The Best Defense is a Good Offense
The best defense is a good offense, right? Sure, assuming your offense includes solid surveillance. It’s not enough to know that cybercriminals might come for your data: You need to know when and how. Malware hunting is a good offense — it works with existing security structures to actively uncover weaknesses and potential threats — but it’s up against the rise of shadow IT, a challenge not receiving enough attention.
What is shadow IT?
Shadow IT is the use of computing systems, devices, software, applications, and services by employees — without the IT department’s knowledge, guidance, or approval. It covers everything from logging in to personal email accounts from a work PC and installing unapproved apps on a company device to using personal flash drives to store work-related data. Guilty of any of the above? You’re not alone: Everyone does it, and organizations are paying the price. While shadow IT can improve employee productivity and drive innovation, no matter how well intentioned (see “road to hell, pavement”) it can also introduce serious security risks.
What’s the big deal?
With more people working from home, IT departments and cybersecurity personnel are scrambling to enforce safety protocols and procedures — and to keep unsanctioned devices and software installations off their networks. Don’t even mention the nightmare of intermingling personal and professional accounts: Even the best protection surrounding your organization's email servers won’t protect against an employee getting phished via their personal email.
Most employees don’t realize how easy it is for a malicious outsider to access company software by embedding an innocent-looking malware link sent to a social media account. A run-of-the-mill flash drive in a backpack may contain proprietary data not permitted to be removed from the confines of the organization, or malware triggered when the drive is connected to a corporate network. On top of the potential damage from a cyberattack, there are also legal repercussions to consider if an employee mishandles sensitive data.
Ok, but what does this have to do with malware hunting?
Just staying one step ahead of shadow IT isn’t feasible anymore. By the time a company has shiny new security procedures and processes installed and running, attackers have already poked holes all around them, scraped sensitive data, and moved on to their next mark. By the time end-users catch up, the cycle has already repeated itself. Malware hunting elevates traditional cyber defenses to spot malicious activities before they can do damage.
Effective cybersecurity monitors and analyzes feeds so it can spot a threat by its potential behaviors and remove it through an automated response. And it’s not just limited to external threats: A well-designed system can detect when an insider disrupts their own security measures — intentionally or after falling prey to an attack. It can also be programmed to identify code patterns from known cybercriminal groups like REvil and FIN12. Even if an attack were to be successfully triggered, rapidly understanding the target, source, attack vector and intent mitigates the damage.
The laissez faire approach to personal cybersecurity in a post-pandemic world creates unique challenges for organizations. Fortunately, the latest generation of cybersecurity technology has made huge advances in protecting against the pitfalls of shadow IT.
As with any security structure, even the most advanced system requires maintenance, updates, and consistent testing — but malware hunting (a good offense) will strengthen your defenses against even the most savvy cybercriminals.
What else can we do about shadow IT?
Training in best practices and tailoring your cybersecurity focus to your company’s specific risks go a long way in curtailing the most prevalent uses of shadow IT. Consider:
Having IT send fake phishing emails to test employees’ instincts.
Automated monitoring of remote devices for unusual activity
Prioritized use of two-factor authentication access to high risk systems.
The challenge and cost of implementing malware hunting and addressing shadow IT aren’t going to slow down anytime soon, but neither are cybercriminals. Solid surveillance, evolving technology, and — most importantly — keeping yourself and your colleagues educated about the risks of stale cybersecurity measures and careless habits will help even the score.