New World, New Threats: Benchmarking the Cyberattack Landscape in 2020
By Rick McElroy, Cybersecurity Strategist, VMware Carbon Black
The global disruption created by COVID-19 has created a ripple effect across world. As a result, enterprises are facing more cybersecurity pressure than ever before. With a surge in attack volumes, breaches and increased sophistication of techniques, the security landscape is in unprecedented times. As security teams transform to meet these new challenges, the 2020 VMware Carbon Black Global Threat Report highlights the new threats of our new world.
Amid the global upheaval, security professionals faced new threats and an escalation in attack frequency. With insights from 3,021 CTOs, CIOs and CISOs the VMware Carbon Black Global Threat Reports highlights the impact of COVID-19 and the vulnerabilities it has exposed. The results reinforced much of what we are hearing anecdotally – the threat landscape is getting tougher; third-party vendors are proving a major liability and COVID-19 has considerably intensified security threats.
Threat landscape escalates and UK bears the full force
We often talk about what keeps security professionals awake at night but if you’re a security professional in the UK, you are not likely to be getting much sleep at all. The UK is bearing the brunt of escalating threats, with almost all survey respondents saying attacks had grown in volume and a similar percentage saying they were more sophisticated.
Of course, the acid test of the intensity of the threat environment is the number of times attacks succeed. The report found all but two of the 251 UK cybersecurity professionals had suffered at least one breach in the last 12 months. To put this in context, we’ve run this research four times in the UK, and these are the highest figures we’ve ever seen for volumes, sophistication and breach frequency. Proof, if it were still needed, that reliance on network security and perimeter-based defences is not enough; in the case of breaches it’s no longer a matter of if but when.
Extended enterprise under threat
Once we accept the inevitability of breaches, we can pivot more effectively to hardening defences against the vectors most likely to cause them. Here the research raised two key areas for focus, each requiring a different plan of action.
First is OS vulnerabilities, an area where poor patching hygiene is unacceptable in today’s environment, yet OS vulnerabilities still led to breaches for 15.5 percent of UK respondents. Firms need to focus on getting on top of patching as a strategic pillar of cyber defence. The key is improving communication between IT operations and SecOps professionals to build an integrated, cross-disciplinary approach.
The second key area of concern is the large partner ecosystems, supply chains and third-party applications that are central to business operations. The UK research showed that island-hopping, in particular, is having a disproportionately large impact, featuring in only six percent of attacks but causing 15 percent of breaches. Add to this the number of breaches caused by third-party applications and supply chain vulnerabilities and you’re looking at more than one-third of all breaches originating in third parties.
What this confirms is that visibility into the corners of the extended ecosystem is essential; if you can’t see it, you can’t fix it. The threats are there, so hunting them out before they lead to breaches is the only way forward. Behavioural analysis of all those interconnected and exposed endpoints will pick up anomalies and show defenders where to look for incidents where attackers are using third parties to gain access to networks and data.
COVID-19 surge exposes vulnerabilities
Into this intensive, complex threat environment came COVID-19. The UK lockdown went into effect on 26 March, prompting an overnight transition to home-working for UK office-based businesses and leading to unprecedented pressure for IT operations and security teams tackling productivity, security and business continuity. Confirming the hypothesis that disruption and malicious activity go hand-in-hand, 98 percent of our survey respondents in the UK reported an increase in cyberattacks as a result of more employees working from home, with malware at the top of the list. Increased IoT exposure and phishing attacks were also added to the list of woes.
All this exposed weakness in disaster recovery planning in areas ranging from problems communicating with external parties to managing IT operations. However, the single biggest threat that has emerged in the security arena following the spread of COVID-19 has been the inability to institute multifactor authentication with well over one-quarter of UK respondents saying this has proved a major problem when trying to deliver secure remote access for employees.
Building Back Better
Today, perimeter-based defences are ineffective, threats are rising, especially those originating in third parties, and COVID-19 has added to the challenges of overburdened IT operations and security teams. The rapid adaptations that security teams need to make to protect a much more distributed, cloud-based workforce require an approach that makes security intrinsic and enables IT operations and security teams to integrate both strategically and tactically.
As the immediate impact of COVID-19 wanes and the next normal begins to emerge, this is a critical point at which companies must revise their approach the respond to the new threat landscape and the flaws exposed by the stresses of responding to the shift to remote-working.
It’s time to break down the siloes that exist in cybersecurity technologies and approaches and implement an approach that builds security intrinsically across applications, clouds, and devices. This will bring together IT operations and security teams to tackle new threats eliminate blind spots to deliver better visibility and proactively address vulnerabilities before they become breaches or attacks.
COVID-19 has proved a watershed moment in many ways, prompting reflection and a determination to “build back better”. Collaboration will be fundamental to addressing threats, both old and new, in the new world in which we find ourselves.