Joe Stuchbery opens up on the changing threat landscape
What threats have become more prominent over the last couple of months?
Before I dive in to this, I'd say that what we've seen is an amplification in the intensity of known threats rather than brand new, never conceived threats suddenly coming to light. So most of the things we're dealing with were happening before COVID-19 and will likely continue to happen when COVID-19 is well in the rear-view mirror.
With that caveat, we have seen a significant push by criminal hackers to take advantage of the IT chaos and end-user's fears for their own ends. That's been most visible in the large amounts of phishing attacks we've been seeing. Many of these attacks use tried-and-true methods but leverage COVID-19 as the lure. Thus, we've seen lots of phishing that attempts to convince a user to access some important piece of COVID-19-related information, or masquerade attempts that leverage the newly-distributed workforce as a way to convince you that your boss really is mailing you from her Gmail account.
In addition to these attacks on workers, we also see attackers trying to attack newly-deployed Cloud infrastructure. While Zoom bombing might be the poster-child for hacker attacks on Cloud deployment, it's just one example. If you have recently deployed a new service to solve for some business need, you can expect it to be attacked. Actually, let me make that stronger: it IS being attacked.
How have customer demands for cybersecurity changed as a result of COVID-19?
Again, I think this is a bit of a follow on where context is important. When companies really began to understand the impact COVID-19 would have on their business, there was a mass exodus from on-premises ‘traditional' operations to distributed, cloud-based work habits - and that exodus happened almost overnight. Worse yet, most multi-site companies didn't have a disaster recovery plan that envisaged their entire workforce working from home. That led to the rapid deployment of interim solutions where the focus was on business continuity - uptime and availability were paramount.
Now, as we become more accustomed to this new way of working, we've seen companies realize that in fact this new work approach can be pretty efficient for certain verticals. In addition, we have had time to realize that securing data that is also mobile in this hyper-distributed environment is critical. Add in the change in threats we discussed above, and customers have rightly been very demanding with respect to security.
In this new environment, customers rapidly went through a process of increasing security maturity. To provide a framework, I'm a huge fan of the simple model of ‘visibility, control, product' as a hierarchical way of viewing how defenses evolve. Initially, companies struggled to get visibility into what was going on. Next, they attempted to control what was happening as the ‘fog of war' slowly cleared. Lastly - and that's a step very much in progress - we attempt to get ‘left of boom' and predict where things are going, so we can mitigate potential damages. We become proactive rather than reactive.
How have partners had to adapt their offerings to stay relevant?
Cyber Security has been a fast growing industry for a number of years now and so partners have had to evolve and adapt with the pace and development of technology. With the fast adoption of Cloud and SaaS, partners have adapted in many areas, consultancy now has become more remote than the traditional on-site, offerings are often based on integration with other technology vendors. Cyber Security companies had to move fast to understand AWS, Azure and how they can build a solution to take to a customer that integrates and works Cloud Platform providers. As Threats become more sophisticated, Security Managed Services is a key offering for partners, it allows them to help customers with the vast information being produced and most importantly assists the customer with a continued improvement of their security posture.
What has been the biggest change to the cybersecurity industry as a result of COVID-19?
I'm going to go with the ‘glass is half full' response because I think we should look on the bright side whenever we can, and also because in this case I think it's very much justified. I think the Cybersecurity industry has realized that we don't need to all be in the same room to work well together and our job as an industry is to enable people to conduct business safely online. So many companies had stalled out trying to create more expansive work from home or BYOD strategies, and COVID-19 has forced us to take on the challenge of doing that safely - it's not a luxury but a necessity. So it's forced us to jump in with both feet, and that's a very positive change.
What will the pandemic's lasting legacy on the industry be?
In general, I think this will be a tipping point regarding how we work in the future. We've now proven that working from home - at least some of the time - can be effective and safe. I suspect that when the world begins to return to normal, we'll view our interactions in person with the incredible value they truly have, and we will experience how we work very differently. I think the legacy will be a real transition to the nomadic worker who is assisted and enabled by the cloud… and that this environment will be both secure and efficient.
Cyren is sponsoring CRN's cybersecurity DeskFlix episode. Register here to attend the virtual event on 25 June