The threat landscape changed in a number of ways as a result of the COVID-19 pandemic, and organizations are scrambling to defend against opportunistic cyberattacks.
That was the key takeaway from VMware's 2021 Global Security Insights Report, compiled from a survey of 3,542 CIOs, CTOs and CISOs from across the globe in December 2020.
Nearly 80% reported increased cyberattacks due to employees working from home. A similar percentage said that attacks had become more sophisticated, while 4-out-of-5 breaches were considered to be material. Sixty-one percent of respondents acknowledged the need to view security differently due to the expanded threat surface.
The Cyberattack Surge
Cyberattacks increased for a number of reasons during the pandemic. First, the threat surface expanded as organizations everywhere sent employees home to work remotely. Workers were suddenly sharing computers with their children for remote learning as well as a home network with any number of smart devices.
Additionally, traditional crime moved online. "Cybercrime cartels were empowered by the pandemic because traditional organized crime couldn't operate due to the lockdown," said VMware Head of Cybersecurity Strategy Tom Kellermann during the Global Security Insights Report livestream interview. Many cyber cartels created a sophisticated quasi-startup structure featuring developers and QA teams. Some even have the support of international governments.
Kellermann reported that some countries consider cybercriminals to be national assets. "There is a protection going on there, because many times governments view these groups as a way to offset economic sanctions and a way to create proxies to create almost an insurgency against their geopolitical enemies," Kellermann said.
Attackers are opportunists, so we have to be opportunists as well.
James Alliband, senior security strategist, VMware
And finally, organizations have been slow to change their security mindset, while simultaneously moving a lot of their infrastructure to the cloud. "Attackers are opportunists, so we have to be opportunists as well,” VMware Senior Security Strategist James Alliband said. “We have to change the status quo [and] make sure that the traditional security processes we have in place aren't necessarily going to affect us for the future.”
So how can organizations protect themselves?
Not All Clouds Are Created Equal
While nearly all of those surveyed were employing a cloud-first strategy, there seems to be a degree of misplaced faith in public cloud security. Kellermann advised to think of a public cloud environment as "a very nice apartment building in a very tough neighborhood.” Security should be built from a zero trust perspective and needs to be incorporated from the ground up.
VMware Principal Cybersecurity Strategist Rick McElroy compared IT teams building infrastructure to the construction of an apartment building: "You have your architects that come in and they're planning for things like plumbing, power, enough square footage. They're not planning for somebody to run into that apartment building and kick your door in. That's our job."
Alliband agreed, saying, "You've got to secure these environments from the get-go and build that into your strategy."
Build in Early Detection Systems
Organizations must find bad actors before they attack. Rather than putting all your faith in security processes that keep threats out of your environment, it's crucial to find them if and when they get inside. And attacks don't tend to happen immediately. Typically, attackers spend a couple of weeks exploring your infrastructure before the attack, so it's possible to discover them before they take action.
Kellermann said, "You need to assume that prevention will fail at some point. When it does, how quickly can you detect and respond?"
CISOs are looking for a way to discover those threats. "What CISOs are really looking for are solutions out there that can give them visibility into these cloud environments,” McElroy said. They're looking for controls that are uniform and auditable, and that can follow their data across various cloud environments.
Secure the Anywhere Workspace
Remote work exploded during the pandemic. And it appears that the anywhere workplace is here to stay. But with so many workers off-prem, the attack surface expands exponentially. With a number of devices operating on a home network, multiple vulnerabilities exist.
"There's a lack of digital distancing in homes and really we need to pay attention to that. … Your work device should not be on the same network as your smart devices, period," Kellermann said. Securing the remote environment is a must.
Simplify Security
Security has become complex, with a variety of controls and widgets that can be exploited by adversaries. "We have to start simplifying security, that's number one. There are just too many tools that have too many gaps," McElroy said.
As companies use a number of tools to secure various parts of their business, more risk develops if they don't communicate with each other. One security app might not know that another security app has experienced a breach. "You should really standardize on one platform. And whatever platform that is, you should standardize on it soon," Kellermann said.
Hit Attackers Where It Hurts
Ultimately, cybercriminals get into the business because it's profitable. A strong driver of their business is that much of the work is automated. McElroy suggests that companies make it more expensive for cybercriminals to do business by forcing them to slow down and do more work manually.
"If every single piece of ransomware was custom written, now we're starting to bust up that economy. Now they actually can't get a massive [return on investment] because their time investment is too high,” McElroy said. “Simply put, we have to make them spend more time. ... We have to deploy tech to start making it harder."
The New Normal
Ultimately, the threat landscape has changed greatly and it's not going back to the way it was.
"We have to realize that is the norm and it's not going to change anytime soon. If I can start to shift my mindset, realize I do live in a bad neighborhood and I'm responsible for my own self-defense, then I'm going to change my own behavior,” McElroy said. “I'm going to change the culture of the organization that I'm with, and to do that I need something like a neighborhood watch."
Let's put a flag out a little further than we ever thought was achievable.
Rick McElroy, Principal Cybersecurity Strategist, VMware
The pandemic has brought security front and center for business leaders. McElroy encouraged security leaders to seize that opportunity: "We helped organizations stay up and running during a global pandemic. The organizations are happy with a lot of the security leaders and the way we were able to do that. Let's take advantage of that just like the attackers are taking advantage of this disaster, and let's put a flag out a little further than we ever thought was achievable."