Valeri (Val) Loukine is a Cyber Security Evangelist, a member of the office of the CTO with Check Point Software Technologies, a blogger, a world traveler, twice a granddad, and a biker.
With more than 20 twenty years in Information Security, Val helps hundreds of customers around the globe to overcome security challenges, counter threats, and build efficient cyber security architecture. Since 2018, Val has been leading the Check Point CheckMates community activities around the globe.
In this interview, expert Val Loukine provides exceptional insights into how the coronavirus pandemic has influenced cyber security transformations, and how the pandemic continues to shape our cyber security decision-making. Get actionable ways to address both known and unknown risks. Find out about next-generation technologies. The pandemic is evolving; is your security?
How did COVID-19 affect IT processes and cyber security?
The COVID-19 pandemic’s impact on information technologies and the cyber security situation is not much different from its influence on the world in general. There is a word for that: disruption. Suddenly, our routines were drastically changed, new unexpected challenges arose, and we needed to adapt to fast evolving and rather unpredictable conditions. Lockdowns and work from home mandates, the inability to meet face-to-face, and other unexpected and sometimes hard-to-navigate obstacles changed the work style for most organizations. IT had to scramble and re-think the operation mode. Remote and hybrid work models dictated new approaches to both business and cyber security tools.
The classic guarded wall perimeter security approach suddenly became impossible to maintain. It did not help that with the adoption of cloud services that approach was bound to become obsolete anyway. The rapidly evolving situation pushed organizations to search for new paradigms and tools if they wanted to survive, and of course, finding the correct operation modes took a bit of time. Some mistakes were made, and in the process, we have seen new security challenges.
Let me use my own organization as an example. 90% of the workforce were used to doing their jobs in the office. The tools they had: PCs, conference facilities, information exchange tools, collaboration tools – all these elements were designed to be used securely from the offices, where the classic perimeter security approach was the foundation for cyber security.
Then, in the beginning of 2020, we had to provide secure remote access, virtual meetings solutions, and also laptops for working from home. And if you could not deliver thousands of company managed properly secured PCs for your remote workforce, you needed to find a new solution that allowed your employees to use other means of access and collaboration. All these new tools need to be secured, quickly and effectively.
That was arguably the main challenge most organizations faced: providing new scalable and secured tools to their employees, as fast as possible.
Rapid adoption of the cloud environment, new conferencing and collaboration tools, the need to rely not only on managed assets, but to secure corporate access from unmanaged personal computers and mobile devices – all these factors led to new surfaces of attacks and new rapidly evolving threats.
According to Check Point 2022 Security Reports, cyber attacked increased drastically in 2021. For example, attacks on software vendors rose 146% since 2020, and for education and research, healthcare and financial sectors we saw more than 50% growth.
COVID-19 contributed to cyber risks. How have cyber attackers exploited uncertainty and social changes?
Cyber criminals do not miss an opportunity to cash on peoples’ fear, uncertainty and desperation. We are seeing an increased number of attacks leveraging the COVID-19 theme: false ads leading to infected pages or selling fake vaccines and fraudulent health certificates.
And of course, while people have to rely to web access for practically everything these days, we are seeing a sharp rise of banking trojans, info stealers, crypto mining and RAT malware all over the map. Hackers are after your data, your identity, your money, your privacy, and even your CPU time.
We also see that the modus operandi of cyber criminals is changing, probably because some of their revenue streams are shrinking, and they have to look for new ways to make money.
For example, ransomware attacks evolved from holding your data for ransom into double, triple and sometimes quadruple extortion. In such cases, ransomware attacks are preceded by data exfiltration. Once the ransom has been paid and the business operations resume normally, criminals ask for another payment and threaten to release stolen data. Then they go after that company’s business partners and customers, once again threatening to expose their secrets and private information.
You probably remember the REvil attack on the Apple supply chain in April 2021. That ransomware group hacked one of the Apple’s suppliers and obtained schematics of then-unreleased products. REvil attempted to blackmail both the supplier and Apple. When both refused to pay, hackers released the schematics ahead of the product launch.
Although there’s been plenty of time to close security gaps, where are we still seeing COVID-19 related cyber risks?
I am tempted to say “everywhere”, but let’s be more specific. One of the main areas of concern is the cloud environment, especially IaaS and SaaS. Platforms themselves may be reasonably secure, but the applications and deployment schemes are another matter. One more pain point is remote work. Cyber criminals are trying to compromise both remote access tools and individuals using them through targeted phishing attempts. And of course, no matter how good you are with your own security processes, there is always a risk of being hit by a compromised supply chain or through third party code you may use in your applications (Log4J).
Can you recommend actionable ways in which businesses can address both known and unknown cyber security risks?
Be alert, be prepared, run security drills and “pre-mortem” exercises. Constantly and vigorously challenge your own security practices and posture, keep a close eye on newly discovered vulnerabilities and stay informed about the most recent security threats for your industry. Employ audits and red teams to discover weaknesses and gaps in your defense. Make sure you use the most advanced instruments to protect and to monitor your assets, including remote clients. Train your employees to recognize social engineering and phishing attacks, teach them ways to react and report any potential security breach.
What kinds of new operating models might be needed?
In the era of cloud based IT and remote work, where there is no more perimeter, you need to rely on Zero Trust model, micro segmentation, and XDR.
What role should business executives play in addressing COVID-related security risks?
Executives define strategies, risks policies and budgets. It is time to stop considering IT and cyber security an expense and to start treating them as the foundation of the business. C-level managers should be leading cyber security awareness, security posture, cyber processes and tool acquisition. They should clearly define actionable goals and means to protect not just the crown jewels, but the whole continuum of company assets, tools and valuables, including their employees.
This is something that is not necessarily related to COVID-19. The pandemic just made these principles more obvious, in my view.
What are your predictions regarding the development of the cyber threat landscape in 2022?
One does not have to be especially prescient to predict the future here. We all know what will happen. We will see more threats, more sophisticated attacks, more vulnerabilities, more of everything. To be one step ahead, we need to continue challenging our security practices, seeking the most effective cyber security defenses and keeping a cool head. Also, look for the best security tools available for your needs and do not hesitate to use them.
Stay safe, stay secure. You deserve the best security.