Virtualization Technology News and Information
The New 2020 Security Trends Emerging Amid COVID-19

By James Carder, CSO of LogRhythm and VP of Labs

The COVID-19 crisis has prompted most organizations across industries to transition large portions of their staff to work remotely - void of the usual corporate network perimeter protections and the usual access to resources on the local network. Companies are quickly adopting and/or increasing use of remote technologies and services that are transforming how businesses operate.

Unfortunately, cybercriminals have leveraged the crisis and cyberattacks have increased amid COVID-19. The ability to protect, defend and respond to threats regardless of location is more prudent now than before.

Below, I explain what tactics attackers will increasingly utilize as a result of this new digital landscape, and the repercussions on the priorities of election security.

User-focused Attacks Increase

Attackers are upping the scale with user-focused attacks. Attackers are not using terrifically novel, new tactics during this time. They are however, significantly upping the scale of existing attack vectors (phishing and watering hole types), and attacks are increasingly user-focused. Business operations are more focused on capacity, availability, and maintaining a productive workforce, while security is looked at for exceptions and compensating controls. Additionally, as some companies were not prepared for the sudden switch to a remote workforce, they might have asked their employees to use their personal devices. Unfortunately, companies cannot monitor or control these devices, leaving the remote technology and subsequently, their company, vulnerable.

Attackers will continue to realize the monetary benefits and disruption of user-focused attacks as remote technology becomes imperative for business continuity. Thus, we will an increase of data breaches over the next few months caused by successful phishing attempts and personal devices being infiltrated.

The Impact of COVID-19 on Election Security

Given the uncertainties with coronavirus, discussions have begun of how Americans will vote for the 2020 presidential election securely and safely. Just earlier this year, an app was used for the Iowa caucuses. However, the app was rushed out the door before it was ready to be implemented, causing issues for multiple voters who were unable to properly use it.

One of the options being discussed in lieu of in person voting is mail in. If this method is implemented for everyone, we can expect to cause delays and introduce several errors. If states move to electronic voting, it could increase efficiency and accuracy, so long as the proper security checks and controls are enforced in the technology. Otherwise, it can expose the presidential election to more catastrophic risk than not. A majority of states won't be willing to take that risk and because of this, we will see an unprecedented level of human error and delays associated with mail in ballots.


About the Author

James Carder LogRhythm 

James Carder brings more than 23 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. Government. At LogRhythm, he develops and maintains the company's security governance model and risk strategies, protects the confidentiality, integrity, and availability of information assets, oversees both threat and vulnerability management as well as the security operations center (SOC). He also directs the mission and strategic vision for the LogRhythm Labs threat research, compliance research, and strategic integrations teams.

Prior to joining LogRhythm, James served as the Director of Security Informatics at a large non-profit medical center in Minnesota, where he had oversight of the threat intelligence, incident response, security operations, and offensive security groups. Additional experience includes serving as a Senior Manager at MANDIANT, where he led professional services and incident response engagements. He also conducted criminal and national security-related investigations at the city, state, and federal levels, including those involving the theft of credit card information and advanced persistent threats (APTs).

James is a sought-after and frequent speaker at cybersecurity events and is a noted author of several cyber security publications. He is also an Advisory Board member for the University of Colorado, NewCloud Networks, and the Identity Defined Security Association (IDSA); a Certified Information Systems Security Professional (CISSP), and a member of the Forbes Technology Council. He holds a Bachelor of Science degree in Computer Information Systems from Walden University and an MBA from the University of Minnesota's Carlson School of Management.

Published Wednesday, August 12, 2020 8:01 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2020>