Giuseppe Brizio, CISO EMEA at Qualys, says that the insider threats are often underestimated but are very dangerous
How has the security threat landscape evolved over the past few months?
Digital Transformation, accelerated by the pandemic, has heralded a new reality characterized by the hybrid (remote and mobile) workforces and fast adoption of new technologies (e.g. Cloud Computing, Containers, Enterprise Mobility etc.) which have dramatically increased the cyber attack surface and weakened organizations’ cybersecurity posture. Consequently, the cyberattacks have increased in volume and bad actors have gained a higher possibility of succeeding.
Supply chain attacks, for instance, are complex and require a lot of resources, but are very attractive to hackers because one successful hacking on a commonly used software gives the attackers a multiplying effect, providing potential access to all the customers using that software. The SolarWinds attack is an example of the supply chain risk. As was the case in 2020, cyber-criminals will continue and increase the focus on remote workers, launching attacks that exploit “stay at home” technology vulnerabilities but also behavioural weaknesses through social engineering. Cybercriminals continue to take advantage of the sudden shift to remote working caused by the pandemic, to launch phishing, ransomware, and malware attacks, targeting gaps in security postures, as many organizations were not really prepared to support a large scale remote workforce, securely.
The insider threats are often underestimated but are very dangerous. Employees might not be the ones facing the consequences but they might be the ones causing the problem by unconsciously facilitating a cyber-attack due to a lack of awareness of security policies. The real threat for many companies has now become the insider because the attacks on businesses and infrastructure can be much easier and more damaging when launched from within, where the security tends to be not as strong.
What are the top 3 cybersecurity trends we should be looking out for?
The accelerated business digitization and the new digitally enabled business models, meaning more and more people are doing business online, whether it be remote work or e-commerce. In addition, with an estimated number of 30+ billion connected objects (IoT) by 2025, the physical and digital world boundaries are blurring, giving hackers a growing number of opportunities to perpetrate cyberattacks and breach cyber-defence. The advent of the 5G means the growing billions of connected objects, and the trillions of related sensors will connect and interact at unprecedented speeds.
So from my perspective, the cyberattack surface continues to expand. Therefore, protecting it becomes imperative, via cybersecurity solutions that provide real-time visibility into the IT hybrid environment. You also need to predict and prevent cyber threats from occurring and detect and respond swiftly to cyberattack attempts. Artificial intelligence and machine learning technologies will provide more efficient and faster decision-making by prioritizing and acting on threats, especially in a large IT hybrid environment.
Ransomware and malware have respectively increased by 4x and 3.5x in 2020 compared to 2019, and the average payout of Ransomware is in the neighborhood of US$250K per event. The trend is that cybercriminals are becoming more powerful by sharing cyberattack opportunities on the dark web and also joining forces in coordinated and broader-scale cyberattack ventures. Cybercriminals are the actors of the “crime digitization” who bring crime from physical to the digital world. Ransomware and malware prevention can be done through cybersecurity education and training, anti-malware programs, phishing awareness campaigns, ensuring timely vulnerabilities patching, and user cybersecurity hygiene (e.g. identity management, secure password, etc.).
Operational technology in the Industrial Control Systems keeps developing at a fast pace and are interconnected like never before. This provides new opportunities for cybercriminals, and we’ve seen Operational Technology cyber threats increase by 3x in the last 12 months. The critical infrastructures in the industrial sectors, but also in healthcare, utilities, transportation, etc. could be particularly vulnerable to cyberattacks because these infrastructures were not designed to take into account cybersecurity. To protect Operational Technology (OT) from cybersecurity threats, a comprehensive risk assessment, and risk-based approach is required, to address vulnerabilities, ensure “security by design” whenever possible and apply a zero trust cybersecurity framework.
What sort of security challenges are people facing when working from home and how is your company equipped to handle those challenges?
Depending on the countries and the business sectors, it’s estimated that during Q1 2021, between 50% to 80% of the workforces operated remotely due to the pandemic. Home offices by nature are not as protected as companies’ office sites which are equipped with security infrastructure (e.g. firewalls, routers etc.) and operated by security teams. Remote work has created new opportunities for hackers to exploit vulnerable employee devices and networks. The forced and immediate home office adoption created the “perfect storm” conditions for hackers to take advantage of “staying at home” vulnerabilities such as unprotected personal devices (BYOD) and unsecured networks (Wi-Fi) but also stressful situations when people are confronted with juggling between work and family duties.
The WFH or remote work in general is also known as the cloudification of work, which is, paraphrasing the Cloud, when employees no longer need to be “on-premise”, in company office locations, to perform their work duties. Companies have to increase security awareness among their remote and mobile workers, educating them about cyber risks, cyber threats, and cybersecurity hygiene (e.g. preventive best practices). The security policy should be enforced (e.g. account mgt, password mgt, least privileged access, etc.) for WFH users, and WFH devices should be protected through an EPP (Endpoint Protection Platform) tool at minimum, providing broader than antivirus cyber-defence.
But additionally, there should also be an EDR (Endpoint Detection and Response) solution that provides most advanced layer of endpoint protection by collecting and analysing data from endpoints across a network, so it can stop an attack whilst taking place. Furthermore, once the threat has been removed, EDR can then be used to identify and trace the root causes and the exact source of the attack, to avoid similar events from happening in the future. To give you an analogy, the EPP is like a “shield” from a protection standpoint whilst the EDR is like a “sword” allowing the organization to respond to a cyberattack.
How has ransomware evolved during the pandemic period and what are you doing to tackle the problem?
The volume of ransomware threats grew 4x in 2020 vs 2019, as well as in value, with some estimating that ransomware damage will reach US$20+ billion by the end of 2021. Ransomware officially claimed its first life in 2020 as a consequence of an attack on a German healthcare facility. Around 80% of the ransomware attacks do target enterprise organizations and therefore this constitutes a very serious issue for businesses around the world. Training users on the proper ways of detecting and reacting to these threats and using secured email management solutions are effective ransomware countermeasures. If all users know how to recognize a phishing email and make sure it’s signalled to the security team, this can considerably reduce the ransom risk as roughly 50% of the ransomware is introduced via phishing emails.
Systems have to be configured according to guidelines provided by hardware or software vendors, and kept up to date, with particular attention to the security patches. Network segregation is, from a technical standpoint, a good line of defence as it will be easier to contain a successful attack by preventing it from moving laterally. Furthermore, it’s paramount to have a backup strategy covering all data and systems required to deliver your services and a well-defined and tested BCP (Business Continuity Plan) which will enable you to restore data and system, and restart the affected business services in case of a breach.
How can companies overcome digital security and privacy challenges?
Cybercrime is here to stay and its actually expected to constantly grow more in volume, value (i.e. caused damage) and capabilities. With the paradigm shift from Corporate centric networks to Internet-centric ones, the perimeter that needs to be secured is getting exponentially bigger and more complex. The internet was conceived to enable connectivity, in the first place, and not security, therefore it requires efforts to make it secure.
To overcome digital security challenges, a structured Cybersecurity Business Strategy is required based on Risk Management in order to identify and analyze cyber risks, threats likelihood and business impact. People also need to ensure users’ cybersecurity awareness and a right-sized cybersecurity professionals team. Data and Processes need to be secured in terms of IT assets visibility, prevention, remediation, detection and response to cyber threats/attacks. Technology is also needed to support and automate the cybersecurity processes and ensure their effectiveness.
More specifically related to data privacy and regulations like GDPR (General Data Protection Regulation), human error is the biggest challenge. Employees who are unaware of the sensitivity of the data they access and manage can run the risk of mistakenly altering or deleting data; falling for phishing scams causing data breaches; mismanaging data access and privileged access or having their credentials stolen, allowing data exfiltration. Having a data privacy awareness and training program is essential to ensure Data Protection and Compliance with Data Privacy regulations and their evolutions/changes. For instance, as it relates to international data transfers, the European Court of Justice decision, known as “Schrems II”, has invalidated the Privacy Shield in July 2020, forcing companies to review the Standard Contractual Clauses to ensure EU data privacy compliance.
What are the key factors organizations should consider making sure digital economies of today are secured?
The digital economy strategy is about giving access to digital and knowledge infrastructure, building digitally-enabled business models, developing digital skills across businesses, workforces, and consumers, and attracting and growing high technology businesses. To secure digital economies, every organization should make the utmost effort to ensure it operates in a cyber secure and responsible manner across the internet (initially designed to enable connectivity, not for security) and respect data privacy according to related regulations. Every company, in any value chain, should adopt guiding principles like “security by design” and “security built-in” for any digital or digitally enabled products and/or services they provide, in order to contribute from the ground up to building a cyber-secure digital economy.