Blog

Increased Dependence on Technology

Written by Securus360 | March 15, 2021

Increased Dependence on Technology Leads to InfoSec Blind Spots - Today’s organizations of all sizes depend upon a more diverse set of technologies than ever before – including mobile computing, IoT, robotics, cloud services, machine learning and more. Over time, this digital transformation phenomenon exponentially increases a company's dependence upon the internet and it’s IT teams. Over 80 percent of CEOs reveal they have digital transformation programs underway to make their firms more productive and cut costs through analytics, unified data & processes, and business-IT integration.

Unfortunately, every new piece of technology that an organization adopts adds a new attack vector which requires monitoring and protection. In effect, as companies embrace digital transformation, they must implement robust security capabilities that can address frequent, complex and always evolving cyber threats.

How does Increased Dependence on Technology Result in Information Security (InfoSec) Blind Spots?

1. Shadow IT

Any kind of digital transformation involves connecting additional software or hardware to the company network, with the IT team driving the process through appropriate stages. On average, companies with fewer than 1,000 employees run an average of 22 applications, with larger ones running 788. Apart from approved software products, a typical company has an amazing 975 unknown cloud services operating at any one time.

Workers bring their unsanctioned information assets and services to a corporate network. In the process, organizations run shadow IT, consisting of information technology connected to the network without the IT department's knowledge or approval. Shadow IT includes all unapproved hardware, software or other connected technology assets on the company's network.

Twenty-one percent of organizations lack policies surrounding new technology use, and 77 percent of IT experts agree that if left unchecked, shadow IT will become a dominant risk for organizations by 2025. Despite understanding the potential hazards, 40 percent of IT professionals admit to using unapproved tech themselves.

Why is shadow IT a looming cybersecurity blind spot? IT personnel cannot monitor and protect what they don't know. Shadow IT products increase attack surfaces while making it difficult for security teams to take defensive measures. Shadow IT also poses a direct threat to data security since the devices and applications are invisible to staff, wholly dependent upon the user who purchased and deployed them. Unscrupulous employees who leave the firm can leverage this lack of visibility to maintain access to the company network and information.

2. The Human Factor

Employees are one of the biggest security threats in an organization. Some workers go rogue and willfully launch attacks against company systems to compromise data. At other times, human-caused data breaches are accidental, such as unintentionally clicking a malicious link or attachment, or losing a computer with confidential company information. Despite the risks, security is not "top of mind" for most employees.

Remote workers are also a noteworthy blind spot for companies. Research shows that 83 percent of small business owners allow and offer employees the option to work from home when needed and appropriate. The figure jumps to 95 percent among young firm owners. While more enterprises are warming up to the idea of remote work arrangements during and after the COVID-19 pandemic, such work strategies open a Pandora’s box when it comes to cyberattacks. An online survey revealed that 41 percent of remote workers use unsecured personal applications to access confidential work information, putting their businesses at higher risk of a data breach. Nineteen percent of work-from-home employees reported ignorance with respect to remote work guidelines for their company. Only 31 percent of organizations commit their employees to annual company-wide cybersecurity training, despite the fact that the human factor is one of the largest potential blind spots in information security.

3. Encrypted Traffic

Research reveals that encrypted traffic has grown by more than 90 percent year over year. Network traffic encryption is like a double-edged sword. It gives enterprises the ability to ensure information security and privacy, yet on the other hand, data encryption allows cybercriminals to mask their malicious activities.

Organizations do not always keep encrypted traffic in check, thinking the transmissions are secure. In effect, cybercriminals can utilize such data to conceal malware and other cyber threats. Since the encryption process starts at network endpoints, a bad actor can launch encrypted malware to steal sensitive information or trigger a ransomware attack. Other than external risks, the rise of encrypted traffic originating from employee devices and remote computers connected to corporate networks can potentially result in data exfiltration and malware attacks, thus adding another potential blind spot to the mix.

4. Interconnectivity with Third Parties

Organizations rely heavily on third-party IT systems and partners within their businesses. BeyondTrust research found that the average enterprise has 182 vendors connecting to its network each week. This interconnectivity with partners, such as cloud service providers, can be a significant blind spot in information security. In fact, looking at all data breaches over the last 2 years, more than 50 percent of them resulted from a third-party data breach.

In addition, many enterprises have critical network architecture weaknesses, often a by-product of misconfigured remote access servers and unpatched third-party software. Developers might also expose company data and systems by using open source software development environments like Git and Jenkins. Such third-party environments can open access for cybercriminals through existing flaws and misconfigured settings.

Eliminate the Cybersecurity Blind Spot with Securus360

Without a doubt, building and maintaining next-generation capabilities for threat detection and response is an uphill undertaking for many organizations due to the cost involved and lack of infosec engineers.

Securus360's Managed eXtended Detection & Response (MXDR) platform solves this challenge by delivering advanced detection and response capabilities as a service. Securus360 removes the complexity and cost of building an in-house, next-generation security operations center. Our MXDR services leverage advanced artificial intelligence combined with human security analysts to provide a more robust, more efficient and measurably more accurate threat detection and mitigation solution.

Securus360 eliminates the blind spots which new technology can bring to an organization and, most importantly, provides the needed visibility to spot that new, unknown attack as well as any new unknown bad actors attempting to compromise a business.