Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/31/2020
10:00 AM
Dirk Schrader
Dirk Schrader
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

How to Build Cyber Resilience in a Dangerous Atmosphere

Our polarized climate and COVID-19 are putting the nation's cybersecurity in imminent danger, and it's past time to act.

Whenever a polarizing event occurs, there are people looking for ways to exploit the situation. Cyber crooks are long known for using large events or important topics to try to phish and scam, infiltrate networks, and establish footholds. And the events that polarized the world's largest economy in 2020 set the perfect stage for advanced persistent threat (APT) groups and other organized cybercriminals to act. It is the ideal combination of all the ingredients you need for successful attacks, not only in the United States but everywhere in the world.

Why? Simply put, when large segments of the population are polarized (in fact, tribalized), they are eager to consume the things that help them make sense of their convictions. Opponents' facts and experiences are perceived with bias and even disbelief, which amplifies the impact of things that a person believes "makes sense." Playing to this scenario makes it straightforward for cybercriminals to distribute infected files or share links to malicious websites or downloads.

Related Content:

The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital

Building an Effective Cybersecurity Incident Response Team

New From The Edge: 'Tis the Season to Confront Third-Party Risk

Furthermore, coping with a global health crisis takes a substantial amount of focus, especially with the numbers rising. There isn't a single person who is not affected, directly or indirectly, by COVID-19, who doesn't have it on the brain every day as they worry about the health and safety of loved ones or their income.

Finally, the pandemic has fundamentally changed the way we work — now predominantly from home — and the impacts on our networking infrastructure are significant. So many unmonitored devices are now in close vicinity to the entry points on a corporation's network and radically increasing the attack surface for companies around the globe. Important critical infrastructure, such as healthcare and energy systems, must also be considered. Many critical infrastructure systems are under stress, aging, unstable, or experiencing negative side effects from the increased demand. Solving these issues is an enormous task that requires proper management and focus.

Cybercriminals Are in it For the Long Term
Vaccine research is a prime target for cybercriminals, as there is no object more valuable right now. It is the right time for attackers to infiltrate and establish footholds in networks; cyber-defense architectures are weak due to the effects of remote work in general, but also because employees distracted by polarizing topics may forget their cybersecurity awareness and become more vulnerable. 

Note that this is not about short-term gain for attackers. Establishing footholds in large numbers of organizations now will enable them to expand inside the infrastructure and prepare even larger attacks later. 

In addition, because digitalization is mainly driven by business decisions, cybersecurity is all too often an afterthought. Many businesses are interconnected globally through international supply chains and their products and services are delivered to distant countries. The dependence this places on information technology and its cross-connection between sectors is mostly invisible. Coordination efforts are hampered, and key management resources are unavailable.

Two Steps to Build Cyber Resilience
Given all of these ingredients and the context we're living in, the nation's cybersecurity status appears to be more vulnerable than usual. Therefore, this is a plea to businesses and organizations to bolster their cyber resilience.

1. Embrace the Paradigm Shift
The first step to achieving cyber resilience is to start with a fundamental paradigm shift: Expect to be breached, and expect it to happen sooner than later. You are not "too small to be of interest," what you do is not "irrelevant for an attacker," it doesn't matter that there is a "bigger fish in the pond to go after." Your business is interconnected to all the others; it will happen to you. 

Embrace the shift. Step away from a one-size-fits-all cybersecurity approach. Ask yourself: What parts of the business and which processes are generating substantial value? Which must continue working, even when suffering an attack, to stay in business? Make plans to provide adequate protection — but also for how to stay operational if the digital assets in your critical processes become unavailable.

2. Inventory Your Assets Now
Know your most important assets, and share this information among stakeholders. If your security admin discovers a vulnerability on a server with IP address 172.32.100.100 but doesn't know the value of that asset within your business processes, how can IT security properly communicate the threat? Would a department head fully understand the implications of a remote code execution (RCE) attack on that system? 

Do the resilience basics for your important assets (if you don't want to do it for all), put technical controls in place for changes and vulnerabilities, and tie these controls into a security architecture that enables automated information exchange, not only between the systems in your security operation center and its team members but also between all of your stakeholders. 

Doing these two things changes your approach to cybersecurity into a forward-looking, resilient posture, even in these polarized times.

 

A native of Germany, Dirk Schrader brings more than 25 years of delivering IT expertise and product management at a global scale. His work focuses on advancing cyber resilience as a sophisticated new approach to tackle cyberattacks faced by governments and organizations of ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28488
PUBLISHED: 2021-01-22
This affects all versions of package jquery-ui; all versions of package org.fujion.webjars:jquery-ui. When the "dialog" is injected into an HTML tag more than once, the browser and the application may crash.
CVE-2021-22847
PUBLISHED: 2021-01-22
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.
CVE-2021-22849
PUBLISHED: 2021-01-22
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.
CVE-2020-8567
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...