Security

Top threats to G Suite security in 2020

money

2020 has been a year like no other and filled with many challenges.  Businesses have been forced to change how they carry out operations while empowering their end users to work remotely from home.  Many organizations, no doubt including your own, are now heavily leveraging the flexibility and capabilities afforded by cloud SaaS environments like G Suite.

In the midst of a global pandemic as well as challenging economic times, organizations can’t let their guard down when it comes to security.  In fact, the shift in how employees are working has served to introduce new security challenges.  How is this affecting cloud environments like G Suite?  Let’s take a look at the top threats to G Suite security in 2020.

Top threats to G Suite security in 2020


As your organization leverages G Suite for business-critical services as well as data storage, there are many security threats to be aware of.  In recent months, organizations have been required to shift how their employees carry out their job duties with the majority of employees working remotely.  What additional threats to G Suite security does this bring in 2020?  Let’s take a look at the following:

  • Distracted workers
  • Phishing emails
  • Ransomware
  • Data leak
  • Risky third-party applications

Distracted Workers 


The first threat to G Suite security in 2020 has to do with a social aspect of working remotely from home and other environments instead of on-premises in the office.  The current remote situation can affect the overall security of your G Suite environment.  How so?  

With current events, attackers are well aware that workers are more distracted than ever before and are paying less attention to work and more attention to news events and other issues going on around them.  Employees are much more distracted and more likely to fall victim to phishing attacks that offer information on such topics as COVID-19, coronavirus, and health information.

This leads to targeted attacks on remote workers.  Attackers play on the panic and fear regarding the current pandemic and capitalize on these with phishing emails, ransomware, data leak tactics, and malicious risky third-party applications.  


Attackers used a COVID-19 map from John’s Hopkins University to drop malware 

Phishing emails


It is one of the oldest types of attacks in the book – phishing.  Phishing emails are a type of social engineering attack where an attacker sends an email that masquerades as a legitimate email from a reputable entity.  Often, the phishing email will have an embedded malicious hyperlink or email attachment.  

The end user is persuaded to open the attachment or click the hyperlink.  Often, these types of attachments or links contain a ransomware payload.  However, they can also be used to simply steal information from the end user such as usernames, passwords, and other personally identifiable information (PII) which is then used for malicious purposes. 

In 2020, attackers are continuing to use phishing campaigns with fake information claiming to be from legitimate organizations with information about the coronavirus and other related topics.  As mentioned, phishing emails often lead to ransomware.  What threat does ransomware pose to your G Suite environment in 2020?

Ransomware


Ransomware is perhaps one of the most alarming threats that faces businesses today.  This includes not only on-premises but also cloud environments.  One only has to read news headlines of massive ransomware attacks to understand the threat that ransomware poses to your business.  It remains a top threat to G Suite security in 2020. 

Attackers can drop ransomware payloads on your G Suite end user’s devices by means of phishing emails, malicious websites, website drive-by attacks, and even new “fileless” ransomware attacks.   Ransomware can easily infect cloud environments due to file synchronization.  

In G Suite, data can be synchronized from a local workstation using Google Drive Sync.  If ransomware encrypts files locally, the files are then synchronized to the G Suite cloud environment.  This means the data in the cloud becomes encrypted and unreadable by all employees.

New types of ransomware attacks that specifically target cloud environments have shown the capability to encrypt cloud services such as email.  The “Ransomcloud” attack has been shown to be able to encrypt business critical services by persuading a cloud end user to grant permissions to a malicious application which can then assume all the rights and permissions granted to that end user in the cloud.

This is possible by a special type of authentication used in the cloud called OAuth.  OAuth allows using a token to grant permissions for third-party applications instead of granting them access to the user password combination.  With a simple permissions request dialog box, an end user can grant dangerous permissions to an application.  Once granted, the application assumes all the permissions of the user.  

If it is a ransomware application, it can now encrypt and hold hostage all data that is accessible by that particular user, including cloud email and others.  This can lead to not only the personal data of the user being encrypted, but all other data the user has been granted permissions to in the G Suite cloud environment.

Data Leak


The leaking of data from your G Suite organization continues to be a security threat for your organization in 2020.  Data leak can lead to disastrous consequences for your business as shown in recent data detailing the impact of a data leak event for your organization.  

Data leak can cause major monetary loss for your business as a result of a number of factors including: fines and penalties, lost revenue, tarnished business reputation, and disrupted operations.  Data leak itself can come from a number of different sources including:

  1. End users – end users can either accidentally or intentionally leak data outside your G Suite organization
  2. Data breach carried out by an attacker – targeted attacks by cybercriminals or eve nation/state attacks can target certain types of data held by various organizations.  By compromising the security of the environment, an attacker can gain access to sensitive and other types of data.
  3. Ransomware – new ransomware variants are using the threat of data leak to persuade victims to pay the ransom.  So, it combines ransom threats with blackmail!  There is a string of examples of this type of ransomware coming on the scene.  The first was Maze ransomware.  Many variants have been seen since then including DoppelPaymer, Sodinokibi, and now Nemty.  

Risky third-party applications


Another major threat to your G Suite environment in 2020 is risky or outright malicious third-party applications.  While there are many beneficial and useful apps in the marketplace, your organization needs to be on the lookout for dangerous apps.  These can be found in the G Suite marketplace as well as by way of browser extensions.  

Again, with the cloud OAuth permissions model, all an end user has to do is accept the permissions requested by the application.  Once granted these permissions, the third-party application or browser extension assumes all the rights and permissions assigned to the granting user.  

This means that an end user can easily expose your business-critical or sensitive data to the outside world via a third-party application by installing an app on their mobile device or browser extension in their browser.  Additionally, a malicious application drop ransomware into your environment.  Both are extremely dangerous!  

There are any number of threats that can come from third-party applications.  Your organization in 2020 must control which applications have access to your G Suite environment.  

Protect G Suite against threats in 2020 with SpinOne


To properly protect your environment from the threats to your G Suite environment in 2020 and beyond, you need to have both visibility and control.  Also, you need the proper tools to protect and secure your data.  SpinOne provides an all-inclusive solution to both protect and secure your G Suite environment.  What is SpinOne?

SpinOne is a next-generation CASB solution that incorporates artificial intelligence (AI) and machine learning (ML) to protect your G Suite environment from sophisticated attacks that target your cloud environment.  What does it provide?

  • Ransomware protection – World class ransomware protection that automatically detects, blocks, identifies damage, and restores your data
  • Third-party apps control – Whitelist and blacklist over 60,000 applications including both G Suite marketplace apps as well as browser plugins with SpinAudit
  • Backups – Ransomcloud infection is extremely dangerous.  With native tools in G Suite, the process of how to recover deleted emails in Outlook would be cumbersome.  SpinOne’s SpinBackup tool allows easily restoring your data and setting a G Suite backup policy for automatic backups throughout the day.
  • Insider threats protection – Protect against threats that come from your own employees.  These can be either accidental or intentional actions that can put your data at risk. With SpinOne, you know what your employees are doing and you are alerted to malicious behavior.
  • Data leak protection – With SpinSecurity, you know where your data is shared and who it is shared with.

SpinOne is the “best of the best” protection for your G Suite environment.  Take a look at SpinOne for G Suite and see the full list of capabilities it provides for your environment.