The impact of the COVID pandemic on IT operations in general and cybersecurity in particular has been profound, says Guy Matthews, editor of NetReporter. CIOs and CIOs and Security Directors (CIOs and CISOs) have been constantly on their toes and have a very uncertain landscape ahead of them.
There are a lot of things they need to keep in mind regarding the increased threat levels and the actions needed to deal with them.
As their organizations transform digitally, they too must, says Jeff Wilson, chief analyst, cybersecurity technology with Omdia, be aware of how the cloud is reshaping the landscape to identify and stop attacks.
The world of cybersecurity was already in the process of remaking itself before COVID, he believes: “In my opinion, there were four engines that were intertwined at the same time,” he explains. “The first is IT transformation and it’s about moving the on-premises infrastructure to a more flexible and hopefully cheaper cloud. Second, the evolution of the threats themselves. We don’t live in a vacuum, with criminals waiting for us to make our next security leap before launching new attacks. Attackers are constantly evolving their threats.
The third is that most businesses go through a process of reconciliation and consolidation that results in a host of solutions. Very few organizations have had the opportunity to step back and ask what they really need to protect their infrastructure. The final part of this IT transformation is the addition of mobile and IoT devices.
After the pandemic, Wilson argues, it looks like businesses that are more digital, more agile, more cloud-centric and more flexible will be the ones that have an easier time moving to the next phase. The reasons are not hard to find. Wilson notes “In 2020, network traffic has exploded and life has become more digital.
All this traffic has to go somewhere and come from somewhere, and when there is an explosion in traffic, there is an explosion in the demands of securing that traffic at all layers, whether it is the data centers. cloud or emerging edge data.
Threat levels remain unprecedented, he said, “Attackers are opportunists. It turns out that a global pandemic creates many new opportunities for attack. Threats and risks evolve.
To broaden the conversation on the lasting impacts of the pandemic, its impact on cybersecurity, and the importance of the cloud as a whole, Wilson spoke with several personalities from the security world.
“When the pandemic started, what we saw initially was that the attack surface grew overnight,” said Gail Coury, senior vice president and chief security officer of the ‘information, F5 networks. “Businesses have gone from having everyone at the office to, overnight, working from home. This involved expanding the ability of VPN to protect these environments and doing it very quickly. I think we’ve also seen accelerated attacks for web fraud.
To give an example in the United States, when the COVID relief money was distributed by the federal government to state organizations, we started to see a huge amount of “credential stuffing”. At F5, some of our employees were told that someone had filed for unemployment on their behalf, even though they continued to work during the pandemic.
When we realized this fraud was happening, we went to the customers and said can we help put web services in front of the environments to add anti-fraud protections against credential jamming and help to repel attackers. When the pandemic heated up, the attackers also returned home. With a lot of free time, they got very creative.
Coury says that F5 also noted a huge increase in ransomware, from 6% in 2019 to over 30% in 2020, “It was a huge spike,” she says. “Criminals are looking for the monetary gain they can get from holding companies held hostage.
Craig Connors, VP and CTO for Service Provider and Edge with VMware agrees that attackers have spent their time changing their tactics and trying to take advantage of the increase in remote work: “We also need to change our tactics to protect ourselves against that, and that’s where things like SASE and distributed security in the cloud comes into play. The elements that enable us to deliver a consistent security experience, whether users are in the office or on the go, will be critical going forward.
Part of the problem is that the model has changed that instead of employees coming to a place and inheriting its security, the security has to go to them. That’s what TK Keanini, CTO at Cisco Security“This is why the idea of Zero Trust, which was largely academic before the pandemic or popular in niches, is now a reality,” he says. “The Zero Trust Architecture is the new way forward. And that fits the new way we’re all going to do business. Overnight, the Internet became the network, the cloud the data center, and identity is now the new perimeter.
So how has the cyber threat changed in 2020? And what does this tell us about the security landscape of the future?
DDoS attacks soared during disruption, says Darren Anstee, chief security technologist at Network Performance Specialist NetScout. “We monitored over 10 million Internet attacks last year, up about 20% from 2019, peaking in May where we were seeing about one attack every three seconds through our Atlas system.” , he explains. “A lot of these attacks were very complex. We’re not just talking about simple packet bursts and things like that. We are talking about attacks made up of multiple parallel attack vectors which are driven by very easy to find and very easy to use attack tools and services, but which generate very sophisticated attacks targeting just about anything you want. want.
We’ve also seen the range of attack targets change, shifting more towards the types of things we were more dependent on last year, like streaming services, collaboration tools, ecommerce, providers. healthcare, educational institutions offering distance education. We also saw a big leap in DDoS extortion last year.
There is plenty of evidence that hackers have organized themselves around the companies they are attacking, explains Coury of F5. She also notes a certain trivialization of the threat: “If you want to launch a ransomware attack, for example, you don’t have to build it or figure it out yourself,” she says.
“There is so much money to be made in this space. From a CISO perspective, it’s about having a consistent policy and visibility of everything in your infrastructure. This is a huge challenge for any security professional. How do you manage the budget and how do you get the right skills and what do you do technologically? The challenge has never been greater.
With criminals organizing like businesses, the job of security professionals becomes to make it expensive for them to achieve their goals, explains Cisco Security’s Keanini, “This means you are the least attractive target, representing the cost. as high as possible for their margin, “he said. Explain. “We are facing an innovation spiral with these guys. We innovate and we make it harder for them. Then they innovate, which makes it harder for us. It has been like this for about thirty years. “
NetScout’s Anstee points out that much of today’s threat landscape is not about commercial gain, “If the attacker is a nation state, like North Korea or Belarus. they’re not motivated by money, and it changes the way they operate and it changes the way we have to defend ourselves.
This type of attacker is ready to continue until he succeeds, and he has a much wider range of tools. They have intelligence resources to determine what you bought, what you deployed, how you deployed, and what projects you have in the pipeline. They also usually have more access to recognition, so when they carry out an attack, they can see how effective it was, what bits worked, what bits didn’t work, what technologies we are using for them. block. It is very different from defending against commercially motivated attacks.
So how, for better or worse, has the cloud affected the threat landscape? What are the first steps to secure infrastructure, applications and data in the cloud?
“The cloud has changed cybersecurity because of the threats it created,” says Connors of VMware. “It has also changed cybersecurity because of the benefits it offers. We have cloud-based security solutions to help us make it easy to connect multiple clouds. Modern problems require modern solutions. Cloud-based security solutions give us a single point of entry to multiple clouds, providing visibility and control, and enabling us to ensure that we are able to apply a consistent security posture.
Businesses need a consistent picture of what’s going on in the whole environment, agrees Anstee of NetScout, “We need to be able to correlate what’s going on so that we can identify the unusual, identify the new one, identifying the things that indicate something is wrong.
Cloud native is the answer, says Cisco Security’s Keanini, “The reason businesses choose cloud native is that there is usually a part of their business where they want to be resilient. If the whole internet shows up on Monday, they can handle it, and if half the internet shows up on Tuesday, they can handle it, and they don’t pay for everything. There is a cloud-native economy that is incredibly attractive. And, of course, it happens more on a machine scale than on a human scale.
“We are seeing more AI (artificial intelligence) and machine learning to be able to react quickly to any type of attack that might occur in the environment so that we do not rely so much on the human factor to be able to respond. “, agrees Coury of F5.
“We calculate everything that is happening at machine speed, so safety must also be present. It’s the unique time to be a security professional today. I think we have to adapt and change as other technologies evolve. We need to fully understand how technologies, DevOps, agile development, and microservices work, and we need to look for solutions that can be consistent with that. “
The author is Guy Matthews, editor-in-chief of NetReporter.