Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

10/7/2020
02:00 PM
Satya Gupta
Satya Gupta
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

The New War Room: Cybersecurity in the Modern Era

The introduction of the virtual war room is a new but necessary shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.

As COVID-19 continues its devastation around the world, businesses have faced a slew of unexpected challenges from this global pandemic. In response, many companies have moved their entire workforce to remote models, but this adjustment brings with it a massive increase in security risks — and many businesses find themselves unprepared and in uncharted territory. Though cybercriminals were also caught off-guard by COVID-19, they are now finding new avenues of attack that many companies have never faced before.

Related Content:

3 Ways the Pandemic Will Affect Enterprise Security in the Future

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: Think You're Spending Enough on Security?

For decades before the pandemic began, security teams congregated in a physical "war room" to foster collaboration and quickly and efficiently work together to fight off cybersecurity crises as a team. These war rooms typically take on one of two scenarios.

The first, known as the red team, is when analysts preemptively look to attack a replica of the enterprise software infrastructure. Many banking institutions have taken this approach to cybersecurity in recent years to ensure their teams are trained and prepared to fend off attacks. The second approach to the war room is the blue team, where analysts seek to detect and defend against attacks that have become longer and more persistent in nature.

Now, of course, this decades-long tradition is no longer an option. Teams work virtually to manage security systems remotely. Just as the rest of the world has shifted to meet the "new normal" of the COVID-19 pandemic, security teams must re-evaluate the future of their cybersecurity posture, and in particular, what a new, virtual war room looks like to ensure all systems are protected from continually evolving cyberattacks.

Security teams have always faced an overwhelming number of attacks on their critical applications and systems, but the pandemic has amplified these areas of weakness in each system. As COVID-19 began and the world faced its peak of uncertainty around the disease, Mimecast reported a 33% increase in every category of cyberattacks, including impersonation, URL clicks, and malware, among others.

Coupled with analysts working remotely, the dwell time for each attack is now subject to network delays and outages, particularly because the typical home network is shared with lower service-level agreements and reliability. It can also be much more difficult for analysts to focus in the same way they would in a traditional war room, especially with many families quarantined at home together, working on the same networks.

Companies must act quickly to address these glaring deficiencies, and the war room must evolve. In the red team scenario, analysts need to think of out-of-the-box strategies to comprehensively attack the software in order to maintain effectiveness. Analyst energy and responses are increasingly harder to coordinate due to network delays and potential outages in home networks, so close cooperation and brainstorming between analysts and efficient tools are key to achieving success.

In the blue team scenario, the outcome hinges on very close collaboration between the various digital forensic incident response (DFIR) analysts for a variety of reasons — the first being that this ensures an attack can be detected and responded to very early in the kill chain. Additionally, by getting the full fingerprint of the attack, compromised systems can be reverted. In the final piece of the puzzle, close collaboration between analysts provides a framework to implement post-attack, including a response plan to engage with law enforcement agencies with as much detail as possible.

In addition to increased levels of collaboration between teams, a clear approach to improving cybersecurity effectiveness in both scenarios would be to implement increased automation in detection and protection operations. With so many potential attacks on a system coming in at one time, increased automation provides much-needed assistance to analysts.

COVID-19 and its aftermath has created a new set of cyberthreats and forced security teams to manage vital systems remotely. The introduction of the virtual war room is a new but necessary paradigm shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.

This new approach could end up being more effective due to the various benefits that are tied to distributed workforces. Security teams are innately extremely resilient and innovative, and the new war room is just another challenge that will bring about more productive ways to fight cybercrime moving forward.

Satya Gupta is Virsec's visionary and has over 25 years of expertise in embedded systems, network security and systems architecture. Prior to focusing Virsec to a product orientation, Satya built Virsec as a highly profitable software design and consulting business and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Kelly Sheridan, Staff Editor, Dark Reading,  10/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27652
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27653
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27654
PUBLISHED: 2020-10-29
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
CVE-2020-27655
PUBLISHED: 2020-10-29
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
CVE-2020-27656
PUBLISHED: 2020-10-29
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.