teiss guest blogger Rick McElroy from VMware Carbon Black describes accelerating and increasingly sophisticated cyber-crime in the UK and makes a plea for a rational approach to fighting it.
The global health crisis has accelerated the digital transformation initiatives of many organisations. Unfortunately, the urgency associated with rolling out these plans has meant an increase in the risk of cyber-attacks.
With a mass shift to establish remote workforces, organisations have inadvertently relaxed security or misconfigured devices. The distributed workforce has introduced changes for security professionals as well: they are now on the front lines of enabling and securing newly distributed workforces.
These gaps in traditional cyber defences, combined with changing working patterns and employee behaviour, have created a larger surface area for cyber-attacks which make it more difficult to spot such attacks. And amid the disruption, COVID-19 has exposed the UK to an unprecedented level of cyber-attacks.
As part of the VMware Carbon Black Global Threat Report Series, we discovered that COVID-19 has opened the door for a surge in cyber incidents. Almost every UK business (99 percent) surveyed suffered at least one security breach in the last 12 months. Ninety-eight percent of the CIOs, CTOs and CISOs also confirmed that attack volumes increased in the last 12 months. More than nine out of 10 noted the increase in attacks were related to employees working from home during COVID-19 stay-at-home orders.
Fending off sophisticated cyber-attacks
It’s not just the frequency of attacks that is concerning. It’s the growing sophistication of attacks. For example, cyber-criminals are exploiting the crisis to launch a wave of ‘fearware’ attacks. These often take the form of phishing attacks or email fraud that seek to exploit users’ concerns surrounding COVID-19. In fact, 93 percent of UK respondents reported being targeted by COVID-19-related malware.
It is also worth pointing out other major threats: For example, the VMware research found that OS vulnerabilities have been the leading cause of breaches in 2020. However, island-hopping and third-party application attacks still cause a disproportionate percentage of breaches.
As both a cause and a consequence, the dark web is thriving during COVID-19, with the commoditisation of malware making more sophisticated attack techniques available to a growing number of cyber-criminals. Common commodity malware like ransomware is starting to exhibit sophisticated behaviours, executing more destructive attacks, performing credential harvesting and making lateral movements once it breaches a system.
We are also seeing more secondary extortion plots, with attackers causing more damage once they gain access to an organisation or individual’s data. As seen with the increase in island-hopping and third-party application attacks, adversaries have moved from burglary, to home invasion, to digital squatting.
Key cyber-defences: rationalisation and clarity
So, what can organisations do to protect their infrastructure, data and employees in this heightened threat landscape? Most are responding by directing their budgets towards security solutions with more than 99 percent of respondents planning to increase cyber defence spending in the coming year. The good news is that organisations are now starting to recognise the value of threat hunting to help identify malicious actors.
As organisations increase spending, they must also consider their security strategies. Today, many UK organisations are using a variety of different security technologies resulting in siloed, hard-to-manage environments that play into attackers’ hands. Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment.
As the cyber threat landscape reaches saturation, it is time for rationalisation, strategic thinking, and clarity over security deployment.
The inability to institute multifactor authentication is one of the biggest threats that businesses face with security right now. Multifactor authentication is an integral part of a security posture to stop traditional credential harvesting methods and should be extended as far as possible.
The unexpected disruption of COVID-19 has seen the rise of global threats. In unprecedented times, organisations must focus on proactive threat hunting to detect attacks before they have a chance to cause catastrophic damage, not just here in the UK but on a global scale.
Rick McElroy is Cybersecurity Strategist for VMware Carbon Black. Rick has 20 years of information security experience educating and advising organizations on reducing their risk posture and tackling security challenges.
Main image courtesy of iStockPhoto.com