As a result of the COVID-19 global pandemic, minds have been forced to focus on what really matters. This applies to businesses as much as individuals.
When home and office blur into one, the security of digital connections becomes more important than ever. Today, it is critical for cybersecurity professionals to understand risk, look for potential breaches and build a robust response and recovery capability.
During the pandemic, the hasty adoption or expansion of remote access technologies put users at greater risk of cyber-attacks just as businesses lost some control and visibility over their IT security systems. But are there lessons to be learned for the longer term?
Cyber threats have been rising for years. In its Security Navigator 2020 report, Orange Cyberdefense finds that the share of business-critical and high-risk incidents — those with significant impacts — nearly doubled from 8.7% of all incidents in 2016 to 16.1% in 2019.
While the coronavirus pandemic also impaired the ability of hackers to perform their activities to a small extent at the outset of the pandemic, the effect was short-lived and opportunistic and targeted attacks have continued unabated.
Although remote working left end users more exposed to social engineering and scams, the data analyzed by Orange Cyberdefense suggests that the truly impactful attacks are those directed at systems such as VPN gateways and vulnerable remote access points.
Strategies and Tactics
Human behaviour is often at the heart of breaches, and yet the first line of defense remains adequate security infrastructure.
Cyber criminality resembles a large-scale enterprise with aggressive targets and effective hiring and training programs. “Bad guys will continue to innovate. We need to accept that there will be breaches and think about detection and response,” said Stefan Lager, SVP Global Service Lines at Orange Cyberdefense.
Beyond effective systems for monitoring and recovery support, organizations should establish wide-ranging response teams that can deal effectively with the broad spectrum of attacks they face.
Although the attacker and the defender both have resource constraints, we as the defenders have a much bigger challenge to face. We have limited resources, constrained budgets, an agile adversary and absolutely no room for error.
Without neglecting the basic security best practice required to counter-balance these threats (without which they would simply overwhelm us), we need to recognise that attacks, compromises and breaches are inevitable and prepare to engage our adversary in an active and continuous manner behind the traditional perimeters of our environments. Not only are mature and effective detection and response capabilities an existential requirement in light of contemporary threats, effect detection and response programs also help us to counter-attack some of the very advantages that give our adversaries a systemic advantage, namely by minimising their element of surprise, inflicting real costs and consequence for their mistakes, and extending the time they require to learn and improve, whilst simultaneously reducing the time for us to do the same.
The coronavirus pandemic has produced a flurry of malicious attacks, but well-known system vulnerabilities have remained the main focus for hackers.
Suboptimal security safeguards have left remote technology temporarily more open to breaches, and attackers continue to exploit these weak points.
In the end, empowering users, strengthening authentication and authorization, creating adequate zones of trust and understanding vulnerabilities are the keys to unlocking cybersecurity at all times.
People and businesses want to operate online with efficiency and trust. Security professionals are there to support the digital world as it offers leisure and professional services that make everyday life easier, prosperous and fulfilling.
Orange Cyberdefense’s Security Navigator 2020 report and COVID-19 white paper