Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Emerging Threats During Times of Crisis: Insights from Airbus Cybersecurity’s Phil Jones

The global pandemic has highlighted the importance of being prepared for the unexpected. Opportunistic attackers are taking advantage of rapidly changing work environments and stretched security teams to launch a surge in attacks. While there was no way to fully anticipate the impact to our organizations and be prepared from day-one with a detailed plan, there is a lot we can learn to strengthen our resilience to emerging threats. 

The global pandemic has highlighted the importance of being prepared for the unexpected. Opportunistic attackers are taking advantage of rapidly changing work environments and stretched security teams to launch a surge in attacks. While there was no way to fully anticipate the impact to our organizations and be prepared from day-one with a detailed plan, there is a lot we can learn to strengthen our resilience to emerging threats. 

To discuss some of the key takeaways from the current crisis, I connected with Phil Jones who, since 2016, has overseen Operations within Airbus Cybersecurity, a business unit of Airbus Defence and Space. Phil now leads the group’s Cybersecurity Services business which includes Managed Security Services, Security Consulting and Professional Services, and Integrated Security Services. 

What are some of the types of attacks organizations can expect during times of crisis?

Currently, we are seeing a resurgence of some classic cyberattacks such as brute force attacks on Remote Desktop Protocol (RDP) servers or VPN platforms. These types of attacks have experienced three- to fourfold growth around the world in recent weeks.

In their quest to satisfy the remote working needs of their employees, some organizations have increased and quickly deployed new VPN or RDP services without following the usual internal security validation processes. Hackers have taken this opportunity to access information systems that were previously inaccessible due to their configuration. With minimal effort, attackers are able to use open access platforms such as Shodan, which allow them to scan and locate connected objects and vulnerable machines with an open, unsecure RDP port on the Internet. 

Organizations that are ill prepared to operate “generalized” remote working face a tenfold increased risk of sensitive data leakage. The bad practices of employees, who in good faith use alternative solutions such as non-corporate SaaS applications or their personal tools and devices, accentuate the “Shadow IT” effect and the loss of monitoring visibility by security teams.

During times of crisis, there is no particular reason for the types of attacks to change, rather it is the ability to deal with them that is hindered. Indeed, during the COVID-19 period, security teams themselves have increasingly been operating remotely and as a result, their response capabilities have been affected. 

How can organizations quickly pivot existing tools and practices to address threats as they emerge?

Advertisement. Scroll to continue reading.

It is essential to remember that every organization must have a minimum security foundation, such as ISS hygiene. This covers most cyber risks and its speed of reaction will depend on its ability to detect new threats in its environment, via Security Operations Centers, for example.

To be able to adapt to new threats, the organization must maintain some room to maneuver by avoiding being at 100% capacity. Having “buffer capacity” can prevent the organization from being immediately overwhelmed and can allow it to better organize itself in the event of an incident. 

In non-crisis periods, the organization must adopt a flexible posture, questioning its assets, tools and processes in order to adapt – in the same way that threats evolve and adapt. In fact, this is the biggest challenge when dealing with new threats – being able to constantly evolve and having teams with capacity, flexibility and curiosity to learn and adapt.

What are some of the mistakes you and your team see security teams make?

We observe that configuration errors are widely exploited by attackers. Configuration errors are frequent consequences of a growing attack surface (Bring Your Own Device, mobile, cloud, IoT, etc.) and of organizations that equip themselves with tools and technologies that they have not yet mastered. 

To reduce the risk of misconfiguration, the implementation of new IT services must absolutely go through an IT service management validation process by the security teams who will ensure compliance with previously established standards and the verification of certain control points (configuration checklist) or even use technical auditors (slope auditors) for the most sensitive systems.

The organization must be able to make its IT resources aware of cyberthreats beforehand and allocate the necessary time to conduct configuration tasks with due diligence and due care.

Communication is paramount during a crisis. How can organizations improve on that front?

Communication is one of the key elements of crisis management. It is important for the organization to have a communication strategy (internal and external to the organization) covering multiple cases of cyberattacks. 

Crisis communication is therefore a challenge, as it is a matter of being able to communicate information via the right means (especially if standard channels are unusable), the right elements, to the right recipients in a way that is easy to interpret. Particularly considering that information relating to the cyberattack can become viral (sometimes even at the initiative of the attacker who advertises it on the Internet) and cause damage to reputation and image greater than the material or financial damage of the cyberattack itself. The communication strategy must be carefully defined and put in place upstream to ensure, for example, that the team in charge of communication is in close contact with the teams in charge of the response.

To assess their resilience, organizations must test this strategy at least once a year using crisis management exercises. Airbus CyberSecurity conducts test crisis management exercises with our customers on a regular basis. The goal is to ensure that when the moment comes to deploy the strategy, the organization is in the best position possible to make the right decisions at the right time and to respond correctly. This is applicable to the communications aspects but also more broadly, including technical elements like incident response and forensics. 

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...