Fleming Shi, Chief Technology Officer at Barracuda, an email security company, shared highlights from a recent survey that found that almost half (46%) of global businesses have encountered at least one cybersecurity scare since shifting to a remote working model during the COVID-19 lockdown. And that 49 percent say they expect to see a data breach or cybersecurity incident in the next month due to remote working.
The same study reported that the increase in perceived risk has NOT been accompanied by an increase in security spending. Some 40% of companies surveyed said that their response to COVID-19 has included cutting their cybersecurity budget and 50% said that they would consider cutting staff if cybersecurity could be maintained.
Cutting Budgets in the Face of Increasing Threats Will Only Increase Risk
These two notions are at odds with each other. Threat actors are exploiting the rush to work from home with many methods, in particular Phishing attempts targeting remote workers. One example is hackers sending messages that look like they come from authority figures in a company detailing company plans to close locations, begin remote work, or tips to keep the employee safe with credible information from the World Health Organization (WHO) or the Center for Disease Control (CDC). They encourage employees to click on a link that looks authentic to learn more, in order to steal credentials and gain access to the network.
Another recent article articulating things that are keeping CISOs up at night during the COVID19 pandemic highlighted
“1. Lack of security at remote access sites. This is the most obvious. Nearly everyone who was working in an office is now working from home, which means there are many more endpoints to secure from potential attack, and exponentially more loose ends.
4. Phishing. Lots of it. This is the most expected security issue to arise during any period of panic, and it’s compounded by the fact that employees are working from home with fewer potential safeguards in place. Although phishing activity is always a threat that’s constantly evolving, there has been a massive increase in COVID-19-specific phishing activity, and a period of panic can make people more susceptible to fraud or social engineering. Dr. Salvatore Stolfo of Allure Security has seen “a dramatic uptick in the number of COVID-19 scams, largely phishing campaigns and an onslaught of fake emails trying to trick people to click on links sending them to malicious sites to steal their credit card information and their credentials.”
Every Industry is at Risk
When companies were required to social distance and rushed to work from home, many security teams were not prepared with the proper tools and security defenses, putting sensitive data and information at risk. Many employees now use personal devices to do their work and although many believe that their devices are secure, the hackers are aware of this and are deploying automated attacks en masse.
No industry or type of organization is immune to these threats. Data is valuable and hackers seek it whether it is a healthcare system sharing sensitive patient data, a retail business capturing and storing credit cards, banks housing mortgage, credit and other financial information, or biotech or pharma needing to protect trade secrets.
Intelligent Automation is the Key to Response and Remediation
The volume and sophistication of these attacks will continue to increase exponentially putting tremendous burden on the security teams. To combat this, even if companies have existing policies, employees should be newly informed and properly trained on COVID19 themed Phishing.
As well, organizations should deploy a Security Orchestration Automation Response (SOAR) solution with Artificial Intelligence that can enable them to more quickly triage and prioritize alerts, reduce false positives and noise, and use automated playbooks to reduce response time.
SOAR augments analysts with automated playbooks and recommended actions, reduces the time spent on lower level repetitive tasks and frees them to focus on more complex issues. SOAR also improves the speed and consistency of response and remediation with better team collaboration and communication.
Next Generation SOAR to Combat COVID19 Unique Working From Home Challenges
SOAR solutions have evolved as traditional providers of security solutions have built or acquired features to have a more comprehensive offering. These products can be complex and costly to deploy, requiring extensive customization and professional services to fit in an environment, only adding to the strain on IT budgets.
A Next Generation SOAR addresses a critical gap in the market today and the one that makes up the bulk of security analysts’ workload: alert triage, analytical and investigation. Beyond just automating the aggregation and correlation of events on the front end, and providing incident response playbooks on the back end, a Next Generation SOAR solution leverages AI to also automate these key analysis and investigative tasks.
Cloud Based SOAR is Budget Friendly and Delivers Results Faster
A Next Generation SOAR solution that is built in the cloud as an integrated solution from the start will enable security teams to deploy quickly and starting speeding intelligent incident response today without the need for costly and timely integrations.
With the onslaught of COVID19 related phishing and other attacks, time is of the essence. Security teams must have intelligent automation across all phases of correlation, investigation and remediation to speed time to response, improve the effectiveness, efficiency and collaboration across teams, and most importantly mitigate risk.
A cloud based SOAR with Intelligent Automation can help to avoid cutting staff, hiring of new staff and without costly customization and integrations, has less impact on budgets in these challenging times.
