As many countries enter their second full month of Covid-19 lockdown, its impact on the threat landscape and enterprise cybersecurity is starting to become clear. I spoke to several experts a few weeks back for an Infosecurity Magazine news feature on the topic.
Some of the key challenges facing organisations are in enabling secure remote working en masse without impacting productivity.
“The fact that employees are transitioning to working from home is the key risk. All these employees are now working in new environments using technology and processes they are not used to, something bad guys will take advantage of,” SANS Institute director of security awareness, Lance Spitzner told me.
“All of this change creates an environment where it is very simple for bad guys to take advantage of and trick people working from home for the first time. They don’t have all the security technology protecting them at home that they normally would at work.”
The SANS guide to secure home working advises users to: be suspicious of any emails trying to create a sense of urgency to click through or enter info; take steps to protect home Wi-Fi (change default passwords and restrict access); create strong passwords on any websites; ensure all devices are running the latest software; and don’t let family and friends use work devices.
Proofpoint’s senior director of threat research and detection, Sherrod DeGrippo, agreed that users are at the frontline when it comes to tackling Covid-19 cyber-threats.
“We recommend that organisations prioritise a people-centric approach to security that protects all parties (their employees, customers, and business partners) against these threats, including layered defences at the network edge, email gateway, in the cloud, and at the endpoint, along with strong user education,” he told me.
“Users should be encouraged to approach all unsolicited emails with caution, especially ones that request the user to act, like downloading/opening an attachment, clicking a link, or entering credentials.”
Restricting users according to least privilege policies is also a must-follow best practice, as hackers go after VPN log-ins to directly access data and applications, DeGrippo added. In fact, there have been widespread reports of cyber-criminals targeting remote access infrastructure; not only via phishing emails and brute forcing but also exploiting unpatched vulnerabilities. Microsoft has warned of APT-like behaviour from many well-known ransomware groups, which are targeting hospitals.
Time to automate?
However, aside from the uptick in Covid-themed phishing, which is delivering crypto-jacking malware, ransomware, info-stealers and more, the pandemic has forced IT security teams to work in different ways. Michael Armistead, co-founder and CEO of Respond Software, argued that SOCs and security departments are faced with both minor and meta challenges.
“Making sure practitioners can perform their jobs remotely with adequate bandwidth and communication platforms, and have the ability to act on security incidents will be a challenging undertaking for many firms,” he told me.
“I believe many of those tools and platforms are in place … but you just never know how well they will work in practice if an organisation is now distributed for the first time. Still, I’d count these very real and very practical issues as minor because they can be solved in relatively short order.”
In fact, research emerging suggests that security teams are struggling. A global poll by industry body ISACA found that only around half (59%) of members feel their cybersecurity team has the right tools and resources at home to perform their job effectively. Tellingly, just 51% are highly confident that these teams are ready and able to detect and respond to rising volumes of threats. A separate study from (ISC)² revealed that nearly half (47%) of global security professionals have been taken off some or all of their typical tasks to support other IT-related jobs, like WFH. A third report, from Barracuda Networks, ominously suggested that 41% of firms have actually cut IT security budgets to save money during the crisis.
In fact, investments in specific technologies could be a smarter way of reducing costs and improving security outcomes during the crisis, according to Armistead.
“The situation screams out for automation to relieve the pressure on people to sift through mountains of data and to act quickly,” he said. “SOCs and IT security teams need to look at their processes and procedures in light of the distributed workforce. Do they make sense and how quickly can issues be resolved?”
The immediate future remains uncertain, but if remote working is to become more widespread as the pandemic recedes, IT and security leaders better adapt to the new reality fast.
Last week Asian chip giant MediaTek launched its latest System on a Chip design, the 28nm quad core MT6589. Before you click on to something more interesting, here’s why it should make anyone with a mobile phone sit up and take notice.
First, MediaTek. It’s probably the most ubiquitous chip company you’ve never heard of. Asia’s biggest and the fourth largest fabless chip company by revenue globally, it lists LG, Huawei, Sony and others among its clients. Until now the firm has largely been focused on the 2G feature phone market, especially in China where demand was huge until recently, but this announcement sees it really break out into the high end smartphone space.
The analysts I spoke to pretty unanimously agreed that MediaTek and arch rival Qualcomm between them are making a seriously disruptive play in the mobile space. Put simply, MediaTek is making quad core affordable by sticking CPU, GPU and wireless modem on the same SoC, which means the MT6589 will end up in plenty of cheap smartphones as well as some higher end ones.
The result? The big brands are going to have to differentiate on something other than quad core. In effect, as IDC analyst Teck-Zhung Wong told me, it’s going to kick off a whole new round of price competition, which is great for users and will spur the industry forward to keep on innovating, which is good for all stakeholders.
In the background there’s also the tussle between Qualcomm and MediaTek.
Qualcomm is doing amazing things this year and now sits third by revenue in IHS iSuppli’s new ranking of global chip companies. It has already produced a quad core aimed at the same market and has an advantage in its modem capabilities, which even MediaTek admitted to me. So it’s Taiwan versus the US in the battle of the budget quad cores. MediaTek historically has that huge customer base in China to tap and is likely to be faster to market but Qualcomm is catching up and apeing many of MediaTek’s technical advantages and customer relations strategies.
The jury’s out but it will be an interesting 12 months to see who the smartphone winners and losers will be.