Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/31/2020
10:00 AM
Dirk Schrader
Dirk Schrader
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

How to Build Cyber Resilience in a Dangerous Atmosphere

Our polarized climate and COVID-19 are putting the nation's cybersecurity in imminent danger, and it's past time to act.

Whenever a polarizing event occurs, there are people looking for ways to exploit the situation. Cyber crooks are long known for using large events or important topics to try to phish and scam, infiltrate networks, and establish footholds. And the events that polarized the world's largest economy in 2020 set the perfect stage for advanced persistent threat (APT) groups and other organized cybercriminals to act. It is the ideal combination of all the ingredients you need for successful attacks, not only in the United States but everywhere in the world.

Why? Simply put, when large segments of the population are polarized (in fact, tribalized), they are eager to consume the things that help them make sense of their convictions. Opponents' facts and experiences are perceived with bias and even disbelief, which amplifies the impact of things that a person believes "makes sense." Playing to this scenario makes it straightforward for cybercriminals to distribute infected files or share links to malicious websites or downloads.

Related Content:

The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital

Building an Effective Cybersecurity Incident Response Team

New From The Edge: 'Tis the Season to Confront Third-Party Risk

Furthermore, coping with a global health crisis takes a substantial amount of focus, especially with the numbers rising. There isn't a single person who is not affected, directly or indirectly, by COVID-19, who doesn't have it on the brain every day as they worry about the health and safety of loved ones or their income.

Finally, the pandemic has fundamentally changed the way we work — now predominantly from home — and the impacts on our networking infrastructure are significant. So many unmonitored devices are now in close vicinity to the entry points on a corporation's network and radically increasing the attack surface for companies around the globe. Important critical infrastructure, such as healthcare and energy systems, must also be considered. Many critical infrastructure systems are under stress, aging, unstable, or experiencing negative side effects from the increased demand. Solving these issues is an enormous task that requires proper management and focus.

Cybercriminals Are in it For the Long Term
Vaccine research is a prime target for cybercriminals, as there is no object more valuable right now. It is the right time for attackers to infiltrate and establish footholds in networks; cyber-defense architectures are weak due to the effects of remote work in general, but also because employees distracted by polarizing topics may forget their cybersecurity awareness and become more vulnerable. 

Note that this is not about short-term gain for attackers. Establishing footholds in large numbers of organizations now will enable them to expand inside the infrastructure and prepare even larger attacks later. 

In addition, because digitalization is mainly driven by business decisions, cybersecurity is all too often an afterthought. Many businesses are interconnected globally through international supply chains and their products and services are delivered to distant countries. The dependence this places on information technology and its cross-connection between sectors is mostly invisible. Coordination efforts are hampered, and key management resources are unavailable.

Two Steps to Build Cyber Resilience
Given all of these ingredients and the context we're living in, the nation's cybersecurity status appears to be more vulnerable than usual. Therefore, this is a plea to businesses and organizations to bolster their cyber resilience.

1. Embrace the Paradigm Shift
The first step to achieving cyber resilience is to start with a fundamental paradigm shift: Expect to be breached, and expect it to happen sooner than later. You are not "too small to be of interest," what you do is not "irrelevant for an attacker," it doesn't matter that there is a "bigger fish in the pond to go after." Your business is interconnected to all the others; it will happen to you. 

Embrace the shift. Step away from a one-size-fits-all cybersecurity approach. Ask yourself: What parts of the business and which processes are generating substantial value? Which must continue working, even when suffering an attack, to stay in business? Make plans to provide adequate protection — but also for how to stay operational if the digital assets in your critical processes become unavailable.

2. Inventory Your Assets Now
Know your most important assets, and share this information among stakeholders. If your security admin discovers a vulnerability on a server with IP address 172.32.100.100 but doesn't know the value of that asset within your business processes, how can IT security properly communicate the threat? Would a department head fully understand the implications of a remote code execution (RCE) attack on that system? 

Do the resilience basics for your important assets (if you don't want to do it for all), put technical controls in place for changes and vulnerabilities, and tie these controls into a security architecture that enables automated information exchange, not only between the systems in your security operation center and its team members but also between all of your stakeholders. 

Doing these two things changes your approach to cybersecurity into a forward-looking, resilient posture, even in these polarized times.

 

A native of Germany, Dirk Schrader brings more than 25 years of delivering IT expertise and product management at a global scale. His work focuses on advancing cyber resilience as a sophisticated new approach to tackle cyberattacks faced by governments and organizations of ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26585
PUBLISHED: 2021-06-24
A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32.
CVE-2021-31412
PUBLISHED: 2021-06-24
Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 1...
CVE-2021-33604
PUBLISHED: 2021-06-24
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.
CVE-2020-28097
PUBLISHED: 2021-06-24
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.
CVE-2020-7862
PUBLISHED: 2021-06-24
A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input santization when communicating customer process.