The Channel Angle: How Cybersecurity Changed Through The Pandemic

‘I’ve never been convinced there’s been much of an actual perimeter, but it’s clear that the pandemic has further eroded what’s left. Employees work from anywhere and BYOD is often not controlled by the organization,’ writes EVOTEK’s Cesar Enciso.

[Editor’s note: The Channel Angle is a monthly CRN guest column written by an executive that focuses on the triumphs and challenges that solution providers face. If you are a solution provider executive interested in contributing, please contact managing editor David Harris.]

By Cesar Enciso

The pandemic has brought with it unprecedented change in how we use technology, how we work together and where work happens. This has stretched those that work on and in organizations, as well as the IT and cybersecurity teams that support them in ways no one was predicting. Some of the technology changes and resultant people and process changes, were much needed, while others increased the business threat landscape and the requirement to expand cybersecurity maturity.

Trusted Became Untrusted

Cyberattacks have been happening for years but have been on an extreme increase in activity since the pandemic began. During the pandemic, cybersecurity was thrust into the spotlight. As an example, SolarWinds and it’s environment management technology, was deployed across a large percentage of public and private enterprises, including service providers, when they suffered their own significant security incident. This breach highlighted an important dynamic with our network and security tools and their typically trusted presence throughout environments. When a once trusted solution, was quickly proven untrustworthy, it resulted in organizations around the world needing to perform compromise assessments and to quickly reassess their third-party and fourth-party management strategies. This was previously looked at as an unlikely attack vector to consider to many IT teams, and left those organizations exposed. Further complicating matters is that the very action organizations are instructed to do, keep their software and other solutions up to date, would have been the very path used to compromise so many.[Related Story: Here’s How To Aim For More Diversity And Inclusion In 2022]

Ransomware Comes Into Its Own

The scourge of ransomware remains omnipresent and has become pervasive and has impacted all industries and companies. From the board room to the dinner table, ransomware effects on organizations of all sizes, public and private, are being talked about. This because of their pervasive impact to the organizations themselves, but even more important, the end consumer and/or constituent are being impacted. This is especially true where critical services where health and safety are on the line. One of the main contributing factors for the ubiquitous nature of ransomware is that it is being proliferated by everyone from hobby hackers to nation state actors, this is further complicated by cryptocurrency facilitating ease of payment for the associated ransom. The ransoms levied have increased to such an extent that cyber liability insurance premiums have increased dramatically, and many carriers are exiting the coverage. As a further result, diligence related to the underwriting process has also become more stringent and there’s increased validation of the security practices of insured entities.

The Right Capabilities Matter

We are in an important transitional period with respect to the security tools and services enterprises have been using for years. Many legacy technologies simply do not work against modern attack patterns but are entrenched and budgeted items. We must shift our thinking to more progressive security capabilities that are proactively architected for appropriate coverage and possess the ability to look at this from known attack patterns and those look for anomalous activity using legitimate services in nefarious ways. This analysis needs to occur at scale and in near real time to be effective. Enterprises are fundamentally hybrid in nature – they have application and services that are on-premise, in third-party data centers, and public clouds. Security tools and services have to see across all of these domains and associated workloads to identity and control these risks. Correlation of information across tools, devices, technologies, locations, and other factors is such that new approaches are required to keep pace with adversarial tactics.

Borderless

I’ve never been convinced there’s been much of an actual perimeter, but it’s clear that the pandemic has further eroded what’s left. Employees work from anywhere and BYOD is often not controlled by the organization. Bottom line, the pandemic forced security teams to rethink endpoint and user security practices. While there has been a productivity boon with more flexible work environments, for employees, having effective technology to have visibility and manage devices and services, have presented challenges for IT and security departments. Non-tech savvy associates lack sufficient security awareness and are clearly targets, especially senior executives and administrators with elevated privileges, process and technology wise. Never underestimate how easily we all could be socially engineered.

Trust No One

While the term is overly used, the notion of zero trust is on-target. Security assurances cannot effectively rely on end point, network, or application security. Security departments cannot rely on quarterly scans or periodic review of protocols. Today, security assurance requires continuous and near real-time visibility and frequent contextualized assessments of key process and technologies. Period.

Assume breach

As nation-state sponsored attacks continue to ramp up, organizations today struggle with adequate detection and response capabilities, amplified by hybrid environments, SaaS, and use of open source. Detection not only includes discovery of malicious activity, but detection of new vulnerabilities, in particular zero days and zero clicks. Examples are log4j, and ForcedEntry on iOS. Once a zero day has been discovered, active exploitation begins and proliferates within hours. Organizations no longer have days to wait for patch releases and patch deployment, therefore requiring a different approach in their response. Changes to detection methodologies and risk mitigation actions must start immediately under the assumption that an attack is currently being carried out.

One Upside to Consider

The pandemic has enabled organizations to attract talent that is no longer tied to a particular geography. Great security talent in remote locations and states without large enterprises can now find opportunities to join security teams for organizations far outside of their geography. This enables organizations to react to the combination of the pandemic, and significantly heightened bad actor behavior. This heightened need has been reflected in our own hiring patterns at EVOTEK. We have brought on multiple additional CISOs and BISOs over the past 18 months to address the increasing needs from our customers. We now have 6 CISOs on staff and 4 BISOs to assist our clients. I also wanted to highlight why we have invested specifically in the BISO role, as the value of CISO advisors has been well known for some time. The hiring of the BISO role as a parallel demand to CISO experience has helped bridge a strategic gap with many of our clients between organizations‘ business requirements and security. We have paired that with increasing our roster of security focused architects and engineers to help design an enact what our advisors see as our critical needs for those clients. It’s all about having a strong team.

Final Thoughts

While the pandemic was a powerful catalyst for the increase of these threats, they were already happening and are now in the mainstream. Addressing them with modern progressive solutions is paramount for organizations of any size, public or private. With the GDP of the world at their fingertips, cyberattacks are unlikely to dissipate; however, there are ways to minimize exposure and appropriately manage risk to these organizations.

In closing, I would like to leave IT and security leaders and practitioners with the following takeaways and considerations:

• Reevaluate current security tooling and services to determine if they are meeting the challenges of modern attack patterns
• Assess the risks of how your organization is now working due to the pandemic and plan for the next phase of hybrid working
• Determine if your program adequately secures its most prevalent risk, end-users
• Determine if the established trust boundaries for your organization provide adequate protection
• Know where your most important and sensitive data is and how it is being protected
• Assess your critical and/or high-risk third-parties and fourth-parties
• Prioritize vulnerability management and cyber-hygiene
• Hire diversity of background, skill set and knowledge
• Most importantly, make sure your people are taken care of, so they can take care of you

Cesar Enciso founded San Diego-based EVOTEK in 2014 and currently serves as CEO. Enciso brings over 30 years of sales, technology and leadership experience holding a variety of positions at companies such as ADP, Cisco, Veritas, Symantec, Trace3 and Technologent. He is also the founder and managing partner for BrickworkX, ZenVRM and serves on the board of directors for Junior Achievement of San Diego. He holds a bachelor’s degree in business and economics from Cal State University – Fullerton.