This week Netskope hosted our annual executive briefing with the US Embassy in London, converted, in common with many events this year, into an online webinar. We wanted to take the opportunity to consider what impact this year’s unprecedented changes and uncertainty were having on the cybersecurity landscape. Our three speakers were:
- A Supervisory U.S. Special Agent with a background in cyber intelligence, currently based in the U.S. Embassy in London
- Dr Jessica Barker, Cyber Security Consultant and specialist in the psychology and sociology of cybersecurity
- Paolo Passeri, Netskope’s Cyber Intelligence Principal
The discussion was described by the CISOs who attended as “very useful” and containing “fascinating insights,” so in an attempt at summarising the wealth of thought-provoking content, here are the top 10 things I took away from the event.
- COVID-19 is the most well-trodden theme of phishing emails that we’ve ever seen globally. Additionally, because of the topic, COVID-19 themed phishing campaigns often use government branding to create the illusion of trustworthiness.
- The US’s cyber intelligence statistics show that more than 75% of major breaches against U.S. companies have come from Russian-speaking, Russian, or Eastern European threat actors. And that excludes the work of state actors, it is only counting breaches carried out by ‘regular’ commercial cybercriminals.
- The same cloud applications that are helping to provide business continuity during this global epidemic are increasingly being exploited by criminals. Paolo Passeri told us, “It’s very easy to create SaaS accounts and set up IaaS environments, and users are familiar with cloud services so the cloud brands have a kind of implicit trust. Users see a familiar domain, they see a familiar certificate, a familiar layout. Basically, they are tricked by the presence of that trusted cloud brand into providing credentials or downloading malware.”
- As users, our mental state can increase the opportunity for hackers as much as our change in work behaviours. Dr. Barker told us, “We have to recognise the emotional impact of COVID-19 for many people. There’s a lot of fear, uncertainty, and doubt. People are feeling stressed and fatigued, worried and concerned. And we know that when people have these heightened emotions, cybercriminals find it easier to carry out their social engineering attacks.”
- COVID working practices have not just affected the IT user base, but they have also impacted security teams’ ability to do their jobs. This was another, often overlooked, point raised by Dr. Barker. “We mustn’t forget that as organisations have moved more people to work from home, we often talk about the end-user within the general workforce, but of course that also includes security teams. Many security teams have been working in ways that they didn’t anticipate and that are not optimum in terms of doing their job.”
- Dr. Barker also told us about something that is known in psychology as the Golem Effect. If we tell our employees and users that they are the problem—the weakest link in our security—then they’re more likely to act in problematic ways. “If we tell people they’re stupid then they aren’t going to work very hard at engaging with the problem we’re talking