Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

10/7/2020
02:00 PM
Satya Gupta
Satya Gupta
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

The New War Room: Cybersecurity in the Modern Era

The introduction of the virtual war room is a new but necessary shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.

As COVID-19 continues its devastation around the world, businesses have faced a slew of unexpected challenges from this global pandemic. In response, many companies have moved their entire workforce to remote models, but this adjustment brings with it a massive increase in security risks — and many businesses find themselves unprepared and in uncharted territory. Though cybercriminals were also caught off-guard by COVID-19, they are now finding new avenues of attack that many companies have never faced before.

Related Content:

3 Ways the Pandemic Will Affect Enterprise Security in the Future

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: Think You're Spending Enough on Security?

For decades before the pandemic began, security teams congregated in a physical "war room" to foster collaboration and quickly and efficiently work together to fight off cybersecurity crises as a team. These war rooms typically take on one of two scenarios.

The first, known as the red team, is when analysts preemptively look to attack a replica of the enterprise software infrastructure. Many banking institutions have taken this approach to cybersecurity in recent years to ensure their teams are trained and prepared to fend off attacks. The second approach to the war room is the blue team, where analysts seek to detect and defend against attacks that have become longer and more persistent in nature.

Now, of course, this decades-long tradition is no longer an option. Teams work virtually to manage security systems remotely. Just as the rest of the world has shifted to meet the "new normal" of the COVID-19 pandemic, security teams must re-evaluate the future of their cybersecurity posture, and in particular, what a new, virtual war room looks like to ensure all systems are protected from continually evolving cyberattacks.

Security teams have always faced an overwhelming number of attacks on their critical applications and systems, but the pandemic has amplified these areas of weakness in each system. As COVID-19 began and the world faced its peak of uncertainty around the disease, Mimecast reported a 33% increase in every category of cyberattacks, including impersonation, URL clicks, and malware, among others.

Coupled with analysts working remotely, the dwell time for each attack is now subject to network delays and outages, particularly because the typical home network is shared with lower service-level agreements and reliability. It can also be much more difficult for analysts to focus in the same way they would in a traditional war room, especially with many families quarantined at home together, working on the same networks.

Companies must act quickly to address these glaring deficiencies, and the war room must evolve. In the red team scenario, analysts need to think of out-of-the-box strategies to comprehensively attack the software in order to maintain effectiveness. Analyst energy and responses are increasingly harder to coordinate due to network delays and potential outages in home networks, so close cooperation and brainstorming between analysts and efficient tools are key to achieving success.

In the blue team scenario, the outcome hinges on very close collaboration between the various digital forensic incident response (DFIR) analysts for a variety of reasons — the first being that this ensures an attack can be detected and responded to very early in the kill chain. Additionally, by getting the full fingerprint of the attack, compromised systems can be reverted. In the final piece of the puzzle, close collaboration between analysts provides a framework to implement post-attack, including a response plan to engage with law enforcement agencies with as much detail as possible.

In addition to increased levels of collaboration between teams, a clear approach to improving cybersecurity effectiveness in both scenarios would be to implement increased automation in detection and protection operations. With so many potential attacks on a system coming in at one time, increased automation provides much-needed assistance to analysts.

COVID-19 and its aftermath has created a new set of cyberthreats and forced security teams to manage vital systems remotely. The introduction of the virtual war room is a new but necessary paradigm shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.

This new approach could end up being more effective due to the various benefits that are tied to distributed workforces. Security teams are innately extremely resilient and innovative, and the new war room is just another challenge that will bring about more productive ways to fight cybercrime moving forward.

Satya Gupta is Virsec's visionary and has over 25 years of expertise in embedded systems, network security and systems architecture. Prior to focusing Virsec to a product orientation, Satya built Virsec as a highly profitable software design and consulting business and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25660
PUBLISHED: 2020-11-23
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph...
CVE-2020-25688
PUBLISHED: 2020-11-23
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a...
CVE-2020-25696
PUBLISHED: 2020-11-23
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating sy...
CVE-2020-26229
PUBLISHED: 2020-11-23
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability...
CVE-2020-28984
PUBLISHED: 2020-11-23
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.