By Carlo Bolzonello, country manager for McAfee in South Africa
The uncertainty of 2020 has forced enterprises to accelerate their cloud transformation projects to empower their newly remote workforces, resulting in a 50 percent increase in enterprise cloud use since the start of the year. In South Africa, this has been fraught with challenges, as the country’s internet infrastructure was not as geared for the migration to working from home, and businesses had to scramble to ensure that their teams had the necessary hardware, software, and infrastructure in place to ensure business continuity.
However, this acceleration into the cloud has seen two significant security challenges emerge: Threats targeting cloud services increased by 630 percent in 2020, with attackers using the credentials harvested from phishing campaigns to exploit the anonymous, decentralized nature of cloud applications; and increased cloud usage, meaning that data is flowing beyond the reach of traditional network data protection, posing a significant risk of data falling into the wrong hands via untrusted cloud services or home devices.
McAfee’s Threats Report released in November 2020 noted an average or 419 new threats per minute, while overall new malware samples grew by 11.5 percent. The research also revealed that hackers have adjusted their strategies to use the COVID-19 pandemic as a theme in their approaches, using the world’s thirst for information about the virus and associated illness as an entry ruse into systems all over the world. So marked is the increase in cyberwarfare that it’s anticipated that if measured as a country, cybercrime would be the world’s third-largest economy after the United States of America and China.
This has been exacerbated by the current global economic slump in which there are more candidates seeking work than there are jobs, with malicious parties acting to lure desperate victims into opening documents that promise job opportunities, that are actually laced with malware.
One recent example investigated by McAfee’s Advanced Threat Research (ATR) team revealed how Operation North Star appealed to people’s need for employment during the height of the pandemic by using social media, spear phishing and weaponised documents to target those working in the defense sector.
The detailed job descriptions used to lure victims and the selective use of the Torisma implant suggest that the attackers were pursuing a very clearly defined agenda of accessing confidential information from very specific defense technology providers.
McAfee’s findings also suggest that those behind the attack were more sophisticated than they initially appeared in early analysis. They were focused and deliberate in what they meant to achieve and more disciplined and patient in their execution.
As Secure Access Service Edge (SASE) architecture adoption becomes more widespread due to its unique security benefits – that could prevent the likes of an Operation North Star attack – enterprises will have more of a choice in the technology they select, while organisations that choose disparate and siloed solutions from different vendors end up with increased operational overhead, added costs and complexity.
At the same time, security operations centres (SOCs) are still maturing, and face three key challenges that impact the time taken to resolve security issues: reactive processes and workflows; alert fatigue and fragmented tools; and limited staff and expertise, with more than two million cybersecurity job vacancies worldwide, including those in South Africa.
According to recent ESG research, 66 percent of organisations say that detection and response effectiveness is limited because they use multiple independent tools. Doing so inhibits faster and better security outcomes by making security operations manually correlate data and orchestrate their responses across the various tools. Time to resolve or contain a threat continues that takes months, giving the adversary more time to do more damage.
Furthermore, SANS research (2019) notes that only 40 percent of the SOCs have incident response function, and the shortage of cybersecurity staff and expertise continues to limit security effectiveness.
SOCs continue to face a dynamic threat landscape especially in the currently evolving work-from-everywhere-on-any-device environment. The fragmented nature of traditional tools, which require many manual and cumbersome processes, make it near impossible for their already stretched teams to be as effective as they need to be. This is particularly true in South Africa, where local cybersecurity teams are frequently understaffed.
McAfee’s recent announcement of the MVISON XDR platform, a cloud-based advanced threat management solution with complete coverage across the attack lifecycle, helps SOCs prioritise to protect what matters, easily and efficiently.
New functionality in the McAfee MVISION Unified Cloud Edge delivers a unique approach to protection against ransomware and phishing threats, and includes remote browser isolation technology for the first time too, with a real-time protection stack.
McAfee also introduced unified data lost prevention (DLP) and incident management across devices, networks, web, and the cloud – all particularly important innovations in the current environment where the move to work-from-anywhere has been notably accelerated due to the COVID-19 pandemic.
MVISION CNAPP is the industry’s first platform to bring application and data context to converge Cloud Security Posture Management (CSPM) for public cloud infrastructure, and Cloud Workload Protection (CWPP) to protect hosts and workloads including VMs, containers, and serverless functions.
Accelerated by COVID-19, every enterprise is undergoing a digital transformation mandate. Most enterprises are leveraging the agility and innovation velocity of the public cloud, either solely or in conjunction with their private data centres.
These enterprises need a simplified architecture; one that enables them to leapfrog the cost and complexity of the patchwork quilt of point products, and benefit from the cloud-native ecosystem, without major investments in tools or developer talent.