Security Must Adapt to Continuous Change

By Avihai Ben-Yossef

To paraphrase David Ben-Gurion, the first Prime Minister of Israel: "The most dangerous enemy to ... security is the intellectual inertia of those who are responsible for security." I'm reminded of that particular statement now, as we stand on the edge of a world driven sideways by the specter of disease and economic hardship. We must also face the impact these pressures have had on the overall ability to protect and defend the cybersecurity of business and government data and information systems. As I write this, and you read this, businesses and political institutions around the world are tightening budgets, furloughing or outright downsizing critical employees, and projects meant to shield these data platforms and applications are being shelved "for the duration" in an effort to keep the economy afloat and people safe. While we cannot debate that these measures are absolutely critical and necessary; we - as technology and security professionals - must not continue to try to do the same things over and over, but overcome our collective inertia and adapt - and we must do it immediately. 

The Need to Adapt During a Crisis

This set of circumstances - drastic reduction in both workforce and budgets - has created inflexibility in our mindsets. That is the most dangerous of possible positions to be in when it comes to the threats we face. Our primary effort must be to battle the health crisis facing our people; but to do so while still ensuring that businesses stay secure, governments stay defended, and individuals' data stays private to the individual will mean we must change the way we look at cybersecurity. No longer can we apply additional tools, or new platforms, or more people to the equation. No longer can we rely solely on dedicated teams of specialists to evaluate security tools and measures. Instead, we must adapt to these interesting times and step up to a new way of looking at the cybersecurity of the systems and platforms we defend - we must become aware of how threat actors work, and become just as adept at adapting existing defenses to how they operate. More importantly, every technology professional - from developers, to administrators, to management teams - must be prepared to understand the basics of where their organization needs to shore up cybersecurity; and how to adapt the tools and systems already in place to meet that challenge.

 

Step 1: Employee Education of New Threats

The first step is knowledge of methods of the myriad of threat actors and cybercriminals that have either expanded their operations into the COVID-19 crisis or started their illicit careers by leveraging this threat. Hundreds of thousands of COVID-related domains which show no indication of legitimate purpose have sprung up in a matter of weeks. Dozens of new phishing scams and attack email campaigns focusing on the public health threat have leapt into the wild - some have even focused directly on leveraging the world's government's attempts to mitigate the devastating healthcare and financial consequences of the crisis itself. Hundreds of older attacks have been re-painted to correspond to the fears and doubts of the public so that they may be re-launched by threat actors all over again.

Meanwhile, thousands upon thousands of employees who have never worked outside the secured boundaries of a company-managed network are suddenly working remotely; often using their own personal devices to connect to company resources. VPN and proxy platforms meant to handle mere dozens of connections must now deal with hundreds or even thousands. Millions are attempting to navigate bureaucratic websites and platforms to gain access to vital resources.  

 

Step 2: Understand the New Landscape of a Remote Workforce

We, conversely, have attempted to rely on the same tools and methods that we have used successfully in the past to match this unprecedented shift and massive influx of new threats. Endpoint Security designed to work within the secured networks is being used outside of those networks without reconfiguration. VPN clients are being hurriedly installed by inexperienced personnel so that employees can work remotely. Email platforms are being accessed on more devices and in more ways than ever before, but we haven't re-configured the security protocols to ensure that they are functional on these new devices and access methods. Websites that were designed to server hundreds in a given day are now bombarded by thousands - sometimes millions - without knowing if these platforms are up to the massively larger task set before them. We have, in essence, fallen victim to the "intellectual inertia" of our habits when what we need is a fresh outlook.

We need to change the way we work. We need to understand the tools and techniques our adversaries - new and old - are using against us. We need to know if the systems, platforms, databases, and architectures our organizations use can meet the challenges of the new "normal." We need to do all this and more without the benefit of budget and headcount to back us up.  We need, in short, to adapt.

 

Step 3: Test the Effectiveness of Your Current Security Controls

In that spirit; Cymulate is ready to take the first step of a long journey with each and every cybersecurity team, with each IT group, with each administrator, manager, and threat hunter.  We will provide the tools necessary to determine where the weaknesses and gaps grown of complacency exist within the data-systems and platforms of any organization who wants to take advantage of that help - and we'll do it for free for the next two months. 

Cymulate's platform simulates the same methods and techniques these threat actors are using - and our threat hunting and product teams are stepping up every single day to make sure we continue to analyze and include every new trick they come up with in the wild. This allows your organization to actually attempt these same methods and techniques against your own systems, against the desktops and laptops now no longer running on your own secured networks, against the proxy and VPN systems keeping your organization functional during this crisis - and to do it all safely and without specialized cybersecurity knowledge.  Of course, the platform offers flexibility and functionality for experienced threat hunters and red-teamers; but right here, and right now, every one of us in the world of technology must become a threat hunter too.

Along with the ability to find these weaknesses and gaps, Cymulate provides the knowledge necessary to adapt existing technologies and platforms to close the gaps, to strengthen the weaknesses, and to defeat the threats that are emerging in greater and greater numbers due to the fact that our adversaries know we cannot just apply budget to a problem to create a fix anymore.

We must adapt. We must face the reality that business as usual will not be business as normal for some time to come. We must meet the challenges of a new breed of cybercriminal; one who has determined that human suffering is the perfect basis for a devious business model; along-side the threat actors already active in the world and adapting in their own way to take advantage of new avenues. 

We will adapt. We will meet these challenges, and send them running from defenses that are more than able to protect the data and systems we control. Our citizens and our customers deserve no less, and Cymulate is making the commitment - right here, right now - to do everything we can to break through the walls of intellectual inertia and face the challenges right alongside you. Cymulate is offering free continuous security assessments and a 60-day license of our platform to allow you to test your organization's security controls. Click to learn more about the offer and register for automated continuous security testing from the safety of your home. 

Learn More

 

Avihai Ben-Yossef

Avihai is the Co-Founder and CTO of Cymulate. He started his career in an Intelligence Unit of the IDF in a leading technological role. Prior to Cymulate, Avihai was the Head of the Cyber Research Team at Avnet Cyber & Information Security, where he worked for several projects on behalf of the Israeli Ministry of Defense.

Subscribe to Our Blog

Stay up to date with the latest cybersecurity news and tips