Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Dirk Schrader
Dirk Schrader
Connect Directly
E-Mail vvv

How to Build Cyber Resilience in a Dangerous Atmosphere

Our polarized climate and COVID-19 are putting the nation's cybersecurity in imminent danger, and it's past time to act.

Whenever a polarizing event occurs, there are people looking for ways to exploit the situation. Cyber crooks are long known for using large events or important topics to try to phish and scam, infiltrate networks, and establish footholds. And the events that polarized the world's largest economy in 2020 set the perfect stage for advanced persistent threat (APT) groups and other organized cybercriminals to act. It is the ideal combination of all the ingredients you need for successful attacks, not only in the United States but everywhere in the world.

Why? Simply put, when large segments of the population are polarized (in fact, tribalized), they are eager to consume the things that help them make sense of their convictions. Opponents' facts and experiences are perceived with bias and even disbelief, which amplifies the impact of things that a person believes "makes sense." Playing to this scenario makes it straightforward for cybercriminals to distribute infected files or share links to malicious websites or downloads.

Related Content:

The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital

Building an Effective Cybersecurity Incident Response Team

New From The Edge: 'Tis the Season to Confront Third-Party Risk

Furthermore, coping with a global health crisis takes a substantial amount of focus, especially with the numbers rising. There isn't a single person who is not affected, directly or indirectly, by COVID-19, who doesn't have it on the brain every day as they worry about the health and safety of loved ones or their income.

Finally, the pandemic has fundamentally changed the way we work — now predominantly from home — and the impacts on our networking infrastructure are significant. So many unmonitored devices are now in close vicinity to the entry points on a corporation's network and radically increasing the attack surface for companies around the globe. Important critical infrastructure, such as healthcare and energy systems, must also be considered. Many critical infrastructure systems are under stress, aging, unstable, or experiencing negative side effects from the increased demand. Solving these issues is an enormous task that requires proper management and focus.

Cybercriminals Are in it For the Long Term
Vaccine research is a prime target for cybercriminals, as there is no object more valuable right now. It is the right time for attackers to infiltrate and establish footholds in networks; cyber-defense architectures are weak due to the effects of remote work in general, but also because employees distracted by polarizing topics may forget their cybersecurity awareness and become more vulnerable. 

Note that this is not about short-term gain for attackers. Establishing footholds in large numbers of organizations now will enable them to expand inside the infrastructure and prepare even larger attacks later. 

In addition, because digitalization is mainly driven by business decisions, cybersecurity is all too often an afterthought. Many businesses are interconnected globally through international supply chains and their products and services are delivered to distant countries. The dependence this places on information technology and its cross-connection between sectors is mostly invisible. Coordination efforts are hampered, and key management resources are unavailable.

Two Steps to Build Cyber Resilience
Given all of these ingredients and the context we're living in, the nation's cybersecurity status appears to be more vulnerable than usual. Therefore, this is a plea to businesses and organizations to bolster their cyber resilience.

1. Embrace the Paradigm Shift
The first step to achieving cyber resilience is to start with a fundamental paradigm shift: Expect to be breached, and expect it to happen sooner than later. You are not "too small to be of interest," what you do is not "irrelevant for an attacker," it doesn't matter that there is a "bigger fish in the pond to go after." Your business is interconnected to all the others; it will happen to you. 

Embrace the shift. Step away from a one-size-fits-all cybersecurity approach. Ask yourself: What parts of the business and which processes are generating substantial value? Which must continue working, even when suffering an attack, to stay in business? Make plans to provide adequate protection — but also for how to stay operational if the digital assets in your critical processes become unavailable.

2. Inventory Your Assets Now
Know your most important assets, and share this information among stakeholders. If your security admin discovers a vulnerability on a server with IP address but doesn't know the value of that asset within your business processes, how can IT security properly communicate the threat? Would a department head fully understand the implications of a remote code execution (RCE) attack on that system? 

Do the resilience basics for your important assets (if you don't want to do it for all), put technical controls in place for changes and vulnerabilities, and tie these controls into a security architecture that enables automated information exchange, not only between the systems in your security operation center and its team members but also between all of your stakeholders. 

Doing these two things changes your approach to cybersecurity into a forward-looking, resilient posture, even in these polarized times.


A native of Germany, Dirk Schrader brings more than 25 years of delivering IT expertise and product management at a global scale. His work focuses on advancing cyber resilience as a sophisticated new approach to tackle cyberattacks faced by governments and organizations of ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-14
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
PUBLISHED: 2021-05-14
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first c...
PUBLISHED: 2021-05-14
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App o...
PUBLISHED: 2021-05-14
Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.
PUBLISHED: 2021-05-14
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser.