Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

10/7/2020
02:00 PM
Satya Gupta
Satya Gupta
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

The New War Room: Cybersecurity in the Modern Era

The introduction of the virtual war room is a new but necessary shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.

As COVID-19 continues its devastation around the world, businesses have faced a slew of unexpected challenges from this global pandemic. In response, many companies have moved their entire workforce to remote models, but this adjustment brings with it a massive increase in security risks — and many businesses find themselves unprepared and in uncharted territory. Though cybercriminals were also caught off-guard by COVID-19, they are now finding new avenues of attack that many companies have never faced before.

Related Content:

3 Ways the Pandemic Will Affect Enterprise Security in the Future

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: Think You're Spending Enough on Security?

For decades before the pandemic began, security teams congregated in a physical "war room" to foster collaboration and quickly and efficiently work together to fight off cybersecurity crises as a team. These war rooms typically take on one of two scenarios.

The first, known as the red team, is when analysts preemptively look to attack a replica of the enterprise software infrastructure. Many banking institutions have taken this approach to cybersecurity in recent years to ensure their teams are trained and prepared to fend off attacks. The second approach to the war room is the blue team, where analysts seek to detect and defend against attacks that have become longer and more persistent in nature.

Now, of course, this decades-long tradition is no longer an option. Teams work virtually to manage security systems remotely. Just as the rest of the world has shifted to meet the "new normal" of the COVID-19 pandemic, security teams must re-evaluate the future of their cybersecurity posture, and in particular, what a new, virtual war room looks like to ensure all systems are protected from continually evolving cyberattacks.

Security teams have always faced an overwhelming number of attacks on their critical applications and systems, but the pandemic has amplified these areas of weakness in each system. As COVID-19 began and the world faced its peak of uncertainty around the disease, Mimecast reported a 33% increase in every category of cyberattacks, including impersonation, URL clicks, and malware, among others.

Coupled with analysts working remotely, the dwell time for each attack is now subject to network delays and outages, particularly because the typical home network is shared with lower service-level agreements and reliability. It can also be much more difficult for analysts to focus in the same way they would in a traditional war room, especially with many families quarantined at home together, working on the same networks.

Companies must act quickly to address these glaring deficiencies, and the war room must evolve. In the red team scenario, analysts need to think of out-of-the-box strategies to comprehensively attack the software in order to maintain effectiveness. Analyst energy and responses are increasingly harder to coordinate due to network delays and potential outages in home networks, so close cooperation and brainstorming between analysts and efficient tools are key to achieving success.

In the blue team scenario, the outcome hinges on very close collaboration between the various digital forensic incident response (DFIR) analysts for a variety of reasons — the first being that this ensures an attack can be detected and responded to very early in the kill chain. Additionally, by getting the full fingerprint of the attack, compromised systems can be reverted. In the final piece of the puzzle, close collaboration between analysts provides a framework to implement post-attack, including a response plan to engage with law enforcement agencies with as much detail as possible.

In addition to increased levels of collaboration between teams, a clear approach to improving cybersecurity effectiveness in both scenarios would be to implement increased automation in detection and protection operations. With so many potential attacks on a system coming in at one time, increased automation provides much-needed assistance to analysts.

COVID-19 and its aftermath has created a new set of cyberthreats and forced security teams to manage vital systems remotely. The introduction of the virtual war room is a new but necessary paradigm shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.

This new approach could end up being more effective due to the various benefits that are tied to distributed workforces. Security teams are innately extremely resilient and innovative, and the new war room is just another challenge that will bring about more productive ways to fight cybercrime moving forward.

Satya Gupta is Virsec's visionary and has over 25 years of expertise in embedded systems, network security and systems architecture. Prior to focusing Virsec to a product orientation, Satya built Virsec as a highly profitable software design and consulting business and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.