An unsuspecting click on the link of a phishing email, browsing a compromised website or the careless handling of SaaS applications: In theory, a thoughtless, frivolous act is enough to open the door to malware in the company's IT infrastructure.
Once the system has been compromised, there is a risk of corporate data being lost. In modern IT environments, it is increasingly important to take security precautions for risky user behavior in order to protect company resources and the data located there. Accordingly, sensitizing the workforce to various attack tactics has long been part of IT-Grundschutz.
Raising awareness among the workforce
However, modern working methods that require flexibility at short notice do not always stand up to this. For example, when support from an employee on vacation is absolutely necessary for an urgent project or when working from home or on the move at short notice. If it speeds up the workflow, users in the various specialist departments may bypass the security officers and set risky processes in motion. This includes, for example, the transfer of company data to unapproved cloud applications or access from unprotected end devices or via unsecured WiFi networks. This creates not only possible loss paths for data, but also weak points for threats such as malware, which can cause massive damage to the entire company infrastructure.
Employee training is important
On the one hand, it is important to train employees to be aware of risky behavior. On the other hand, in the digital transformation, precautions must be taken to ensure that a potential misstep does not result in serious damage. Various technologies are available to companies to protect the behavior of their users:
1. Implementation of on-device SWG
Cyber criminals can use even trusted websites to distribute malware. By setting up Secure Web Gateways (SWG), companies can prevent users from accessing malicious web targets - whether consciously or unintentionally - in real time. They scan files downloaded from the web for threats and block them if necessary. With device-internal SWGs, the data traffic can be decrypted and inspected locally at each end point. They do not cause any backhaul latency, protect the data and thus the privacy of the users and remain unaffected by the scaling of the network.
2. Use of a multi-mode CASB
Cloud Access Security Brokers are designed to secure the cloud for businesses and provide protection for licensed, managed software-as-a-service (SaaS) applications and infrastructure-as-a-service (IaaS) platforms. CASBs can be used in different modes that can protect against ransomware in different ways. By integrating with the application programming interfaces (APIs) of cloud services, they can exercise visibility and control over the data residing in them and thus search for infected files. Using forward proxy agents on managed devices, CASBs can scan file uploads and downloads in real time for threats and prevent them if necessary. With agentless reverse proxy, this can be achieved without software on the end devices, making it a perfect solution for BYOD environments. In order to fully protect themselves against ransomware in all use cases in the cloud, companies need a so-called multi-mode CASB that offers all three of these deployment modes.
3. Use of ZTNA
Virtual private networks have always been considered a suitable way to secure the interaction with company resources. VPNs establish a secure tunnel that connects a user's device to a company's network. However, VPNs suffer from issues such as latency, lost productivity, and scalability. In addition, they violate the core idea of zero trust and provide full access to the network and everything in it. This shows that VPN is a method of access, but not a method of security. This is where Zero Trust Network Access (ZTNA) can help. ZTNA cloud-based solutions maintain ease of use, provide the scalability required, and allow access to specific applications (rather than the entire network) while applying real-time threat protection policies designed to stop ransomware.
Use technologies from SASE platforms
SASE platforms provide CASB, SWG and ZTNA technologies, among other things, and can provide coherent protection: They allow companies to use all three functionalities in one interface. This also facilitates the uniform technical application of data security guidelines and saves IT admins time. When choosing a SASE vendor, organizations should consider whether their solution can keep pace with the current threat landscape. This includes intelligent functionalities that can take on unknown threats and attack vectors through behavior-based machine learning.
In this way, technical framework conditions can be created that ensure that risky behavior on the part of the user malware does not present any surface for attack and that company data is protected at all times.
More at Bitglass.com[starboxid=4]