Cybersecurity Has Changed as Companies Reacted to the Pandemic
Andrew Mundell, principal security engineer at Sophos, also joined the conversation to offer suggestions on how organizations can target the cybersecurity challenges they’re facing.
“I think I’d break it down into three big areas, and the first is the problems that we saw trying to get organizations to understand the power of cloud management,” Mundell explained. “Those are really difficult conversations with segments of the market out there that were highly regulated, worried about their intellectual property, for instance. So we’ve really seen the pandemic of 2020 bring that into sharp focus. Not only are organizations having to make drastic changes to their perimeter, but a lot of the traditional tools that they’ve been able to rely on have just not been suitable.”
Mundell said the second major problem he’s seen has been the changing perimeter. “I think back to a few years ago, and we had a very clear line of understanding of what the perimeter was, what the inside of the network was and what the outside of the network was. Not only has that had to change a lot, but we’re starting to see it actually being significantly more effective to blur those lines. And users want the flexibility to work wherever and whenever they want to.”
“And I think the third piece is the sophistication of the attacker,” he said. “I think that we are definitely seeing the widespread attacks increase. And whereas traditionally, I think we would hear a little bit of news here and there, now what we’re seeing is these are long-running attacks. These are not things that are built in a couple of days.”
Ransomware Attacks Continue to Evolve
Mundell pointed out the ways in which cyber criminals have changed their attack methods. He spoke about a new platform for criminals, which he called Ransomware as a Service. “What you’re able to do is join a platform and have that platform manage your ransomware executables, your ransomware payments and the encryption keys. So now, as an attacker, you don't have to worry about any of that pesky complicated stuff to do encryption.”
In recent attacks, Mundell said cybercriminals have been able to “use techniques and tools that have historically been thought of as things that are in the capabilities of nation-states. So, we’re definitely seeing the bar for some of these incredibly long-running and complex human-operated attacks come down.”
“There’s a second thing that goes on typically in the majority of the ransomware attacks that we’re seeing, and it’s some of that data access, not necessarily data exfiltration,” Mundell said.
Cybersecurity experts are now seeing incidents in which attackers not only take data, but also disable an organization’s security tools. Attackers have been able to “do things like break database services so that the database files become unlocked, and they can then be encrypted. So, if you think of the amount of time that the attackers have access inside of some of those environments, there’s a lot of intel that they’re able to gather. And that’s certainly different from how we thought of attackers and hackers even just a few years ago.”