The pandemic of Covid-19 has changed our lives, disrupting our work behaviors where more people than ever are working from home, Azure cloud services observing 775% in usage, enabling greater exposure of infrastructure and data, and creating a significant spike of cybersecurity threats. Phishing attacks such as using Covid-19 in the subject and divulging sensitive information through social engineering techniques are some of the key threats. Infrastructure and mobile devices are more susceptible than ever. Cybercriminals are exploiting the lack of security controls in the home network, compared to the corporate environment. Recently, Trend Micro research analyzed COVID themed malware that over-rides a systems’ master boot record, rendering it unbootable. When was the last time you checked your security posture? How effective are your security controls & policies?
The prevailing fallacy of organizations have been assumptions on the types of challenges to prepare, assess, and mitigate cybersecurity threats, and the dirty little secret is that they’re not insurmountable. By incorporating breach and attack within your security best practices better prepares an organization by identifying potential gaps, but why stop there? Enrich the approach with simulations, the “what if scenarios”, as well as adaptive learning from prior attacks, activity, and ongoing threat intelligence. But, is a simple tool or platform the silver bullet? Not really. However, employing a “no zero trust” cybersecurity practice, interwoven with NIST and MITRE ATT&CK frameworks, robust risk management, layered with services workflows, and the icing of a digital 360 security approach, will empower your organization to be more vigilant.
Organizations need not succumb to the hype of tools and platforms but embrace BAS in entirety. A partner experienced in delivering business value through tools, best practices of methodologies and frameworks, and illustrating the impacts through intelligent analytics would be the right way to go.
Shine the light, and erect the security posture, elevate the awareness, and unlock the mitigation strategies.