Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

10/7/2020
02:00 PM
Satya Gupta
Satya Gupta
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

The New War Room: Cybersecurity in the Modern Era

The introduction of the virtual war room is a new but necessary shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.

As COVID-19 continues its devastation around the world, businesses have faced a slew of unexpected challenges from this global pandemic. In response, many companies have moved their entire workforce to remote models, but this adjustment brings with it a massive increase in security risks — and many businesses find themselves unprepared and in uncharted territory. Though cybercriminals were also caught off-guard by COVID-19, they are now finding new avenues of attack that many companies have never faced before.

Related Content:

3 Ways the Pandemic Will Affect Enterprise Security in the Future

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: Think You're Spending Enough on Security?

For decades before the pandemic began, security teams congregated in a physical "war room" to foster collaboration and quickly and efficiently work together to fight off cybersecurity crises as a team. These war rooms typically take on one of two scenarios.

The first, known as the red team, is when analysts preemptively look to attack a replica of the enterprise software infrastructure. Many banking institutions have taken this approach to cybersecurity in recent years to ensure their teams are trained and prepared to fend off attacks. The second approach to the war room is the blue team, where analysts seek to detect and defend against attacks that have become longer and more persistent in nature.

Now, of course, this decades-long tradition is no longer an option. Teams work virtually to manage security systems remotely. Just as the rest of the world has shifted to meet the "new normal" of the COVID-19 pandemic, security teams must re-evaluate the future of their cybersecurity posture, and in particular, what a new, virtual war room looks like to ensure all systems are protected from continually evolving cyberattacks.

Security teams have always faced an overwhelming number of attacks on their critical applications and systems, but the pandemic has amplified these areas of weakness in each system. As COVID-19 began and the world faced its peak of uncertainty around the disease, Mimecast reported a 33% increase in every category of cyberattacks, including impersonation, URL clicks, and malware, among others.

Coupled with analysts working remotely, the dwell time for each attack is now subject to network delays and outages, particularly because the typical home network is shared with lower service-level agreements and reliability. It can also be much more difficult for analysts to focus in the same way they would in a traditional war room, especially with many families quarantined at home together, working on the same networks.

Companies must act quickly to address these glaring deficiencies, and the war room must evolve. In the red team scenario, analysts need to think of out-of-the-box strategies to comprehensively attack the software in order to maintain effectiveness. Analyst energy and responses are increasingly harder to coordinate due to network delays and potential outages in home networks, so close cooperation and brainstorming between analysts and efficient tools are key to achieving success.

In the blue team scenario, the outcome hinges on very close collaboration between the various digital forensic incident response (DFIR) analysts for a variety of reasons — the first being that this ensures an attack can be detected and responded to very early in the kill chain. Additionally, by getting the full fingerprint of the attack, compromised systems can be reverted. In the final piece of the puzzle, close collaboration between analysts provides a framework to implement post-attack, including a response plan to engage with law enforcement agencies with as much detail as possible.

In addition to increased levels of collaboration between teams, a clear approach to improving cybersecurity effectiveness in both scenarios would be to implement increased automation in detection and protection operations. With so many potential attacks on a system coming in at one time, increased automation provides much-needed assistance to analysts.

COVID-19 and its aftermath has created a new set of cyberthreats and forced security teams to manage vital systems remotely. The introduction of the virtual war room is a new but necessary paradigm shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.

This new approach could end up being more effective due to the various benefits that are tied to distributed workforces. Security teams are innately extremely resilient and innovative, and the new war room is just another challenge that will bring about more productive ways to fight cybercrime moving forward.

Satya Gupta is Virsec's visionary and has over 25 years of expertise in embedded systems, network security and systems architecture. Prior to focusing Virsec to a product orientation, Satya built Virsec as a highly profitable software design and consulting business and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29458
PUBLISHED: 2020-12-02
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
CVE-2020-29456
PUBLISHED: 2020-12-02
Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in ...
CVE-2020-5423
PUBLISHED: 2020-12-02
CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.
CVE-2020-29454
PUBLISHED: 2020-12-02
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
CVE-2020-7199
PUBLISHED: 2020-12-02
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access,...