The global pandemic has underscored the value of planning for the unexpected. Opportunistic criminals exploit constantly evolving work conditions and strained defense forces to cause a increase in attacks. Although there was no way to completely predict the effect on our organizations and be armed with a comprehensive plan from day one, there is plenty we can do to strengthen our resilience to emerging threats.
To address some of the key takeaways from the ongoing crisis, I spoke with Phil Jones, who has been managing Airbus Cybersecurity activities, an Airbus Defense and Space business unit since 2016. Phil now heads the group ‘s Cybersecurity Services sector that includes Managed Security Services, Security Advisory and Professional Services, and Integrated Security Services.
There are other types of attacks that organisations can anticipate in times of crisis?
We are currently seeing a revival of some classic cyber attacks such as brute force attacks on servers running Remote Desktop Protocol (RDP) or VPN platforms. Throughout recent weeks, these kinds of attacks have undergone three- to four-fold growth around the world.
Many companies have increased in their search to meet their employees’ remote work needs and have rapidly deployed new VPN or RDP applications without adopting the normal internal security testing procedures. Hackers have used this ability to access previously inaccessible information systems because of their configuration. Attackers can use open access platforms like Shodan with minimal effort, allowing them to search and locate connected objects and vulnerable machines with a free, unsafe RDP port over the Internet.
Organizations unable to perform “generalized” remote work are faced with a tenfold increased risk of sensitive data leakage. Employee bad practices, which use alternative approaches like non-corporate SaaS software or their personal resources and equipment in good faith, accentuate the “Shadow IT” effect and the lack of security team visibility monitoring.
There’s no special explanation for the types of attacks to alter during times of crisis, rather it’s the ability to manage them that is hindered. Indeed, security teams themselves have been increasingly working remotely during the COVID-19 timeframe and as a result their response capabilities have been compromised.
How do companies turn on current tools and processes to deal with threats as they emerge?
It is important to note that any organization, such as ISS hygiene, needs to have a minimum security base. It encompasses most cyber risks, and its reaction speed will rely, for example, on its ability to detect new threats in its environment through Security Operations Centres.
The company must retain some space for flexibility in order to be able to respond to new challenges while avoiding operating at 100 per cent efficiency. Creating “buffer capacity” may prevent the company from being overwhelmed immediately and may allow it to manage itself better in the event of an incident.
The company must adopt a versatile stance in non-crisis times, challenging its properties, tools , and processes to adapt – in the same way that threats develop and adapt. In reality, when dealing with new threats this is the biggest challenge – being able to constantly change and having teams with the skill, creativity and enthusiasm to learn and adapt.
Which are some of the errors that security teams make, you and your team?
We note that Attackers are commonly leveraging configuration errors. Configuration errors are common consequences of a-attack surface (Bring Your Own Phone, Mobile, Cloud, IoT, etc.) and organizations that are equipped with software and technology not yet mastered by them.
To minimize the risk of misconfiguration, it is important that the security teams deploy new IT services through an IT service management validation process that ensures compliance with previously defined requirements and verification of certain control points (configuration checklist) or even using technical auditors (slope auditors) for the most sensitive systems.
The company must be able to assign the required time to carry out implementation activities with due diligence and due care to make its IT personnel aware of cyber threats beforehand.
In a crisis coordination is paramount. On that front how do organizations improve?
Communication is one of the main factors in handling crises. Having a communication plan (internal and external to the organization) covering multiple cases of cyber-attacks is critical for the organization.
Therefore, crisis communication is a challenge, because it is a matter of being able to convey information through the right means (especially when traditional channels are unusable), the right elements, to the right recipients in a way that is easy to understand. Especially considering that information concerning the cyberattack can become viral (sometimes even at the initiative of the attacker who advertises it on the Internet) and cause credibility and identity harm greater than the material or financial damage caused by the cyberattack itself. The communication plan needs to be clearly defined and placed upstream to ensure, for example, that the communication team is in direct contact with the responding teams.
To evaluate its resilience, companies will use crisis management drills to check this technique at least once a year. Airbus CyberSecurity frequently conducts crisis management training activities for our clients. The aim is to ensure that the company is in the best position to make the right decisions at the right time and to respond appropriately when the time comes to execute the strategy. It refers to the areas of communications but even more generally, including technical elements such as emergency management and forensics.