From healthcare to education to critical infrastructure, no one seems safe from cyberattacks. Not even the makers of video games.
In early June, news broke that video game giant Electronic Arts was one of the latest victims of a major breach.
At first glance, this is just another story of hackers breaking into a victim and finding their way to a hefty salary. Nothing new here. Lots of attacks happen every week, don’t they?
However, it was the way the attackers got in that was interesting.
According to Sergiu Gatlan report in Bleeping Computer, attackers purchased a cookie for Slack from EA that allowed them to contact IT helpdesk. From there, they told the IT team how they lost their phone at a weekend party and needed help reconnecting to their account.
This story was important because it helped them defeat the multi-factor authentication (MFA) that EA likely had on their accounts.
The IT helpdesk, trying to be helpful, then helped attackers create an account and â€œget back to actionâ€ so to speak.
Once they took control of a legitimate account, the attackers forced their way through EA’s network to access the source code. While there is no evidence that customer data has been compromised, the source code is the company’s “crown jewel” as it is its product. The attackers then allegedly claimed they had buyers willing to pay $ 28 million for the stolen code.
Meeting security challenges in the reality of remote work
At first glance, we can think of this as another cyberattack. Another company has experienced a security process failure and is facing unfortunate consequences.
However, there is much more to be learned from this incident than just the fact that the attackers were successful in their mission.
Instead, it’s a story about how security teams are still adapting to dealing with remote workers. And apparently still a long way to go.
From the onset of the COVID-19 pandemic, authorities and cybersecurity experts warned attackers would take advantage of employees working remotely. They knew that organizations would bypass (or even break) the security rules and best practices they had in place to prevent these types of attacks from succeeding, because people couldn’t show up in the office to cope. security incidents. to deal with.
In the pre-COVID-19 era, an employee who lost their phone would have had to report to IT and likely get security approval as well. However, as we are still in the distant phase of recovery, many organizations continue to find themselves in a gray area.
This is how pirates like it.
Considering the enormous costs of falling victim to one of these attacks and their likely continuation, what can companies do to better protect themselves when they do? meet security challenges in the reality of remote work?
Data loss prevention strategies
Reducing the risk of compromise involves many processes and practices, but below are some of the most important ones that can help keep your organization a little bit more secure.
Use multi-factor authentication
The first point to raise here is that even though hackers have found a way to bypass MFA protections, strong authentication measures such as MFA still offer important security measures and should be used.
Microsoft report in 2019 found MFA can help prevent 99.9% account compromise attacks. There will always be instances where a little smart social engineering can overcome a technological barrier, but the numbers don’t lie. Using MFA will always help put the safety stats in your favor.
Use activity monitoring and behavior analysis tools
It is important to have a remote computer monitoring solution that can track and identify suspicious activity from employee devices or accounts in the event that attackers successfully compromise an account.
Citing abnormal behavior can help signal that someone might not be who they say they are. In addition to the standard insider attacks where a disgruntled or opportunistic employee may try to steal or damage their employer, hackers love to use compromised credentials to work stealthily within their victim’s network, silently until so that they can exfiltrate their stolen goods.
Using activity monitoring and behavior analysis tools, organizations can detect suspicious activity and stop it in real time, hopefully mitigating the risk before serious damage can be done.
Make IT a little less useful
It might sound a little counterintuitive, but organizations need to train their IT teams and other employees to be a little less helpful and a little more suspicious.
If we were in the office and received a suspicious message on Slack or an email asking us to take a risky action or break a good practice / rule, then we would just walk down the hall to ask him in person. However, in the remote setting it can be a bit more difficult.
The best practice here would be to ask other verified channels to confirm their identity. There’s no point in asking Sue if she’s really Sue on the same channel if she asks us to go buy a bunch of iTunes gift guards to pay a seller.
Instead, pick up the phone or contact her on a communication platform that is disconnected from the one from which you received the message. Yes, it’s a little slower, but that’s the point. Add friction and avoid critical errors.
Set up a plan for the hybrid future of work
Now that COVID-19 rates appear to be declining in much of the western world, organizations have started setting ‘return to office’ (RTO) dates and putting in place plans for hybrid work situations .
Beyond the health precautions that will have to be put in place, we understand that we will also have to rethink our cybersecurity practices.
If an employee loses their phone, is it safe enough for them to come to the office and have their access approved by seeing another human in person? Is this appropriate in all cases? Maybe for those cases where valuable access to the company’s base IP is concerned, then maybe it should.
Many organizations have their RTOs set for September. Many others have decided that their employees can work from home forever. For the most part, the future is likely to be a hybrid mix where not everyone shows up in person every day and the remote becomes a fixed part of the way we work.
Either way, now is the time to think about these policies and start planning how to meet these challenges and prevent the next attack.