Whenever a polarizing event occurs, there are people looking for ways to exploit the situation. Cyber crooks are long known for using large events or important topics to try to phish and scam, infiltrate networks, and establish footholds. And the events that polarized the world's largest economy in 2020 set the perfect stage for advanced persistent threat (APT) groups and other organized cybercriminals to act. It is the ideal combination of all the ingredients you need for successful attacks, not only in the United States but everywhere in the world.
Why? Simply put, when large segments of the population are polarized (in fact, tribalized), they are eager to consume the things that help them make sense of their convictions. Opponents' facts and experiences are perceived with bias and even disbelief, which amplifies the impact of things that a person believes "makes sense." Playing to this scenario makes it straightforward for cybercriminals to distribute infected files or share links to malicious websites or downloads.
Furthermore, coping with a global health crisis takes a substantial amount of focus, especially with the numbers rising. There isn't a single person who is not affected, directly or indirectly, by COVID-19, who doesn't have it on the brain every day as they worry about the health and safety of loved ones or their income.
Finally, the pandemic has fundamentally changed the way we work — now predominantly from home — and the impacts on our networking infrastructure are significant. So many unmonitored devices are now in close vicinity to the entry points on a corporation's network and radically increasing the attack surface for companies around the globe. Important critical infrastructure, such as healthcare and energy systems, must also be considered. Many critical infrastructure systems are under stress, aging, unstable, or experiencing negative side effects from the increased demand. Solving these issues is an enormous task that requires proper management and focus.
Cybercriminals Are in it For the Long Term
Vaccine research is a prime target for cybercriminals, as there is no object more valuable right now. It is the right time for attackers to infiltrate and establish footholds in networks; cyber-defense architectures are weak due to the effects of remote work in general, but also because employees distracted by polarizing topics may forget their cybersecurity awareness and become more vulnerable.
Note that this is not about short-term gain for attackers. Establishing footholds in large numbers of organizations now will enable them to expand inside the infrastructure and prepare even larger attacks later.
In addition, because digitalization is mainly driven by business decisions, cybersecurity is all too often an afterthought. Many businesses are interconnected globally through international supply chains and their products and services are delivered to distant countries. The dependence this places on information technology and its cross-connection between sectors is mostly invisible. Coordination efforts are hampered, and key management resources are unavailable.
Two Steps to Build Cyber Resilience
Given all of these ingredients and the context we're living in, the nation's cybersecurity status appears to be more vulnerable than usual. Therefore, this is a plea to businesses and organizations to bolster their cyber resilience.
1. Embrace the Paradigm Shift
The first step to achieving cyber resilience is to start with a fundamental paradigm shift: Expect to be breached, and expect it to happen sooner than later. You are not "too small to be of interest," what you do is not "irrelevant for an attacker," it doesn't matter that there is a "bigger fish in the pond to go after." Your business is interconnected to all the others; it will happen to you.
Embrace the shift. Step away from a one-size-fits-all cybersecurity approach. Ask yourself: What parts of the business and which processes are generating substantial value? Which must continue working, even when suffering an attack, to stay in business? Make plans to provide adequate protection — but also for how to stay operational if the digital assets in your critical processes become unavailable.
2. Inventory Your Assets Now
Know your most important assets, and share this information among stakeholders. If your security admin discovers a vulnerability on a server with IP address 22.214.171.124 but doesn't know the value of that asset within your business processes, how can IT security properly communicate the threat? Would a department head fully understand the implications of a remote code execution (RCE) attack on that system?
Do the resilience basics for your important assets (if you don't want to do it for all), put technical controls in place for changes and vulnerabilities, and tie these controls into a security architecture that enables automated information exchange, not only between the systems in your security operation center and its team members but also between all of your stakeholders.
Doing these two things changes your approach to cybersecurity into a forward-looking, resilient posture, even in these polarized times.