Why Enterprises are Still Falling Victim to Breaches

Guest post by By Deepen Desai

Despite spending billions every year to establish a secure perimeter around the network, organizations continue to suffer the loss of data, time, productivity, intellectual property, and a staggering sum of money to breaches. With all the sophisticated technology that enterprises put in their gateways to block threats, why do breaches persist? I believe the following are among the top reasons why breaches occur:

  1. Blindness to SSL/TLS traffic

As much as 90 percent of internet traffic is now encrypted and, while SSL provides privacy, it also provides attackers with an opportunity to infiltrate networks and exfiltrate data. Attackers know that many organizations allow encrypted traffic from “trusted” websites and CDNs to pass uninspected, which is because SSL inspection requires significant processing power. As a result, SSL is among the most abused channels for hiding malware.

  • The need for segmentation at the application level
Deepen Desai, Vice President of Security Research at Zscaler and director of ThreatLabZ.

With so many remote employees, contractors, partners, and other third parties connecting over VPNs, often from uncontrolled environments, networks are vulnerable, especially without proper segmentation. If one of those systems connecting over VPN or site-to-site VPN is compromised, its infection can infiltrate the network and proliferate.  

  • IoT security

The rapid adoption of IoT has created new attack vectors. IoT devices are notorious for poor security and, because devices appearing on networks are often employee-owned, it’s likely that many have weak, preset passwords. In a recent study, my team discovered that more than 90 percent of the IoT traffic from enterprise networks was using unencrypted channels, making it susceptible to man-in-the-middle attacks. The best way to prevent IoT devices from exposing your network is to isolate them on their own network (to prevent lateral movement) and restrict inbound and outbound traffic.

  • Patch management

Most enterprise networks are complex, so setting up an effective patch management process can be challenging. Large networks often include unsupported operating systems, which further complicates patching by adding manual steps—often leaving systems vulnerable longer. In the case of WannaCry, such vulnerabilities had devastating consequences. Automated patching helps by pushing patches and providing consistent coverage against certain exploits. To block attackers’ attempts to probe for unpatched devices, you need an effective intrusion prevention system.

  • Employee training

Most users understand the risk of clicking suspicious links or opening attachments from unknown senders. But what about those that appear to be from a trusted source, like Amazon or Apple? Attackers are skilled at developing phishing sites that look just like legitimate sites, and they can often make URLs deceptively similar using domain squatting. It’s imperative for employees to have ongoing training that includes awareness of recent attack methods. Armed with knowledge, they provide a key layer in enterprise defense.

Malicious actors will continue to target enterprise networks with phishing schemes and other sophisticated attacks. It’s incumbent upon enterprises to ensure a defense-in-depth security strategy by using the most effective technologies available and employing best practices to prevent intrusion or minimize its effects. One of those best practices that every business should be following today is to ensure multifactor authentication (MFA) is enabled. MFA provides more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction. Most enterprise applications support MFA and users are familiar with the process.

Deepen Desai is Vice President of Security Research at Zscaler and director of ThreatLabZ.