Webinar Recap: Criminal Evolution in the Age of COVID-19 & How Organizations Adapt to the New Normal
Webinar Recap: Criminal Evolution in the Age of COVID-19 & How Organizations Adapt to the New Normal
Reading Time: 4 minutes

Remote work is here for the long run, and as businesses adapt to the new normal, hackers are also adjusting to – and taking advantage of – this new status quo. The COVID-19 pandemic has changed the way we work by transitioning most of the workforce to be remote and turning our homes into offices. This shift has seen hackers and cybercriminals modify their approach and adapt their hacking methods accordingly. 

The combination of rapid cloud adoption, BYOD, and remote work have opened the door to new breaches and hacks. This requires organizations to transform their defensive playbooks and to better understand how hackers are utilizing the crisis for data theft. Recognizing how criminal business models have evolved is key to protecting our data and resources in the present. 

In early September, security researcher and “friendly hacker” Keren Elazari joined Sivan Tehila, Director of Solution Architecture at Perimeter 81, in a discussion about the evolution of security threats and cyber crime in our new remote work era. From Zoom bombing to account takeovers, access mining and phishing, Keren and Sivan shed light on emerging security threats and shared practical ideas on how to build a more secure future for your organization. 

Watch the webinar on-demand:

 

What new security threats and trends have developed over the past 5 months of working remotely? 

Keren kicked off the discussion by explaining that during the pandemic, criminals have amped up their activity. During the pandemic, we saw how adaptable hackers really are. Once a specific region was hit with COVID-19, cybercriminals hit those areas with phishing, malicious emails, contact tracing apps, etc. They have been following the pandemic and capitalizing on it. Keren also discussed access mining, AWS mining, malware, ransomware, island hopping, and more developing trends. Sivan followed up with examples from current events and trends from the industry. During the pandemic, more organizations have been adopting cloud-based solutions and rethinking their business continuity plan, especially healthcare and educational organizations that have been a hot target for hackers during the pandemic. 

What are some things that we should understand about the way a hacker’s mind works? 

Keren discussed how hackers are curious and constantly striving to find ways to use tools and processes in an unexpected way. For years, hackers have been “living off the land” and utilizing resources that they access in order to exploit them, especially during the pandemic. Keren gave examples of opportunities from within an organization that hackers leverage for their advantage. Additionally, hackers are finding ways to have more interaction with their targets in order to craft their attacks.  

Now that home is the new office, what does this mean for IT Managers, organizations, and employees?

In our new normal, the responsibility to secure our networks falls on all employees as well. Sivan explained that IT Managers must have a strategy in place in order to deal with the challenges of remote work, as well as make adjustments to their security training in order to find a balance between realistic security requirements from employees and the appropriate enforcement of policies. Attackers are becoming more sophisticated but when we use different layers of security, we can help protect our data and networks. IT Managers should adopt unified solutions that give them control and visibility of their network and users in one place, in order to simplify managing employees remotely. 

How has the rushed adoption of cloud computing and storage brought about more ways to exploit network vulnerabilities? 

Continuing from the previous question, Sivan discussed dark data and a lack of awareness of where remote employees are storing their data. When moving to use cloud-based infrastructure, it is important to map out assets and prioritize security goals based on this map. When using the cloud, we use more applications and remote protocols in order to access data, so we must manage this remote access with the correct encryptions and protocols in order to avoid hackers exploiting our networks.

Keren expounded on how the land has expanded for cybercriminals – infinite computing power that they can leverage. When working from home, there are additional devices that we are using and that are additional entry points for hackers. After providing some recent examples of vulnerabilities in existing systems, Keren explained how criminals are aware of the way we are using various tools and software. 

Moving forward, how should organizations set up a business continuity strategy for cybersecurity? 

For the final question, Keren discussed multi-factor authentication and the need to eradicate passwords. We can take this pandemic as an opportunity to improve our security posture and throw old practices, such as passwords, out the window and to move on to more modern and more secure technologies. Sivan added the importance of going back to the basics and asking ourselves what type of adjustments we need to apply – how we identify a threat, how we protect our networks, and what new layers of security we need to adopt in this day and age. In the past when we used to protect the perimeter, now we have to protect not only outside but inside the network as well with micro-segmentation and different security layers. 

After an exciting discussion with insights, examples, and tips, the panelists moved on to answer questions from the audience. If you were unable to tune in live but still would like to address questions to the speakers, feel free to reach out to us on LinkedIn, Twitter, or Facebook

About the Speakers

Keren Elazari is an internationally recognized security analyst, author and researcher. In 2014, Keren became the first Israeli woman to speak at the prestigious TED Conference. Keren holds a CISSP certification and a Masters in Security Studies, and is currently a senior researcher at the Interdisciplinary Cyber Research Center at Tel Aviv University. Keren is the founder of Israel’s largest security community, BSidesTLV, part of the global SecurityBSides movement, and the Leading Cyber Ladies global professional network for Women in Cyber Security.

Sivan Tehila is the Director of Solution Architecture at Perimeter 81. Sivan is a cybersecurity expert with over 13 years of experience in the industry, having served in the IDF as an Intelligence Officer and then in various field positions including Information Security Officer and a cybersecurity consultant. For the past two years, Sivan has dedicated herself to promoting women in cybersecurity and founded the Leading Cyber Ladies community in NYC.

 

Read More
Webinar Recap: What will cyber security look like in the post-COVID-19 world?
Reading Time: 3 minutes

In addition to all of the demographic, economic, and healthcare implications brought on by COVID-19, the once-familiar 9-to-5 office environment as we know it has changed dramatically. Remote work, once expected to be the future, is now our new reality. Even though Gartner predicted that by 2020, half of the US workforce would be working remotely, no one could have anticipated it to become ubiquitous during the COVID-19 outbreak. Now, nearly everyone has been forced to work from home for the foreseeable future. Organizations have been seeing an increase in productivity from employees and have extended their work from home policies until the end of 2020, or even indefinitely.

Along with all of its benefits, remote work also brings a host of cyber security risks that are harder to tackle outside of the office. Additionally, with millions of people connecting to their corporate networks from their homes, network infrastructure is being taxed like never before, creating new issues of internet overload and skyrocketing VPN usage.

While the future remains uncertain, organizations are embracing the new normal, and now is the time for CISOs and IT managers to start thinking about how they will continue securing their teams while working remotely. Industry analyst Richard Stiennon and Perimeter 81 Co-founder and CEO Amit Bareket joined forces in early July for a webinar to discuss, review, and make predictions about the future of cyber security in the post-COVID-19 world.

Watch the webinar on-demand:

 

From your experience in security, what has changed dramatically over the past decade? 

Stiennon, who has been in the industry for nearly 30 years, focused on the digital transformation which morphed into the cloud transformation and the use of SaaS services. Bareket added employee mobility to the security challenges that have developed over the past ten years and the need for security appliances to keep up with these trends. 

How has COVID-19 changed the way we consume cyber and network security?

Stiennon kicked off the conversation with the fact that organizations that were unaccustomed to working remotely and did not have a solution for secure remote access were forced to move their entire workforce remote almost overnight and with zero preparation. Now that the urgency to find a solution for securing remote access has died down, organizations are focusing on long-term strategies for securing their remote workforce. Following with experience from Perimeter 81’s customers over the past few months, Bareket gave examples of organizations that may have previously been more “traditional” in their approach to security and cloud, that are now making the transformation. As COVID-19 has accelerated the adoption of cloud and mobility, organizations are rethinking their security policies and strategies.

What do you think is the biggest pain in the cybersecurity space right now? 

Bareket clearly sees the challenge as now that employees are working remotely/from home, organizations must open their infrastructure to be open to the outside and from unmanaged devices, compromising security. Stiennon added that security professionals have to break loose from their current mindset of “boxes” and change their vision to include the cloud. Additionally, now these professionals are charged with the responsibility of not only protecting resources but also protecting employees. 

What do you think the future of security has in store over the next 2 years? 

Stiennon believes that new threats that have come about from the age of remote work are adding to the revelation of new vulnerabilities and by this fall we will be seeing massive breaches announced, that are starting during this time period. On the flip side, we are also working more securely as more vendors are offering more security capabilities and organizations are consuming these services. From the vendor perspective, Bareket believes security services overall is moving away from on-prem to cloud-based and user-centric solutions. Additionally, various services will start joining together in order to unify under one platform in order for any business of any size to consume. 

Which challenges and solutions will we be seeing in the near future? 

Bareket discussed Gartner’s SASE (Secure Access Service Edge), the unification of security and infrastructure to be offered from the cloud edge. Stiennon added that the fact that government offices, law firms, medical practices, and the like (approximately 80% off all businesses and organizations) are all late adapters to new technologies and security software. 

After a riveting discussion with predictions and surmisings, the panelists moved on to answer questions from the audience. If you were unable to tune in live but still would like to address questions to the speakers, feel free to reach out to us on LinkedIn, Twitter, or Facebook

 

Read More