How security firms are reacting to the coronavirus challenge
Security professionals at the coal face reveal how they’re keeping businesses safe while adapting to life under lockdown
While the security landscape is ever-evolving, the last few weeks and months have been a whirlwind for businesses in their efforts to avoid falling victim to cyber attack. From financially-driven hackers to state-backed groups, cyber criminals are using the ongoing pandemic to find increasingly sophisticated ways of wreaking havoc against businesses.
As with many other sectors, the cyber security industry has been forced to adopt remote working practices to abide by lockdown measures. Indeed, 90% of cyber security employees are now working remotely full-time according to research by (ISC)2. Meanwhile, the nature of threats and the scale of attacks have escalated, with cyber criminals keen to exploit businesses while their guards are lowered.
For security companies, however, it’s nothing that can’t be handled. Lead security architect with Red Sift, Peter Parkanyi, tells IT Pro the industry has been quick to adapt to the new challenges, as most have experience of supporting some level of remote working even before COVID-19 struck.
“A lot of computer security people are well accustomed to working online, since the users we're securing are very often at a distance, too, especially in large organisations,” he says. “Much of the computer security culture and information flows are already integrated into online tools, and it’s essential security professionals follow these to stay on top of the state of the art cyber threats, which change daily.”
His view is shared by Auth0’s senior product security engineer, George Wang, who says the majority of his company had experience working remotely before the lockdown came into effect. The workplace environment was already tailored to be remote-friendly, although the company has since launched a live video chat for advice to help those unfamiliar with the processes and practices involved.
Regardless of remote working preparation, however, it’s often the little things that are missed the most, with many pining for the return of office culture in particular. This is no different in cyber security, Context Information Security’s technical lead, Oliver Fay, tells IT Pro, with the most disruptive change being teams unable to share information among each other on an ad-hoc or casual basis.
“In our normal open-plan office environment, analysts can rapidly get answers to questions like ;does this look strange to you?’ or ‘have you seen this before?’, or get a second pair of eyes on something,” he explains. “Whilst the large increase in the use of instant messaging and collaboration apps mitigates this to some degree, it’s not quite the same as being able to have another incident responder glance over your shoulder.”
While the mass shift to remote working poses a major challenge, the escalating nature and volume of threats has posed an equally formidable one. The threat landscape is undoubtedly shifting, manifesting in several ways from a recorded spike in coronavirus-related phishing emails to the advent of attack vectors like ‘Zoom-bombing’, in which hackers attempt to invade private video conferencing sessions.
Auth0’s Wang says it’s impossible to dissociate this uptick from a rise in people who aren’t so tech-savvy being asked to use technology they’re not used to. “We’re seeing a lot more cybercrime and victims of cyberattacks because we’re essentially caught between new technology and attack vectors, and a soaring number of users with differing levels of sophistication.”
The IT Pro Podcast: How do we fix security?
We discuss why firms keep making the same security mistakes with guests Graham Cluley and Stu PeckListen now
Drilling down into the detail, phishing has quickly moved to the top of the priority list for Red Sift’s Parkanyi, who suggests it's also been an uphill battle updating best practices for securing video conferencing. It’s also been much harder to protect high-reward individuals, like company executives, against spear phishing than against non-targeted campaigns.
While phishing has spiked, Digital Shadows’ CISO Rick Holland counters that it’s hardly a surprise, and remains widespread whether we’re in the midst of a pandemic or not. Security teams, he adds, which have employed threat modelling, as well as security controls against malicious domains and account takeovers, have already managed to stem the surge. Inversely, organisations without the ability to detect and mitigate phishing emails, malicious websites, and compromised accounts have struggled the most.
Where there has been a shift is that the phishing spike is actually attributable to a surge in “high-sophistication nation-state endorsed adversaries”, Context Information Security’s Fay reveals. This chimes with official warnings sounded by US and UK cyber security officials last month. While motives vary, many who fall into this category seek to gain intelligence from how other countries are responding to coronavirus. The emergence of state-backed threats poses a particular challenge for businesses given the powerful tools these groups can employ to avoid conventional defenses.
While the situation may seem more urgent now than ever, security professionals are broadly in agreement that most of the advice, support and guidance continues to be effective. Where there has been a major change in protection methods is in response to the remote working shift, Fay adds, with reliance on remote access technologies representing a significant risk.
This is a phenomenon also highlighted by Digital Shadows’ Holland, who adds: “Protecting clients has shifted from perimeter-based security controls to the endpoint security controls and Identity and Access Management. Where employees authenticate from is the new perimeter, and the computing device they use to do that authentication has become much more significant.”
As for why remote working poses such a security headache, Parkanyi believes it lies with the pace at which many businesses adopt new technologies and practices in a short space of time. Issues have arisen primarily because most businesses don’t have the experience to move into remote working in the space of 24 hours, and have had to scramble to gather resources to make the move on such short notice.
“This means they inevitably leave gaps just to get to a working level in the new environment. Securing calls and team chats has become a top priority, and many will struggle with complex VPN setups on company-issued devices. Existing data leakage prevention systems are going to have a hard time dealing with the new threat model, too.
“Probably most crucially, email systems suddenly need to cope with a significantly larger volume of abuse, because criminals were quick to exploit the global crisis. This leaves companies with insufficient email protection exposed to compromise through phishing or more specifically, spear phishing.”
Adapting to the coronavirus pandemic has proven a major challenge for all organisations, regardless of size or stature. The prospect of falling victim to a cyber attack in an increasingly savage threat landscape has come to resemble a nightmare scenario that may come to haunt any business that slips up. Would it not be for the efforts of a handful of security firms, themselves forced to adapt to the conditions the pandemic has enforced, the situation for many companies may actually be infinitely bleaker