International. The evolving threat landscape ranked as the top driver affecting the information security organization over the next three to five years, according to a recent survey by Gartner, Inc.
"External risk is the most important thing for security and risk management leaders in 2020, yet COVID-19 has shown how quickly and how drastically such risks can change," said Jonathan Care, senior research director at Gartner. "Bad actors are always looking to take advantage of global events, such as the pandemic, to exploit new vulnerabilities and circumvent even the most advanced security controls."
Remote work
As organizations around the world moved to remote work driven by COVID-19, the number of remote desktop protocol (RDP) and virtual private network (VPN) services exposed increased, and widespread reliance on digital meeting solutions created new threat vectors. Security teams also had to develop new protocols for managing and patching remote terminals.
"Before the pandemic, most companies designed their appetite for risk around the assumption that remote work was the exception, rather than the norm," Mr. Care said. "When that scenario was changed, risks like always-on VPNs and bringing your own device, which were previously a lower priority for security leaders, suddenly became paramount. This forced security teams to quickly reassess their company's risk landscape and implement new solutions and policies accordingly."
Chaotic changes
Threat actors took advantage of the urgency and chaotic nature of changes in work environments to take advantage of new tactics. Gartner has observed an increase in reporting on coronavirus-related business email compromise (BEC) and phishing scams, including SMS phishing ("smishing") and credential theft attacks.
COVID-19 also led to an increase in nation-state activity from advanced persistent threat (APT) groups targeting healthcare and essential services. These actors are using scanning and exploitation techniques, as well as password dissemination that attempts to exploit unpatched vulnerabilities, to obtain massive personal information, intellectual property, and national intelligence.
Invest in agile systems
In response to the dynamic nature of the immediate threat landscape, Gartner recommends that organizations invest in security solutions that are agile enough to evolve along with them. "Many organizations waste time on legacy security technologies that have lost effectiveness or continue to unnecessarily tighten effective controls," Mr. Care said. "Instead of trying to anticipate and block all possible threats, invest in solutions with detection and response capabilities, which can help with unknown threats and improve response effectiveness when prevention fails."
Gartner predicts that by the end of 2023, more than 50% of enterprises will have replaced older antivirus products with combined endpoint protection (EPP) platforms and endpoint detection and response (EDR) solutions that complement prevention with detection and response capabilities. Extended detection and response (XDR) capabilities are also emerging to improve detection accuracy and security productivity.
Strategic evaluation
Security and risk leaders can use a continuous and adaptive strategic mindset of risk and trust assessment (CARTA) to evaluate vendor products and determine how they can build more adaptable defenses by applying the concepts of prediction, prevention, detection, and response.
Leave your comment