The pandemic impacts on security

9 birž. 2021

The below interview was conducted with EURid`s Security Manager Dirk Jumpertz and published by an Italian registrar Shellrent srl.

 

  1. During the pandemic, smart working and the volume of web traffic have significantly increased. It has become crucial to know how to manage the challenges imposed by smart working and endpoints to better protect the corporate network. What have the effects of these changes been on corporate security?

 

The pandemic was the catalyst for a rapid and urgent digital transformation in many organisations. Even those that already had structural teleworking policies in place were confronted with the challenges of the new default position of everyone working from home.

For corporate security, the zero-trust paradigm became the de facto standard, rather than a distant goal. Flexibility and understanding of the changed environment are the principles of the new modus operandi to keep businesses afloat while moving to a dispersed workforce using unmanaged home networks that are shared with family, and a number of IoT devices.

Information security tends to be a slow and conservative process, aimed at controlling a complex, ever-changing environment. A disruptive event like the COVID-19 pandemic forced flexibility onto corporate security.

 

  1. Which resources are most vulnerable to attack?

 

Credentials are the digital equivalent of house keys, and are therefore extremely valuable to cybercriminals.

During the early days of the pandemic, cybercriminals targeted victims that were looking for information on the COVID-19. When governments created financial support programmes, cybercriminals quickly adapted to use these as a basis on which to scam people and/or steal their credentials. When online communication tools became the de facto tools for companies, again cybercriminals changed their modus operandi and targeted the users of these platforms. Next on the list were online entertainment, streaming services, and gaming networks. Last but not least, cybercriminals are now setting their sights on anything related to vaccines and vaccinations.

Although the statistics from technical operators like top-level domain registry operators do not show a significant change in the level of abuse within their area, the sheer scope and size of the attacks overshadow previous criminal activities on the Internet.

 

  1. We always talk about the importance of a backup and disaster recovery policy. Do you believe users are prepared for security issues?

 

Backup and disaster recovery policies are essential in the age of ransomware attacks. Without a proper recovery strategy, a ransomware attack can destroy an unsuspecting and unprepared enterprise, or even lead to unfortunate casualties when, for instance, hospitals are targeted.

But ransomware is just one of the many reasons to develop a recovery strategy. Accidental deletion or loss and destruction of equipment are quite common reasons for implementing a high-performance, cloud-based recovery solution. Note that I do not use the word ‘backup solution’ but refer to a ‘recovery solution’.

Most companies develop a certain level of recovery capability, but often overlook regular testing, which leads to disasters when backups cannot be restored.

And then there is the move to the cloud, which may give a false sense of security, especially when dealing with data recovery. A backup and disaster recovery policy must therefore look explicitly into cloud and SAAS providers.

 

But are users prepared? Ask yourself this: do you know where your important data are stored and when they were backed-up last? And if you have backed them up, have you ever tried to get them back?

 

A new IT security paradigm is being defined for a more dynamic strategy, able to adapt to corporate organisational changes, supporting the evolution of IT ecosystems. Which new trends to enhance online security are considered successful?

 

Stepping away from the trusted environment paradigm and moving into the zero-trust philosophy is a difficult but essential journey. Where old-school IT architecture would be based on a trusted environment that once accessed would blindly allow its users to do whatever was needed to be done, zero-trust always requires proof that whatever action is being taken can be verified and authorised.

Zero-trust is difficult as it needs to permeate into all layers of an IT infrastructure. It is mostly used on the access layer but should go deeper.

A second trend that is emerging is the use of behaviour-based security, which uses artificial intelligence to detect unusual user, system, and process behaviour. These anomalies are often an indicator that something is wrong. While the technology is promising, it does come with its own set of issues. It needs to observe and learn to ‘understand’ what is an anomaly. This implies permanent surveillance, which, without some safeguards, could become problematic.