COVID Threat Advice for Infosec Professionals: Get Developed or Behind '

COVID Threat Advice for Infosec Professionals: Get Developed or Behind 

A year ago, when the epidemic hit organizations, unexpected informal indictment dominated. They were confronted with cyber threats by actors trying to take advantage of remote access vulnerabilities to address phishing messages with COVID-19.

The director of Crowdstrike's Strategic Threat Advisory Group, Jason Rivera, gave a lesson in response to the epidemic, telling the audience at the one-day RSA365 virtual summit last week.

"Many COVID-19s showed us how difficult it is to understand the problems we are facing, especially when those problems are changing very rapidly," he said.

Many Infosys professionals want to understand the problems before they solve them, he argued. "I find a lot of organizations at risk, wary of precautions, but not really understanding the underlying basis of why this is happening. There are many ways to look at me: In many cases, we see organizations solving for cost. Buy but don't understand. The problem they are trying to solve. "

When they react to the events, he explained.

"Now you play a weird game, eventually you lose the game and the mole gets through [the adverse] in this case," he explained. "Your ability to defeat cyber threats rests solely on understanding the problem," he said. "If you know what your adversary is capable of, you know what your weaknesses are, what you are trying to protect and what malware is for adversities and capabilities, then you can succeed against them. Huh.

He suggested that infocus professionals should start thinking about their attack surface through these three lenses:

Strategic - Why does an opponent want to target you? What industry are you in, what is your important asset? A criminal may be interested in financial gain, a detective actor may want a national security secret.

Operational - Just as you should think about your people, process and technology, so do opponents think about their capabilities like malware, social engineering and infrastructure. So think how adversaries can use these tools against your technology, people and processes.

Tactical - What are your internal attack surfaces [operating systems, applications, gateways, and perimeter devices such as firewalls] and external surfaces [cloud services, web sites]. What do these devices have to do under adverse conditions?

Four steps

Apparently, he said, you have to consider that the surface of the attack has changed as more employees are working from home. This inner-outer circumference blurs the idea of ​​the danger surface.

It is also important, River said, to understand that at-risk actors have changed their strategy. Prior to COVID, many were into "big game hunting", focusing on big goals in the hope of big payouts. Ransomware-as-a-service has sparked offenders' interest, and data dissemination on top of ransomware has increased. Nation-states are focusing on medical research and government decision-making information related to COVID vaccines.

Riosa said it is "going to grow or leave behind" for Infosys. Like this:

Decrease your dependence on 1-perimeter plan

Treat endpoints as the heart and protected asset of the IT environment. Focus on a zero-trust architecture and allow identification of all individuals who allow the network. Consider the possibility that everyday IoT items at home (connected printers, coffee machines) are part of the battlefield;

2-prioritize simplicity and adaptability

"Simplicity is your friend," Rivera said. We can prepare everyone for infiltration, but when the attack starts, the threat may look different, so response plans have to be flexible. If you are going to use different types of security technologies, think about how they can be consolidated (for example, there are fewer agents). Reduced complexity may mean more extensive security;

3 - Development from reactive to proactive

Do not wait for things to happen. Leverage threatens to sense intelligence. (So, for example, if something happened to a coworker in your area, it would probably be for you. Similarly, use an intelligence-driven threat victim within your environment (if an attack against a coworker is a Technology. It will likely be) used against you.) In addition, make sure that all security-related teams in your organization (SOC, Threat Intelligence Team, Incident Response Team) have a common operational picture of the threat ( Different security teams need to see the same problem. In the same way. Otherwise, they may react uncontrollably.

4 - Prepare your workforce for 'normal new normal'

Combat the risk of misinformation by disasters. They will use global events against us such as COVID and politics to make people fall for phishing greed.