This week Netskope hosted our annual executive briefing with the US Embassy in London, converted, in common with many events this year, into an online webinar. We wanted to take the opportunity to consider what impact this year’s unprecedented changes and uncertainty were having on the cybersecurity landscape. Our three speakers were:
- A Supervisory U.S. Special Agent with a background in cyber intelligence, currently based in the U.S. Embassy in London
- Dr Jessica Barker, Cyber Security Consultant and specialist in the psychology and sociology of cybersecurity
- Paolo Passeri, Netskope’s Cyber Intelligence Principal
The discussion was described by the CISOs who attended as “very useful” and containing “fascinating insights,” so in an attempt at summarising the wealth of thought-provoking content, here are the top 10 things I took away from the event.
- COVID-19 is the most well-trodden theme of phishing emails that we’ve ever seen globally. Additionally, because of the topic, COVID-19 themed phishing campaigns often use government branding to create the illusion of trustworthiness.
- The US’s cyber intelligence statistics show that more than 75% of major breaches against U.S. companies have come from Russian-speaking, Russian, or Eastern European threat actors. And that excludes the work of state actors, it is only counting breaches carried out by ‘regular’ commercial cybercriminals.
- The same cloud applications that are helping to provide business continuity during this global epidemic are increasingly being exploited by criminals. Paolo Passeri told us, “It’s very easy to create SaaS accounts and set up IaaS environments, and users are familiar with cloud services so the cloud brands have a kind of implicit trust. Users see a familiar domain, they see a familiar certificate, a familiar layout. Basically, they are tricked by the presence of that trusted cloud brand into providing credentials or downloading malware.”
- As users, our mental state can increase the opportunity for hackers as much as our change in work behaviours. Dr. Barker told us, “We have to recognise the emotional impact of COVID-19 for many people. There’s a lot of fear, uncertainty, and doubt. People are feeling stressed and fatigued, worried and concerned. And we know that when people have these heightened emotions, cybercriminals find it easier to carry out their social engineering attacks.”
- COVID working practices have not just affected the IT user base, but they have also impacted security teams’ ability to do their jobs. This was another, often overlooked, point raised by Dr. Barker. “We mustn’t forget that as organisations have moved more people to work from home, we often talk about the end-user within the general workforce, but of course that also includes security teams. Many security teams have been working in ways that they didn’t anticipate and that are not optimum in terms of doing their job.”
- Dr. Barker also told us about something that is known in psychology as the Golem Effect. If we tell our employees and users that they are the problem—the weakest link in our security—then they’re more likely to act in problematic ways. “If we tell people they’re stupid then they aren’t going to work very hard at engaging with the problem we’re talking about.” The opposite of the Golem effect is the Pygmalion effect. “If we tell people that they’re capable, if we have high expectations of people, and if we empower them, then actually they will raise their game, they will engage more with us, they will listen to us, and they will engage in the behaviours that we’re trying to recommend.”
- We also heard that malicious insider activity rises during times when people are facing challenges and economic uncertainty. Dr. Barker; “We have to recognise the fact that there are circumstances at the moment, and looking into the near future, which may influence a rise in malicious insider activity.”
- But we did hear good news too. We heard that organisations are seeing more engagement around security from individuals, with users wanting to learn more. Perhaps remote working and endless video conferencing has highlighted an exposure to risk that users previously felt protected from when sitting within the supposedly secure perimeter of their corporate office.
- Cybercrime is lucrative! In response to an audience question, the U.S. Special Agent told us about a cybercriminal who had buried $3 million in cash, in a plastic bag in his garden. He just didn’t know how to launder all the money he had made through cybercrime. This leads to my final takeaway thought…
- With that kind of finance behind them, it is no wonder that cybercriminals are organised, business-like, and collaborative. All of the experts agreed that closer collaboration was needed by CISOs and cybersecurity professionals if we are to continue to outsmart and outrun the bad guys.
If you’d like to be invited to similar events in the future please email Irina Palici.