Interview: Cybersecurity after coronavirus, with Bitdefender’s Liviu Arsene
Thu 9 Jul 2020 | Liviu Arsene
Bitdefender’s security analyst explores the long-term impact of Covid-19
“Right now IT and security teams should probably focus less on stacking security technologies designed to detect sophisticated threats, and more focused on implementing hardening technologies, such as patch management, devices control, and encryption.”
That’s the opinion of Liviu Arsene, Global Cybersecurity Researcher at security firm Bitdefender, a company which has been serving the enterprise market since 2013 with GravityZone, an environment-agnostic security platform that is regularly ranked #1 in independent security tests.
Liviu says coronavirus has changed the way organisations think about security and how threat actors operate. The focus has shifted onto employees and infrastructures, he says, whereas previously the emphasis was on perimeter security, control policies and network security.
“The pandemic has forced organisations to send employees outside the safety of their company networks, open up services and applications to the internet, and migrate infrastructure to the cloud.” The move outside of the perimeter calls for a reprioritisation of security efforts to safeguard increasingly sought-after company assets.
First up organisations should start by prioritising assessment of existing policies, as “some of them might be dependent on internal network security appliances or technologies deployed within the perimeter of the organisations,” rendering them less effective in work-from-home scenarios.
Organisations also need to be more sensitive to psychological vulnerabilities hackers masterfully expose. Pre-coronavirus, surveys indicated that employees were generally viewed as the number one risk factor to organisations. In the distributed enterprise, employees are unequivocally the weakest links.
“Attackers seem to be less focused on deploying advanced and sophisticated malware and more focused on the social engineering component” — in other words, preying on Covid-induced fears and anxieties. Hence the importance for firms to “harden” existing defences, instead of shopping for the latest innovations.
Alongside patch management, device control and encryption, a combination of network visibility and security training is needed, says Liviu. Employees must become security shops’ eyes on the ground, instead of prey-in-waiting — a considerable challenge given the tendency for staff to be more relaxed about security policies and procedures when working outside of the office.
“Having better visibility across employee endpoints and networks could go a long way towards preventing threats, and that should be coupled with more frequent and up to date employee security training programs, designed to teach them about the latest threats, how to spot them and report them to IT departments.”
That’s not to say that organisations shouldn’t look to new technologies when necessary. However, before evaluating existing capabilities they should leverage frameworks like MITRE framework as “it paints a very clear picture of an attack kill chain that you can map on your current security stack.”
It’s one thing to outline what needs to be done, and another to do it effectively when time and resource are precious. Many organisations have the manpower and expertise to handle a restructuring of their company’s security set-up. But there are many more “have nots”, and the long-term risks are real.
Managed detection and response services can ease the burden of a large-scale migration process, but the reality is that a lot of security departments might not have the budget right now to adequately protect their companies.
“Surveys indicate that the current economic context has placed more pressure on existing security budgets, with the majority of infosec professionals agreeing that they might not see any budget increases,” Liviu explains.
What’s become clear in recent weeks is that a lot of the changes ushered in by Covid-19 are here to stay. For security teams that means accepting that employees will be outside the perimeter for months or even years to come. For instance, since the pandemic, departments have been shortening VPN sessions as a precaution. Liviu predicts measures like these will persist.
“Post-Covid-19, we’re likely to continue on the path of beefing up endpoints with hardening security technologies and more fine-tuned security policies. It’s also likely that organisations will focus more on employee training and procedures, and potentially train employees how to assess the security of their local networks,” he adds.
Right now it’s a waiting game for organisations around the world. It’s likely that many organisations have already been infiltrated as a result of hasty transitions, but only time will tell who has been affected:
“It’s likely that some attacks are already in progress as we speak, taking advantage of the opportunities left behind during the transition period,” says Liviu. “These attacks will potentially be spotted in more than 90 days, and will potentially be more impactful than those that have already occurred over the past couple of months. It is these that organisations should worry about.”