Guest OpEd by Gilad David Maayan, CEO and Founder of Agile SEO
The Evolution of Cybersecurity in a Post-COVID World
Almost every industry and business process was impacted by the COVID-19 pandemic, and cybersecurity is no different.
Here are some of the ways security is changing in a post-COVID world:
Work From Home and Remote Learning
Remote work is now the norm, and millions of employees connect to corporate systems over the public Internet and unsecured networks.
The educational system has also almost entirely transitioned to remote learning, creating a host of security concerns.
Employee Training and Awareness
An upside of the shift is that both companies and employees are realizing the need for security awareness and training.
Employees understand that the convenience of remote work comes with a cost, and that they have a responsibility for protecting the security of their workplace.
Bring Your Own Device (BYOD)
While BYOD was big even before the pandemic, it is now an inseparable part of any work environment.
BYOD devices are owned by employees and are, by definition, less secure than corporate devices.
Core Activity Goes Digital
Online banking, eCommerce and telemedicine existed before COVID-19, but are now becoming ubiquitous.
Transaction volumes are rising and the number of sensitive transactions, operations, and communications has increased tremendously.
Death of the Security Perimeter
In today’s distributed environment, with employees working remotely, cloud systems, and many other services outside the direct control of the organization, there is no security perimeter.
The Zero Trust approach to security is being broadly adopted, which states that any user or communication must be authenticated and verified, even if they are within the corporate network perimeter.
Cyber Threats to Watch in 2021
The following cyber threats were on the rise during 2020, and are expected to become an even bigger concern in 2021.
Increased Social Engineering Attacks
Social engineering is an attack strategy that relies on human-to-human interactions, manipulating victims and causing them to divulge sensitive information or violate security practices.
Research from Microsoft shows a huge wave of social engineering attacks focused on the COVID-19 pandemic in 2020.
Multiple research reports show that over 95% of cyber attacks involve social engineering.
Cloud and Remote Service Attacks
Many organizations are rapidly adopting new cloud services, remote access and collaboration tools, often without properly planning for security.
Cloud-based and remote services are an attractive target to attackers, because they are commonly exposed to public networks, and are often misconfigured.
Compromise of any one service can provide access to sensitive core infrastructure.
Fileless attacks exploit tools and resources available in the end-user’s environment.
They do not rely on injecting new executables into a user’s device, and so are especially hard to detect and prevent.
These attacks often rely on social engineering manipulations, causing users to activate tools like PowerShell on Windows machines, running malicious payloads purely in memory.
Fileless attacks are becoming more common, and are targeting a variety of IT environments, including cloud service providers, whose own tools are being used against them.
Insufficient Manpower to Monitor and Respond to Incidents
While strictly not a threat, this is a concern affecting most security organizations, which can seriously weaken an organization’s defenses.
In many cases, even critical systems may not be monitored at all, or are monitored but with no investigation or response to security alerts.
This can be caused by a variety of factors, including alert fatigue, security staff overload, a lack of well-trained security engineers, and poor automation capabilities.
According to a survey conducted by the ISSA and analyst firm ESG, 70% of organizations are affected by the cybersecurity skills shortages.
45% say the lack of security skills has worsened over the past few years.
These gaps can result in a partial response to security incidents, high dwell time of attackers in corporate networks, and damaging security breaches.
Cutting Edge Security Tech in 2021
Here are a few new technologies organizations are adopting to prepare for new security threats and deal with the security skills shortage.
Cloud Security Posture Management (CSPM)
Public cloud infrastructure is highly dynamic.
CSPM is a solution designed to continuously monitor a cloud environment and determine gaps between actual configuration and security policies and best practices.
For example, it can identify cloud machines or databases that are not protected by authentication, or are accessible from public networks.
You can use CSPM technology to comply with cloud security benchmarks. It can help evaluate, implement and optimize security controls across complex cloud deployments.
Zero Trust Network Access (ZTNA)
Virtual private networks (VPN) are used in most organizations, but have major security limitations, mainly that they provide access to the entire network by default.
With remote work becoming the norm, VPNs are no longer enough to provide secure remote access.
ZTNA solutions are based on a zero trust security model, which treats all entities on the corporate network as hostile, and requires authentication and verification of all communications.
ZTNA allows businesses to control remote access to specific applications, “hiding” applications from the Internet and unauthorized users.
ZTNA ensures that each application and resource is only accessible by users and systems that need it to function.
ZTNA can reduce the risk of attackers starting a VPN connection and using it to attack other applications or corporate infrastructure.
However, it requires a careful implementation effort, because it requires mapping out applications, resources, and user roles.
Extended Detection and Response (XDR)
eXtended detection and response (XDR) is a new security paradigm that provides increased visibility, analysis and response across applications and endpoints, as well as across networks and clouds.
EDR focuses on identifying, containing, and remediating endpoint and workload threats.
XDR takes a broader focus, extending these capabilities beyond endpoints to multiple security control points—email servers, the network, and cloud services.
The main promise of XDR is that it can bring together data from across the security stack, and automatically analyze it to provide a detailed attack story.
Security analysts receive all the forensic information they need to immediately analyze and mitigate the threat. This can dramatically improve productivity of security staff.
Interactive application security testing (IAST) uses dynamic testing (also known as runtime testing or DAST) to identify and manage vulnerabilities in web applications, and help remediate them.
IAST solutions deploy agents and sensors to running applications, making it possible to continuously analyze how the application interacts, via manual testing, automated testing, or a combination of both.
IAST monitors applications, collects information about its functionality, and identifies vulnerabilities in real time.
Some solutions incorporate software configuration analysis (SCA) tools to address known vulnerabilities in open source components and frameworks.
Companies use hyper automation to automate as many business and IT processes as possible using AI, machine learning, robotic process automation (RPA), and other types of decision-making and task automation tools.
Instead of providing specific automation capabilities, hyper automation focuses on integrating and coordinating automation technologies across the enterprise.
In the security field, hyper automation can help tie together existing security tools and new automation technologies, ensuring that the most time consuming tasks can be effectively automated.
In this article, I discussed the changing security landscape in a hyper-digital, post-COVID world.
To deal with new threats, and operational challenges such as an unprecedented security skills shortage, organizations are adopting new technology including:
CSPM – automated monitoring and remediation for security configurations in the cloud
ZTNA – enabling remote access to networks with a zero trust approach
XDR – holistic monitoring, analysis and response to threats across endpoints, clouds, and networks
IAST – combined dynamic and static scanning of web applications to discover and remediate vulnerabilities
Hyper Automation – tying together disparate automation tools to create a cohesive automation strategy
I hope this will help your organization choose the right tools to meet with the challenges that lie ahead for cybersecurity in 2021.
About the Author
Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Ixia, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.
Today he heads Agile SEO, a leading marketing agency in the technology industry.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos