Warren Buffet once said, "Only when the tide goes out do you discover who's been swimming naked." You can cover over a host of sins when times are good, but bad or unsafe practices will be exposed when times are rough.
Time and experience have borne out how accurate this witticism has been in the financial arena -- and we're now seeing how it can be true when it comes to the intersection of information security and COVID-19.
From an information security standpoint, current events have brought about a "new normal" in what we do and how we do it. The pandemic has impacted almost every aspect of security in some way -- from security operations to security management to security planning and beyond.
Some organizations, particularly those that have embraced operational agility and resilient modes of service delivery, have found the transition relatively painless. Some even have derived unexpected competitive advantages. Others, like those that have rigid operational processes or rely on less resilient strategies, have found it less so.
Ultimately, when we finally reach a "post-COVID" state, there will be plenty of time to analyze what surely will be many lessons learned from the decisions we're making today (and the legacy of the decisions that we made in the months and years leading up to today.)
However, it's likely that many weeks or months will pass before we can get to that systematic and analytical retrospective. Yet even though the data will be slow in coming, we can draw out some trends -- though still anecdotal -- based on what we see in the world around us.
There are lessons we can learn to inform how we plan for the remainder of this crisis, and they may inform the questions we ask when the time for retrospective analysis does come.
The Threat Landscape
The first area for productive exploration involves changes to the threat landscape. Now, it bears saying that it's early in the cycle, and there's limited data about the direct impacts associated with the operational changes that we've made to accommodate "work from home" orders and increased "externalization" of technology services.
Because of this, it's important that we be ready to adapt or gainsay what we observe anecdotally in light of hard data that is sure to be coming. Caveat aside, we have seen some concerning trends emerge that are observable (though perhaps not yet directly quantifiable) as it pertains to the threat landscape.
We've seen an increase in attacks against the healthcare sector. These run the gamut from ransomware and phishing to more sophisticated attacks.
While this is obviously horrifying, given that these are the same institutions that are responsible for treating the onslaught of COVID patients, it is informative in that it gives us some insight into how attackers operate.
We've also seen an emergence of attacks against videoconferencing applications: for example, uninvited external participants in conferences (i.e., "Zoom crashing") along with a steady stream of security vulnerabilities in popular videoconferencing platforms.
These facts tell us two things about attacker activity that might be tougher to see in normal times, providing a different frame of reference to observe how attackers have pivoted in response to new business conditions.
First, attackers continue to use contextual events as fodder for attack campaigns. This is perhaps not that surprising in itself, but it is valuable when combined with the observation that they are tending to concentrate attacks against exactly those industries that have their hands full already in the midst of the crisis. Attackers go after the vulnerable -- and they leverage context to do so.
Check for more detail:- https://www.technewsworld.com/story/Information-Security-New-Rules-86656.html
Comments