3rd Party Risk Management , Application Security , Business Continuity Management / Disaster Recovery
Cybercrime - The Other Pandemic
CISO Amit Basu on How It Spread and How to Fight ItAs the world desperately tries to emerge from the COVID-19 pandemic, we are combating a “pandemic of a different variety,” Christopher Krebs, the former director of the U.S. Cybersecurity and Infrastructure Security Agency, warned in May.
See Also: Cybersecurity Awareness Engagement Toolkit: Elevate Your Security Culture
Indeed, the world is experiencing a cybercrime pandemic, which is a direct consequence of COVID-19. Due to the global spread of the virus in 2020, many organizations - without proper risk analysis or mitigation planning - were forced to send all employees to work from home to balance safety, compliance, and business continuity.
Suddenly employees were following modified business processes, often with lesser controls, using relatively insecure setups involving personal computers and shared internet connections. This sudden paradigm shift created a fat new target for cybercriminals and cyberattacks across the world have increased dramatically since then.
Rapid Spread
The FBI’s 2020 Internet Crime Report listed 791,790 cybercrime complaints in 2020 - a 69% increase over 2019. In the SolarWinds supply chain attack, hackers had access to the data of at least nine U.S. federal agencies for more than nine months.
The cyber pandemic is continuing to spread in 2021. In January, a ransomware attack affected the OT systems of WestRock, the second-largest packaging company in the United States. In March, over 30,000 organizations in the U.S. were affected by the Microsoft Exchange Server attack.
Increasing Impacts
May 2021 was the first time a cyberattack had a large-scale physical impact on the general U.S. population. The Colonial Pipeline ransomware attack caused the average U.S. gas price to go above $3 a gallon for the first time in over six years and led to severe gas shortage in several states.
In the same month, a ransomware attack on JBS, the world’s largest meatpacker, halted all its U.S. plants. And a supply chain attack on software provider Kaseya in July may have affected between 800 and 1,500 businesses.
Targeted Ransomware Attacks
Ransomware attacks, which have increased by nearly 500% since the start of COVID-19, are a major part of this cyber pandemic.
Phishing is still the primary method of spreading ransomware. Since COVID-19 forced people to work in isolation, it’s harder for them to consult with a co-worker or IT staff member before they succumb to a phishing email.
The evolution of Cybercrime as a Service on the dark web has happened over the last few years, but the recent targeted ransomware attacks were fueled by a more focused model, Ransomware as a Service, provided by sophisticated cybercrime groups.
A New Target - Operational Technology
Recent cyberattacks not only affect information technology systems; attacks on operational technology are also on the rise. These were rare before the COVID-19 pandemic, due to the difficulty in getting access. But COVID-19 has forced organizations to connect their OT systems or the connected IT systems to the internet to facilitate remote management. That allowed cybercriminals to compromise the OT systems either directly or by infiltrating into the connected IT systems.
A recent cyberattack on a water plant in Florida could have caused the water to be contaminated. And in the cyberattacks in Colonial Pipeline and JBS, OT systems were most severely impacted.
How Do We Stay Safe in a Cyber Pandemic?
Just as vaccination keeps us safer from COVID-19, we realized that proactive prevention measures will place our organizations in a better position to combat this cybercrime pandemic. With cybercriminals creating waves of new threat variants, we reviewed every layer of the security chain and its relevance in the new normal and made appropriate changes to create new preventive controls. We ensured that cybersecurity is embedded with every modified business process.
Before the COVID-19 pandemic, cybersecurity strategy was primarily focused on securing the network perimeter. But COVID-19 blurred the borders around businesses’ critical applications and data. The network perimeter has been extended to employees' homes, and accessibility needs from anywhere have accelerated the migration to cloud and adoption of other digital technologies.
The changing scenarios required increasing the level of security, and it was critical to ensure that security was never an afterthought. New IT security layers included smart endpoint protection, stronger identity controls using mandatory multifactor authentication, and zero trust network access for enhanced protection.
Today’s cyber defense must start at the endpoint. A sophisticated endpoint detection and response tool provide continuous and real-time protection to any device that communicates with organization’s IT assets. Leveraging behavioral analysis and actionable intelligence to endpoint data, EDR solutions’ early detection and prevention can stop an incident from turning into a breach.
With more virtual and remote workers than ever before, strong user identity verification with multifactor authentication is essential. MFA prevents breaches by requiring additional information or credentials from the user apart from password. Cybercriminals may garner a user’s password using a phishing or social engineering attack, but they still won’t be able to get in with MFA in place.
The rapid cloud migration must be secured by zero trust network access. Zero trust eliminates the notion of trust prevalent in traditional perimeter security model. Properly designed zero trust policies will help companies to protect data in the cloud from unauthorized access or breach.
Finally, as the umbrella cover, there is no alternative to the defense-in-depth approach to cybersecurity – where a series of defensive mechanisms are layered to protect the crown jewels. If one mechanism fails, another will step up to thwart an attack. This multilayered approach with intentional redundancies increases the security as a whole and address many different attack vectors.
Resiliency Reduces Impact
Like COVID-19, the cybercrime pandemic may always be with us but, as we are finding ways to reduce the impact of the virus, organizations need to start adopting a holistic cyber risk management strategy that prioritizes resilience while giving due importance to security. Cyber resiliency is the ability to anticipate, withstand and quickly recover from cyberattacks.
We have designed our cyber resilient strategy encompassing the people, process, and technology elements of cyber risk. Even with stronger technology controls, our employees still attend regular cyber awareness trainings, so that they can exercise good judgment to maintain information security.
The process includes a well-defined incident response plan, with documented roles and responsibilities, internal and external communication plans, and detailed run books for common incident types. A well-rehearsed IR plan is the most critical component of a successful cybersecurity program.
CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.
Join the Community - CyberEdBoard.io.
Amit Basu is the CISO and CIO at International Seaways. He has over 30 years of experience in maritime IT and cybersecurity and was a pioneer in process automation, secured cloud computing and SaaS implementation in the maritime industry. AT INSW, Basu has designed a layered cybersecurity risk management control environment modeled on defense in depth and leveraged actionable intelligence and behavioral analysis to enhance cybersecurity defense efforts, especially for mitigating security risks of the IT and OT onboard ships.