Virtualization Technology News and Information
A Game of Chess: Adopt New Strategies to Avoid Being Checkmated

By Gidi Cohen, Founder and CEO, Skybox Security

The ripple effects of the cybersecurity decisions made during the COVID-19 crisis are going to be felt for a long time. Tasked with rapidly securing a newly distributed workforce, many organizations have reached for quick fixes and solutions that can be rapidly deployed such as cloud services and VPNs. As the dust settles, businesses now must assess the decisions that they've made. It is time to examine whether current processes and practices can provide them with the stability that they need to maintain their competitive edge and enable growth.

This is a critical time for organizations to reconsider their previously established cybersecurity strategies. While necessity may be the mother of invention, the chaos that we're now experiencing could end up birthing new, and more considered, security initiatives. In a year of unprecedented change, organizations can't afford to hope for a stalemate in their ongoing battle with attackers. To gain an edge, are we going to see companies abandon the long-held "detect and response" approach to security? Will we, instead, see more large organizations prioritize the creation of new processes that will give them the insight that they need to shrink their attack surface and better protect their entire hybrid estate?

The pandemic has increased threat actors' power

Before thinking about how cybersecurity strategies need to evolve, it's important to consider how the game has changed in 2020. Businesses have had to navigate increased complexity by securing a remote workforce in an instant while balancing technology and resource spend to weather the economic storm. Threat actors have jumped on the opportunity afforded by the chaos of the pandemic, to take advantage of any missteps firms have made during this time  For example, during the first half of the year, the creation of new ransomware samples increased by 72 percent. The sophistication of this ransomware is such that threat agents have the capabilities and the confidence that they need to carry out successful, and devastating, attacks.

The attack on the UCSF School of Medicine demonstrates the significant financial loss that many organizations have experienced, above and beyond any revenue challenges they are already facing during this recession. The institution felt like it was left with few options other than to pay the $1.14 million ransom demanded to decrypt its data and restore access to its servers. Multiple municipalities have also been hit with attacks: among others, San Miguel County paid out $250,000; Florence, Alabama $291,000; and La Salle County, Illinois $500,000. And there have been significant attacks on businesses. One firm fell victim to Maze ransomware just before it transitioned to remote work, leaving its internal systems encrypted and programs responsible for laptop provisioning and virtual desktop infrastructure (VDI) disabled. The financial impact of the attack - with losses estimated to sit somewhere between $50 million and $70 million - is harmful during good times, and potentially catastrophic at a time of global economic instability.

The reasons behind the exponential increase in attacks over the last six months are multi-layered and are driving the decimation of the pawns that form a company's first line of defense. Ransomware is becoming more sophisticated and it's being weaponized at a time when organizations can ill afford to suffer any unexpected bumps in the road. Threat actors know how desperate companies are to avoid the profit loss, data loss and loss of trust associated with a successful attack, which makes their position more powerful than ever. In many ways, the pandemic has done a lot to make attackers believe that they are well placed to claim Grandmaster status.

Security teams need to establish their own new normal

As cybersecurity requirements continue to evolve at pace, so too do the challenges facing security and networking teams. In addition to the risks posed by emboldened threat actors, businesses have also been struggling with distributed workforces expanding the size of their attack surface. These challenges may be extreme in terms of how suddenly they've arisen, but they are still reflective of just how unpredictable cybersecurity can be. The shift in focus forced upon enterprises during the pandemic should have long-lasting consequences. One such consequence should be a fundamental rethink of how to approach security.  

It's predicted that more than 20,000 vulnerabilities are going to be reported in 2020. By itself, this landmark figure exposes the fragility of the "detect and response" approach still used by many large organizations. With so many new and existing, vulnerabilities to monitor, it's no longer good enough to run intermittent scans across all accessible network areas to determine remediation priorities. The sheer volume of scans that are required, and the lack of contextual insight that they provide to an organization's threat posture, make it a costly and ineffective endeavor. The hybrid estates that are typical within most sizable organizations are too large, too fragmented and are made up of too many moving parts for this approach to provide much use - particularly now that masses of remote workers have greatly expanded the size of the attack surface. The old naïve way of working should become an artifact of pre-COVID times. Overcoming the blind spots and obstructions within corporate security environments requires greater insight, increased automation, and full network visibility. 

First, the CISO needs to remove the guesswork from security. By integrating and normalizing data across their environment, they will be able to gain the insight that they need to ensure proper segmentation and create a well-configured perimeter. By automating key processes - like change management, for example - they will be able to make better use of their existing resources. And by gaining full, context-informed network visibility they will be able to see which of their vulnerabilities and assets are most exposed to potential threats, enabling them to create more targeted and effective remediation strategies.

Just like the game of chess, cybersecurity professionals need to see around corners to develop proactive strategies. But, for too long, this is a game that organizations have been playing blindfolded. By reframing cybersecurity priorities towards developing integrated processes that stretch across the entire hybrid estate, the blindfold will be taken off. More than that, security teams will gain a home advantage. There is not, and will never be, a magic wand that will remove all cybersecurity challenges. But organizations could, and should, be doing more to put themselves in a winning position. Despite this being such a difficult and unpredictable year, it could also end up being a catalyst for positive change - it's time to ditch old ways of working and establish processes that will set firms up for future success. 


About the Author

Gidi Cohen 

Gidi Cohen co-founded Skybox in 2002 and has been instrumental in building awareness and adoption of Security Risk Management solutions in the marketplace. A noted expert on the business and technical implications of network security, risk management, and modeling and simulation technologies. Prior to Skybox, Cohen was the CEO and co-founder of Vigil Technologies, Inc. bringing to market analytic solutions for Global 2000 companies. Gidi Cohen also served as an officer in the IDF Intelligence Corps, leading an elite software development unit developing information security solutions. Gidi Cohen holds Bachelors of Science and Master of Science degrees in Computer Sciences and Mathematics from Tel Aviv University.

Published Monday, September 21, 2020 7:40 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2020>