The COVID-19 pandemic combined with the rapid scale of digital adoption has ushered in new opportunities for cybercriminals. With the SolarWinds compromise marking the largest and most sophisticated attack in history and a recent increase in ransomware attacks, cyber leaders need to work closely with their data science and broader digital technology teams to understand how cyber threats have grown in scale and complexity -- and which threat actors are now the highest risk to their company or industry.
Here are six steps cybersecurity leaders can take in a post-COVID world to decrease risk of compromise in today’s increasingly complex cybercrime landscape.
1. Reprioritize threat actors: Before the pandemic, cyberattacks were often more targeted in nature and specific to industries such as supply chain. While previous attacks typically sought to disrupt a specific operation such as shipping, attacks like the SolarWinds example underscore the need to focus on threat actors that can threaten multiple industries with a single attack vector -- in our case, financial services and insurance. Today, we’re thinking differently about nation-state threat actors and re-prioritizing our IT hygiene and third-party risk management to protect against more sophisticated types of cyber espionage. Cyber leaders should routinely update their lists of known adversaries and track against major events, both internal and external, so they can quickly reprioritize risks in a timely manner and actively defend against them.
2. Enable a multi-cloud strategy: With more than a year of remote work for hundreds of thousands of people, many companies historically known for having on-premise based infrastructures are now shifting to multi-cloud strategies. Multi-cloud strategies are valuable because they provide the best possible cloud service for each workload. Today, our cyber security group is partnering with our digital transformation team to enable multi-cloud adoption in a way that advances and streamlines our specific business operations. Cyber leaders should develop risk controls upfront when ushering in multi-cloud strategies so that they don’t hinder the pace of adoption, while also protecting the company’s assets and data.
3. Rethinking identity protection with biometrics: Biometrics are a significant game-changer in cyber protection. It’s much harder for a threat actor to break into a system designed on behavioral attributes -- like how quickly people type, how they move their mouse, or what applications they have open -- than a system reliant on static passwords. In fact, we’re working with our data science team to pilot our own data models, leveraging new technologies available in the industry to replace passwords internally over time. As cyberattacks increase in scale and sophistication, companies should be utilizing biometric technologies to protect their employees’ personal identities in ways passwords often can’t.
4. Adopting a zero-trust architecture: As remote and hybrid work continues, we also need to rethink the idea of traditional protection perimeters like firewalls. Through a zero-trust architecture, companies put trust in the identity of the user versus the identity of the location, resulting in a more secure and accurate form of protection. Cyber experts should partner with operations or data scientists at their companies to better understand the possibility of incorporating zero-trust architecture within their cyber operations.
5. Machine learning within security operations: Constant monitoring and reporting of cyber threats is critical to staying protected. We work hand in hand with our data science team to monitor our infrastructure 24/7. Because there are numerous logs and alerts that need to be viewed manually, our data scientists use machine learning to create models that alert us to all anomalous information or potential compromises in real-time. Be sure your cyber team understands all internal and external threats and routinely updates any infrastructure needs. Prioritize technology investments, including artificial intelligence and machine learning, that can help your organization identify and act on threats as quickly as possible.
6. Find the right talent: Historically, we’ve hired talent based on technology and data science backgrounds for our cyber practice. While these technical skills are certainly important, we’re also now looking more holistically at candidates to test their abilities to think critically and creatively as well as uncover new solutions. As we face new and unprecedented challenges in cyber protection, it’s critical that cyber leaders hire team members who think outside-the-box, have intellectual curiosity, employ bold thinking, and are natural problem solvers.
Protecting an organization against advanced cyber threats requires innovative thinking and techniques; people, process and technology capabilities are needed to properly defend ourselves against sophisticated attackers, such as nation states. Cyber threats will continue to evolve, as will the new techniques described above to enable cyber resiliency.
Ariel Weintraub is currently the Head of Enterprise Cyber Security at MassMutual. Ariel first joined MassMutual in the fall of 2019 as the Head of Security Operations & Engineering, responsible for the Global Security Operations Center, Security Engineering, Security Intelligence, and Identity & Access Management. Prior to joining MassMutual, Ariel served as Senior Director of Data & Access Security within Cybersecurity Operations at TIAA where she led a three-year business transformation program to position IAM as a digital business enabler. Prior to TIAA, Ariel held the position of Global Head of Vulnerability Management at BNY Mellon and was part of the Threat & Vulnerability Management practice at PricewaterhouseCoopers (PwC).