On November 10, Rohit Tamma, Senior Manager, Cyber Security at Microsoft, participated in an expert conversation with Simplilearn on Cyber Security in a Post-COVID World. Rohit currently leads a Cyber defense team at Microsoft to detect & respond to real-time attacks. He is the co-author of the books "Practical Mobile Forensics" & "Learning Android Forensics."
How COVID-19 Has Changed the Cyber Security Landscape
Rohit began by discussing how the operational changes driven by COVID-19 have changed the cyber security environment. Six or so months ago, lockdowns were announced in countries around the world, and the initial concern of businesses and organizations was in keeping their operations running smoothly. Organizations that had previously invested in remote work had a head start on transitioning to work from home.
On the other hand, companies that had not made that investment previously had to implement work from home quickly. These companies had to put in place remote workstations - sometimes by allowing employees to use their own devices - and network access, often through virtual private networks (VPNs) that had not been adequately tested before deployment.
All of these operational changes will have short-term and long-term impacts on cyber security. In the short term, the changes have increased the "attack surface," or the number of internet-visible devices and access points, of organizations, compared to the traditional office environment. They have also forced organizations to implement technologies like VPN quickly to support operations, and often so quickly that security assessment and testing were put off until later. These organizations need to start adapting their processes and testing their technologies to identify security vulnerabilities and close them.
In the long term, given that remote work is here to stay and that some companies have discussed making work from home permanent, companies will need to realign their security models from their old office-based ones. Frameworks like zero trust will become more widespread, and security monitoring will increase.
The specific Cyber Security threat types on the rise include:
- RDP-based attacks. Work from home has led to much wider use of remote desktop support, and vast numbers of RDP servers have been spun up in the last few months. These are subject to brute force attacks, where the attacker tries random login combinations. Moreover, many of these new servers are running on obsolete operating systems that have well-known security vulnerabilities. Once an attacker has access to a single RDP endpoint, they can install malicious software such as ransomware and can move laterally through the company's network.
- Social engineering and phishing attacks are rising. Phishing emails may, for example, ask employees to visit a map of COVID-19 infections in the areas around the company's operations. It's very tempting to click on that link, especially if it appears to come from the company itself, but doing so opens up the network to the attack.
- VPN-based attacks are also increasing due to the proliferation of VPNs. Many VPNs have known vulnerabilities that are easy for attackers to exploit.
Organizations are Taking Protective Countermeasures
The strategies companies adopt to counter these threats will vary based on the level of maturity of each company's cyber security. Generally, there is an increased focus on new security models, including zero trust.
Traditional cyber security has been based on the model of an organizational perimeter: inside the perimeter, all the organization's assets are protected, and outside the perimeter, you have to pass strict security controls to gain access to the network. Once you are inside the perimeter, with access to the network, you have access to all of the assets. So an attacker who penetrates the perimeter has access to everything on the network.
Zero trust proposes a model where no one is trusted by default. Every attempt to access a resource requires verification of both the user and the device requesting access, and access is only granted on a need to know basis.
Implementing zero trust requires tools like network segmentation, multi-factor authentication (MFA), and restricted access. Network segmentation creates internal divisions to limit how far the breach of a single network segment can extend, to isolate the compromised network segment from the rest of the network. Multi-factor authentication will require supplemental authentication to access additional resources in a session. Restricted access limits the scope and duration of access to resources.
With the increased adoption of cloud computing and cloud infrastructure, organizations need to establish cloud security models and policies. They need to establish ways to measure and monitor their cloud infrastructure's security, and they need to assign responders who will react to attacks and breaches. This need can be made more complicated by the use of multiple cloud providers. Moreover, cloud security has to scale along with the scalability of cloud applications.
The Impact on Cyber Security Professionals and Careers
As long as we see more users coming online and more operations shifting to the digital domain, the demand for cyber security professionals will grow. Identity and security professionals will be needed to help implement and validate zero trust networks and enable device-based identity and MFA. End-to-end monitoring will require professionals with monitoring expertise and experience.
Along with the demand, there will be a change in the expectation for roles and responsibilities in this field. For example, in the past, an application security engineer would be expected to understand code vulnerabilities. Now, the expectations have expanded to include understanding the software development process to support DevSecOps. Similar shifts in expectations apply to all roles in cyber security.
Rohit had some advice for people embarking on or building a career in cyber security. First and foremost, you should learn about the field's breadth and the various roles in it. Secondly, you should understand your strengths and interests. If you have deductive skills and an interest in catching bad guys, security monitoring might be a good choice. If you have strong development skills, application security and code review might be for you. You need not have a cyber security background to succeed in cyber security, so long as you match your background and interests to the right role in cyber security and gain the proper training.
Rohit covered much more in the session, including answering questions from the live audience. You can see this additional discussion in the webinar replay above.
Simplilearn has many more resources on cyber security, including articles and ebooks. If you are ready to look into cyber security certification, check out the courses and Master's programs Simplilearn offers.