How disruption can help expedite the realization of security strategies
Every cybersecurity professional knows that a crisis often breeds new threats. But, what we're seeing during the COVID-19 pandemic are truly frightening: health agencies getting attacked, massive phishing operations, and security flaws in leading communications platforms are just a few worth highlighting.
Pressure on security operations teams
Security teams I've spoken to have seen a dramatic increase in the number of COVID-19 scams, mostly phishing campaigns using fake emails that try to get people to click links that go to malicious websites, to steal their credit card information and credentials.
Although phishing activity is a threat that's constantly evolving, there has been a massive increase in COVID-19-specific phishing activity, and a period of panic can make people more susceptible to fraud or social engineering. From January 1 until today, the US Federal Trade Commission has gotten 52,458 reports related to COVID-19, with people reported losing $38.59 million dollars to fraud.
Yes, we all know that an enterprise might have robust cybersecurity systems in place, but the truth is that those systems aren't battle-tested for an entire workforce that's now home-bound.
Cybersecurity analysts know that to manage a remote digital workforce, you need to focus on three pillars:
- Identity access management: Cycling passwords and enacting multifactor authentication are critically important as phishing attempts spike, which provide malicious actors with an avenue into company data and resources.
- Protect connectivity: Malicious actors could create parallel Wi-Fi networks with the same name, hoping unaware workers sign on by mistake. Increased employee awareness and broadened VPN access can help reduce this risk.
- Reassessing policies and procedures: Companies operating today are in brand new context. Reassessing current cyber risk policies and procedures is of critical importance to evaluate and identify risks associated with applicable threats and inherent security weaknesses.
Every challenge is an opportunity
Even though the COVID-19 pandemic is primarily a health crisis,it is also a significant business disruption. When any business is challenged with disruption, you have to determine what to do differently. That’s why I see this as an opportunity for security teams to look at themselves and develop a business plan of what the future might look like.
Fighting the growing volume of threats requires automated operational workflows and integrated threat intelligence. A high degree of integration enables greater collaboration between security analysts, no matter where they’re located. And when threat intelligence is embedded across multiple vectors (e.g., endpoints, privileged user access, machine communications), CSPs can detect and analyze potential threats in real time, as soon as they appear.
Security teams realized that automated processes powered by machine learning help to address these security challenges head-on by scanning dynamically for threats and recommending effective mitigations.
With these new software capabilities security operations teams are able to:
- Manage and limit access to key operational systems and assets, protecting against accidental or deliberate misuse of privileged access as more remote workers log in from their home computers;
- Detect threats earlier in the mitigation chain and reduce the number of false positives, saving analyst time and preventing alert fatigue;
- Respond rapidly to minimize the impacts of cyberattacks, minimizing the time analysts have to spend handling each incident.
These capabilities are critical to guarding against spear-phishing and zero-day attacks that can evade traditional signature--based security. When security teams adopt these capabilities today, CSPs will set themselves up for longer-term 5G success. Automation and AI will be essential to capitalize on 5G opportunities in new vertical markets and assuring end-to-end quality across a diverse range of use cases and business models.
You can listen to the podcast with our Nokia security professionals for additional thoughts about end-to-end security operations during COVID-19 here.
Visit our Operational challenges of Covid19 website to find out more.
Whitepaper: Overcoming the operational challenges of Covid19
Share your thoughts on this topic by joining the Twitter discussion with @NokiaIoT and @nokianetworks using #security #SOAR #5G #cloud #IoT #IoTsecurity #cybersecurity