Building cyber resilience in the midst of a pandemic
By Gigamon
Vladimir Yordanov, Senior Director of Solution Engineering at Gigamon, discusses how organisations can stay vigilant amid a spike in cyber attacks.
This isn’t surprising, says Vladimir Yordanov, Senior Director of Solution Engineering at Gigamon. With altered work arrangements, our devices connect to different networks with less security. “Our defences have to be right 100 per cent, but attackers need to be right only once”, he says.
With the right approach, nations can ensure this constant vigilance. GovInsider spoke with Yordanov to understand how organisations can counter these attacks and build their cyber resilience during the pandemic.
Increasing awareness
One of the main issues that contributed to the spike in cyber attacks is a lack of awareness and basic IT hygiene. “It was automatically assumed overnight that everybody is an expert in remote access technology and security; that they can recognise phishing or any other attacks and indicators of compromisation and can protect themselves”, says Yordanov.
Yordanov maintains that users are not always aware of security risks and how to guard against them. “The behaviour changes, the environment changes, and the technology changes” he summarises. Without the necessary awareness of cyberattacks and guidance on how to evade them, most people remain vulnerable to some form of cyber-crime.
Research into the recent surge of attacks reveals some trends. The main culprits during Covid-19 are the same as the usual threats: ransomware; malware; phishing scams; impersonations; and compromised phones and emails. However, the intensity of the attacks has increased, he says.
Resilience over prevention
Governments must focus on building nations’ resilience to such attacks, rather than preventing them altogether. “Cyber resiliency is defined as the ability of an organisation to anticipate, withstand, recover from, and adapt to cyberattacks or compromisation on organisation’s assets, resources and infrastructure”, says Yordanov. This creates a strong security posture, recovery plan and precautions against future threats.
One of the keys to achieving resilience is implementing defense-in-dept security controls and having end-to-end visibility, management and control across the entire infrastructure and the different stages of an attack. Organizations need to focus on “closing the gap between prevention, detection and recovery capabilities on technical, procedural and people level” says Yordanov. Gigamon helps agencies do to achieve that.
Its technology allows a company to effectively block threats like viruses by maximizing the security system’s level of defense by providing network visibility and analytics on all traffic across physical, virtual and cloud infrastructure. You can’t protect what you cannot see.
Yordanov discusses how Gigamon helped a Southeast Asian company plug a massive gap in its security during routine back ups. “They’d have a surge of traffic, their defence system would oversubscribe and they could function correctly and inspect all of the traffic.” Gigamon’s technology was able to close this gap in the company’s cyber defence system, making it more secure against threats.
Lastly, if any incoming traffic seems spurious, Gigamon’s technology protects its clients by providing threat intelligence and alerts and routing it to the appropriate defense systems. “Organisations need to understand how you pass the traffic through your defences and inspection systems,” emphasises Yordanov.
Securing entry points
The public sector also plays an important role in building cyber resilience. Yordanov believes that creating mandates on cyber security is essential.
Foremost, governments can implement regulations with a stricter code of conduct for cyber criminals. “If the cybercriminals know that they can be caught, and be brought to justice, they probably will think twice before they do their attacks” says Yordanov. While systems are already in place, they must be reinforced in a time when cyber attacks are increasing.
Governments can also stop international cyber threats by working collaboratively between each other and jointly with telecom and broadband service providers agree on common defense and prevention actions. Countries need “stricter detection and protection from the entry point, so these attacks are eliminated even before they get into the country”, says Yordanov.
Countries will not be able to prevent every attack as the intensity of cybercrimes increase. But awareness, resilience and secure entry points can allow nations to move ahead as they build the next generation of connectivity.