Threat Environment
The nature of the threats out there aren’t necessarily new, but many tried-and-true attack techniques are becoming increasingly more sophisticated and damaging.
“Malicious parties, both individual and state sponsored, are targeting all industries with crypto, phishing and direct ransomware attacks. I’ve been seeing incidents that impact even Fortune 500 companies,” Carr explains. “A lot of threats have become more complex and targeted. They will compromise a subcontractor and directly use their email to attempt to get you to respond with a targeted email.”
“I’VE SEEN ATTACKS ON THE RISE IN GENERAL. YOU BREACH SOME SERVERS, YOU GET THE PROFESSIONAL EMAIL ADDRESSES AND THEN START SORT OF REPEATEDLY ATTACKING. DENIAL-OF-SERVICE ATTACKS HAVE BEEN ON THE RISE, AND THOSE ARE TARGETED ATTACKS ON CLOUD RESOURCES TO BRING THE SERVICE DOWN.”
—Aditya Thakur, director, Product Management, Autodesk Construction Solutions
Thakur adds: “I’ve seen attacks on the rise in general. You breach some servers, you get the professional email addresses and then start sort of repeatedly attacking. Denial-of- service attacks have been on the rise, and those are targeted attacks on cloud resources to bring the service down. I know the cloud companies are sort of working on it, but that’s just something to keep an eye on.”
“We’ve started seeing more instances of very targeted campaigns where they set up nearly duplicate domain names and user email accounts and then start trying to represent themselves as legitimate users,” Carr says. “At Clune, we have an external service doing regular checks and takedowns of those domains as a service to us.”
Educate and Defend
Cybersecurity is an ever-escalating struggle that forces companies to constantly keep up and defend against ever-more sophisticated threats and attacks. While security technology is part of the solution, it is not a silver bullet. Education, authentication and process are vital to any security strategy.
“It is critical for any company to increase the awareness of its staff through cybersecurity training and phish testing,” Carr says. “The end-user is the front line of defense. They need to partner with a cybersecurity industry specialist to make sure they are protected. I suggest performing professional risk/gap analysis at least once each year to mitigate possible points of vulnerability.”
“Make sure employees are constantly educated about phishing attacks. What a lot of companies don’t realize is that when a breach happens, you may not see the true impact of it until a few years later,” Thakur says. “Make sure folks are aware, because it can happen very innocently. More companies now are running fake phishing attacks internally to make sure employees are always aware.”
There is a delicate balance to be struck between security and usability. In the end, technology and data sharing are intended to make jobs and processes easier, and that simple truth can be jeopardized with overly onerous security protocol. A combination of process and technology is required.
“I think authentication is always going to be a trend because there are a lot of tools out there and the threats are always evolving,” Thakur says. “But how do you create security without making it too restrictive for users to log in? In construction, it’s very important to be usable because the project managers in the field have limited time, and they want to get in and get out and get stuff done. It puts the onus on tech companies to constantly evolve and upgrade their security infrastructure to make sure they’re doing right by their customers.”
“Security is something that should be at the forefront for all organizations,” Carr says. “Protecting their data and their clients’ data should be top of mind, not only for the IT department, but for the entire company.”
Be the first to comment on "Attacks on Cloud and Data Infrastructure Underline the Need for Cybersecurity"