As COVID-19 continues its devastation around the world, businesses have faced a slew of unexpected challenges from this global pandemic. In response, many companies have moved their entire workforce to remote models, but this adjustment brings with it a massive increase in security risks — and many businesses find themselves unprepared and in uncharted territory. Though cybercriminals were also caught off-guard by COVID-19, they are now finding new avenues of attack that many companies have never faced before.
For decades before the pandemic began, security teams congregated in a physical "war room" to foster collaboration and quickly and efficiently work together to fight off cybersecurity crises as a team. These war rooms typically take on one of two scenarios.
The first, known as the red team, is when analysts preemptively look to attack a replica of the enterprise software infrastructure. Many banking institutions have taken this approach to cybersecurity in recent years to ensure their teams are trained and prepared to fend off attacks. The second approach to the war room is the blue team, where analysts seek to detect and defend against attacks that have become longer and more persistent in nature.
Now, of course, this decades-long tradition is no longer an option. Teams work virtually to manage security systems remotely. Just as the rest of the world has shifted to meet the "new normal" of the COVID-19 pandemic, security teams must re-evaluate the future of their cybersecurity posture, and in particular, what a new, virtual war room looks like to ensure all systems are protected from continually evolving cyberattacks.
Security teams have always faced an overwhelming number of attacks on their critical applications and systems, but the pandemic has amplified these areas of weakness in each system. As COVID-19 began and the world faced its peak of uncertainty around the disease, Mimecast reported a 33% increase in every category of cyberattacks, including impersonation, URL clicks, and malware, among others.
Coupled with analysts working remotely, the dwell time for each attack is now subject to network delays and outages, particularly because the typical home network is shared with lower service-level agreements and reliability. It can also be much more difficult for analysts to focus in the same way they would in a traditional war room, especially with many families quarantined at home together, working on the same networks.
Companies must act quickly to address these glaring deficiencies, and the war room must evolve. In the red team scenario, analysts need to think of out-of-the-box strategies to comprehensively attack the software in order to maintain effectiveness. Analyst energy and responses are increasingly harder to coordinate due to network delays and potential outages in home networks, so close cooperation and brainstorming between analysts and efficient tools are key to achieving success.
In the blue team scenario, the outcome hinges on very close collaboration between the various digital forensic incident response (DFIR) analysts for a variety of reasons — the first being that this ensures an attack can be detected and responded to very early in the kill chain. Additionally, by getting the full fingerprint of the attack, compromised systems can be reverted. In the final piece of the puzzle, close collaboration between analysts provides a framework to implement post-attack, including a response plan to engage with law enforcement agencies with as much detail as possible.
In addition to increased levels of collaboration between teams, a clear approach to improving cybersecurity effectiveness in both scenarios would be to implement increased automation in detection and protection operations. With so many potential attacks on a system coming in at one time, increased automation provides much-needed assistance to analysts.
COVID-19 and its aftermath has created a new set of cyberthreats and forced security teams to manage vital systems remotely. The introduction of the virtual war room is a new but necessary paradigm shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.
This new approach could end up being more effective due to the various benefits that are tied to distributed workforces. Security teams are innately extremely resilient and innovative, and the new war room is just another challenge that will bring about more productive ways to fight cybercrime moving forward.