal, but never more so than this year. After our long winter of forced isolation, the increased accessibility of safe and effective vaccines has many looking forward to shutting off Zoom, putting on some real pants, and emerging to see friends and colleagues in person for the first time in more than a year. Normality, it seems, is just around the corner.
Yet the world has been irrevocably changed by the past year, and the businesses, schools, and other workplaces that we enter back into won’t be the same as the ones we left last March.
The pandemic accelerated long-standing trends in workplaces across sectors as companies quickly embraced remote work and stood up infrastructure to enable their employees to remain productive while working from home.
Today we are finding that many of these developments are pretty good—enabling employees to work and be productive from anywhere without the headaches of a commute or a noisy office. And so, as the economy begins to reopen, many are looking for ways to make these temporary solutions more permanent and merge them with more “traditional” forms of working to create a sort of hybrid work environment.
These new hybrid workplaces will create new opportunities for businesses and will allow us to create organizations that are more flexible, productive, and accessible than ever before. But they can also open up new avenues of uncertainty that could threaten every organization. And make no mistake—cybercriminals know this and are finding ways to take advantage of these vulnerabilities.
Dangers of the hybrid model
The post-pandemic workplace will be a hybrid of the old and the new, with employees taking advantage of cloud-based technologies to work from anywhere, while also maintaining the ability to go into an office as needed.
From a cybersecurity perspective, however, this has the potential to be a nightmare scenario. While completely remote workers can be segmented in a way that protects central networks, hybrid workers expose these networks to increased risk every time they return to the office and reconnect, potentially bringing with them malware they picked up.
In 2020, bad actors sent 61% of malware through cloud applications to target remote workers. Barely a month ago, the California State Controller’s Office, which handles $100 billion a year, suffered an email phishing attack on an employee that gave the hackers cloud access to internal documents and a launch point they used to phish another 9,000 employees.
Multiply this by hundreds (or thousands) of employees connecting and reconnecting a couple times each week and you have hundreds (or thousands) of new vectors through which malicious actors can gain a foothold in your network, making the task of securing a network, and the users and data that are on it, even more complex.
Hackers smell an opportunity
The pandemic and confusion around the adoption of technology, the remote workplace, and demand for widespread digitized services created a perfect storm that hackers have been exploiting over the past 12 months. And the scale, frequency, and sophistication of hacking are only going to grow as organizations further accelerate their transitions to new, hybrid workplace models, and our social and economic systems become increasingly dependent on these digital technologies.
A prime example of this is personal health data. Experian, the credit reporting agency, has pegged the value of an individual’s health care data at up to $1,000. Cybercriminals know this, and given the rise of telehealth and increased dependence on medical Internet of Things (IoT) devices, they sense the opportunity to more easily steal sensitive data and disrupt and hold ransom critical digital infrastructure. The result: Over half of health care providers suffered a data breach in the past 12 months, according to a study by my company, potentially exposing the records of millions of patients. The chief information security officer of Northwell Health called her sector the “No. 1 target for cybercrime” and noted, “It's become a challenge now with the expanded remote workforce that we've been living in since COVID-19."
This situation will be repeated across the economy. As workplace transformation continues to spread across sectors like state and local governments, attackers are finding a growing number of targets and vulnerabilities to exploit. And our dependence on virtual systems means that hackers have the ability to cause more havoc than ever before and to disrupt daily life in countless new ways—and to demand increasing amounts of ransom as well.
*****
Countering these threats won’t be easy. Solutions exist that are flexible and scalable enough to manage the growing number of remote connections—whether they come from remote employees, IoT devices, or students—and sophisticated enough to automatically identify and address the growing number of threats that users and networks face. (My company, Infoblox, helps organizations around the world extend and secure their digital infrastructure.)
Most importantly, companies need to thoroughly evaluate their cybersecurity strategy and make sure it is ready for this new world. Even with the rise of SaaS solutions and the widespread migration to the cloud, the adoption of cloud-based security solutions has lagged greatly, making the shift to remote work more costly, risky, and difficult. Making these investments at the outset can make the shift to a hybrid workplace smoother and more secure—sealing off possible vectors of attack before they are exploited.
But in order for these solutions to be fully effective, a shift in outlook is also necessary. CIOs and CISOs need a seat at the table now, while the plans to reopen are still being made, to help identify and plan around potential vulnerabilities before they become threats. Cybersecurity can no longer be a tech or IT problem—it needs to be an organizational and operational priority.
The world that we are preparing to enter will be defined by the threats we face. The companies that thrive in it will be the ones that recognize this now and make security an integral part of their plans from the beginning, not something that is considered after the plans have already been made. Welcome to our next “Normal.”
Jesper Andersen is the CEO of Infoblox, a leading provider of core networking and security services to more than 12,000 customers.
