Last week, Kristin Hazlewood, general manager and vice president of HCL BigFix, participated on a cybersecurity leadership panel presented by CyberTheory. Following are comments made by Hazlewood around the topic: Cybersecurity Leadership: Continuing Issues amid an Extended COVID-19 Lockdown.
Question: New waves of more complex malware that use devices or users as proxies in order to reach more valuable assets in corporate networks are some of the biggest potential threats during this lockdown. In this new reality, can we rely on new technology to react to new threats and can they be implemented quick enough?
Hazlewood: “Let’s not forget about the fundamentals that can be simply addressed by having those safety nets within the infrastructure to help maintain continuous compliance of endpoints. It’s so easy working from home for one of your children to ask to borrow your laptop for a moment, and you come back and low and behold, something has happened on your system.”
Question: Over the previous few months, the cybersecurity community has observed numerous attack vectors that use a COVID-19 theme either as bait or as a way to conceal malicious activity from identification and detection. North Korean state hackers sent COVID-19-themed phishing emails to more than 5 million businesses and individuals in Singapore, Japan, the United States, South Korea, India, and the UK in an attempt to steal personal and financial data. What are we doing to leap-frog these new email phishing techniques? And is it purely a human problem or are there technology solutions that can help?
Hazlewood: “It’s a combination of training and technology. We have to keep in mind that today’s remote workforce are not all IT professionals – they are not as concerned about security. Then you add the heightened emotions around COVID-19 and people are even more susceptible to phishing attacks. It’s even more important now to have the proper IT and security infrastructure in place to help combat these attacks. Education is important, but we have to mindful of human nature. There are going to be some slip ups. Ultimately, phishing attacks are only possible if they are able to exploit an underlying vulnerability in an environment, so it absolutely critical that organizations have tools to help provide the visibility to any of these vulnerabilities so they can understand where they have risk so that they can take action.”
Question: Given our increasing reliance on Cloud computing, which issue is the most important from a cybersecurity perspective? An over-reliance or providers and insufficient diligence on behalf of end-users, the third-party reporting gaps (who does the SOC2?) or technical limitations like MFA or configuration management?
Hazlewood: “Step one is having visibility. There are many organizations that don’t know what their teams are running in the cloud. You can’t control and protect when you don’t know. We need more tools and education, and we are seeing more and more organizations understanding that there are more configurations and more risk. It’s a shared responsibility model between the organizations themselves and what the cloud providers bring to the table.”
Question: While the increase in remote work has focused attackers on virtual private networks (VPNs) and cloud services in 2020, penetration-testing data from last year shows that many compromises were already focused on credentials as the best way to gain access to cloud infrastructure. Password spraying continued to be the top technique for external attackers. And patching for WMI and RDP exposures remain a challenge. What have you found to be the most effective approach in combatting this threat in a world increasingly dependent upon remote work?
Hazlewood: “Passwords aren’t going away, but while we definitely want to move away from them, its’ making sure that we have secure and enforceable password policies, multi-factor layering in those behavioral analytics as well as that the principles of least privilege. That’s the first line of defense. Then discuss response and make sure that you have a way to respond when you see one these attacks happening. How do you quarantine systems? How do you get your organization together to respond?”
Question: What are the most critical components of your cyber security roadmap in 2021?
Hazlewood: “Bringing together security and IT teams.” So often, the security teams have the knowledge and the tools while IT teams have the manpower to implement and enforce. In many organizations, we continue to see that disconnect, whether it is the usage of different tools, speaking a different language or having different priorities. Unfortunately, many breaches are a result of the two teams not collaborating as well as they would like, so the challenge for me is how do we make sure that those organizations are seamlessly able to work together and share the same tools.”
View the full leadership panel here:
For more information, or an interview with Kristin Hazlewood, please contact Jeremy McNeive, Manager of Public Relations, HCL Software.