COVID-19 is having a dramatic impact on all of our lives. The fraudsters are getting creative and many of us are having to work remotely - thus security teams are under heightened pressure.
I spoke with Director of Technology at Darktrace, Andrew Tsonchev, on the teissPodcast for his thoughts on what the major security threats to businesses are right now and what can be done to mitigate them.
Breaking down threats: hasty digital transformation and opportunistic criminals
Usually, there is nothing inherently threatening about companies transitioning to remote working models. However, the challenge that the pandemic has put upon us is the “haste and urgency” with which security teams are having to develop a digital transformation project overnight. This process would normally be refined over the course of six months to a year.
This is a huge opportunity for cybercriminals as - being such a public crisis - they know that every company is going through the same sort of transformations right now and they are going to take full advantage of that.
Furthermore, they’re jumping on an international state of emergency by employing fear tactics - to their gain - through scams.
Loosen the reigns: NO is NOT the answer
“The problem for security teams is that they’re going to have to quickly adapt their security controls, so they can still preserve layers of defence whilst enabling new kinds of service and interactions between users,” Andrew states.
He says they’ve no choice but to expose devices to risk because their end-users are trying to find creative solutions to problems. One’s instinct might be to tighten security measures, however, Andrew stresses that saying “no” at this time won’t help.
Security professionals should focus on the “facilitation and continuation of the business”. “If security teams are continually saying no, they're going to very quickly become the enemy of the business,” he advises.
Adopting a “risk tolerant approach” and providing education
Andrew highlights that security teams might find that they will need to make “uncomfortable, difficult decisions” about “least worst outcomes” over the next few weeks. Thus, it’s crucial to adopt a “risk tolerant approach”.
As a company you should ask yourself which users are now exposed to more risk? Which types of teams need more creative solutions? Target those people and groups internally and provide them with the relevant security education.
Andrew warns everyone to “expect the unusual” over the next few months and says that “discerning the benign from the legitimate to the nefarious is a task that every individual needs to do”.
Also, don’t underestimate the value of communication and sharing information amongst peers at this time - you can talk, brainstorm, share lessons learnt which will help you amend your strategy.
Most needed right now? Vigilance and people
“Vigilance is really the only thing that will help right now,” Andrew states. Trust your employees and put faith in their domain knowledge and experience in security to make decisions appropriately and to manage risk.
It’s important to rely upon your people rather than the technology and policies because “people are the resource which are flexible and creative and it’s their vigilance which is the most important factor for staying secure throughout this,” he advises.
You can listen to the full interview here.