We are currently at a “defining moment” in terms of cyber risk, Ram Elboim, SVP Strategic Services of Sygnia said on Tuesday.
Speaking at the CybertechLive LATAM conference, Elboim provided a “view from the cyber frontline” outlining the reasons behind this new era of cyber security and risks and how organizations can adapt to the new realities.
Sygnia is a cyber technology and services company, which provides high-end consulting and incident response support for organizations worldwide.
Elboim said that while we are not facing an "imminent cyber apocalypse," today the world is facing a "new level of cyber risk."
He explained that what brought the global community to this point is a "convergence of three trajectories": the increasing complexity of networks, the sophistication of cyber attackers, and the paradigm shift brought upon by the coronavirus pandemic.
"Security is a very complex fabric of technologies, configurations and processes, and what happened with corona is that even in the most secure organizations, this fabric went out of balance," he said.
Elboim said that on the other hand, "this is an amazing time to be an attacker."
"You have endless opportunities and threat actors have been swift to use this, either to monetize immediately or as many criminal groups and nation states are doing, planting the seeds and backdoors for future attacks," he said.
Elboim said that organizations who have turned to Sygnia in recent months have experienced a "cascading failure" comprised of a "process of interconnected events, each of those might be minor, but they trigger a sequential failure of parts one after the other."
Providing a real life example of a company facing such a scenario, Elboim explained that it began with the simple act of an employee who visited a legitimate website for coronavirus updates that was compromised by a criminal group, known as a "watering hole attack." Once in the website, the employee unwittingly downloaded malicious malware to her end port.
He said that during "normal days" such an attack would have been prevented by the "robust" security of the organization, however due to remote working these security measures were weakened and the attackers took advantage and were able to gain direct access to critical areas of the internal network.
From there, Elboim said that two days later the attacker mapped the environment and, in the process, triggered an alert, which received low priority and was unfortunately ignored. A few days after that, the company "wakes up" to a heavy weight attack against them - which is when Sygnia was called into investigate.
In the end, he said his company was able to contain the attack in a "race against time" and prevent a much larger scale and malicious attack from taking place.
"As we clearly see this attack was allowed to happen, not only by an aggressive attacker, but mainly by the cascading effect," he said.
Elboim said that today, many organizations are already weakened by the financial crisis and may be unable to take another blow, especially not from a heavy weight cyber-attack.
"So not only the likelihood of an attack went up, but we also have smaller room for errors in responding to them," he added.
Elboim said that to address these new challenges, organizations need to first and foremost "adapt incident response plans to new realities." Additionally, he said companies must backup their critical assets and continuously practice and test their security systems.
Finally, he said that organizations need to proactively hunt attackers within their networks.
Despite these dangerous times however, Elboim said that “We need to look at this as an opportunity as we are probably witnessing the acceleration of what some of us describe as the fourth industrial revolution, more than ever before cyber security should be looked at as an enabler for digital transformation and the competitive advantage for your organizations.”