CNME Editor Mark Forker spoke to Kevin Reed, CISO, at Acronis, to discuss how the security landscape has evolved since the onset of the COVID-19 pandemic, the concept that security is everybody’s responsibility – and the role Acronis is playing in terms of equipping its customers with the solutions to combat cyberattacks following the move to remote working.
Reed is regarded as one of the most prominent thought leaders in the cybersecurity ecosystem – and has played a key role positioning the Singaporean security vendor as a global leader in that space.
When asked about the how the threat landscape of the security industry had changed since the global health crisis in 2020, Reed highlighted the agility of cybercriminals to changes in the marketplace.
“Over the last number of years, we have experienced exponential growth in cybercrime, but the COVID-19 pandemic certainly acted as a trigger for an acceleration in the volume of certain types of cyberattacks. We observed that with so many industries on a global scale transitioning to remote working there was a direct correlation with specific types of hacking methods used by cybercriminals. They are sophisticated individuals, and they altered their tactics to allow them to adapt and exploit the vulnerabilities that existed within many enterprises when moving their workforce to a remote environment”, said Reed.
Although the sophistication of attacks has increased over the years, Reed highlighted that phishing remained the most effective way for a cybercriminal to infiltrate organisations.
“We have seen that phishing continues to grow and is undoubtedly the preferred method of technique for cyberhackers. If you look at the whole attack life cycle you will see that there is initial success and then they move on to local privileged access, and then eventually attackers are attempting to compromise the whole network, or organisation in a bid to successfully execute their mission”, said Reed.
During the first few months of the global COVID-19 pandemic every organisation was forced to implement a work from home model as part of their efforts to maintain business continuity, but as a result of this change enterprises were forced to open their networks.
“What we observed during the first few months of the pandemic was a massive growth in hackers scanning the internet specifically for remote desktop protocols. Attackers were proactively scanning for misconfigured servers because they wanted to send spam. We also witnessed the use of CellNet, a legacy protocol used traditionally for remote access, but it is now used primarily on IoT devices was another target for hackers. Hackers used the protocol to essentially search the internet for typically misconfigured home browsers and then attempted to authenticate itself and once successful would just continue to scan. I do think that it is important to stress that companies were forced to provide remote access, without being given the time to adequately protect themselves against cyber threats”, said Reed.
There is a growing perception within the IT cybersecurity ecosystem that security is everybody’s responsibility – and that employees need to take more responsibility when it comes to security, and that organisations need to provide their employees with more training. However, Reed has somewhat of a more unorthodox view on this assertion.
“I have seen security professionals being phished, now granted that does not happen too often, but it does happen. The simple fact of the matter is that sometimes it is very hard to distinguish whether a particular e-mail is legitimate or malicious. In many cases, there are no technical signs of what the intent of that e-mail that has been sent. I would not advocate for companies to rely entirely on an employees’ ability to recognise a phishing e-mail”, said Reed.
The dynamic CISO of Acronis also stressed that if a seasoned security professional can become the victim of phishing, then it is extremely difficult to expect employees, whose job in many cases is to open hundreds of emails per-day without giving it a second thought to be in a position to avoid falling foul of an attack.
“Take recruiters for example, they receive hundreds of word documents per-day and they have to read them all as it’s part of their job. Its almost impossible to train people not to click, and I think we need to rely more on technology in that regard than we do now. I believe we should redirect our focus to train employees to report suspicious emails, which is then flagged to a security team, who can then actively respond to this attack by blocking an IP address, or a domain, or clean up old emails from their inboxes and there should be a response protocol to do that and this what companies should be pursuing”, said Reed.
Acronis have established themselves as a global leader in cybersecurity and have an innovative and diverse portfolio of solutions. Reed revealed that they leverage a lot of AI and Machine Learning into their product offering, which has made the vendor one of the go to security providers for businesses looking to bolster their protection.
“We understand that people are working from home so there is no corporate network. Nobody can deny it anymore that there is no perimeter. The perimeter is gone, so that means that every endpoint is now a potential point of compromise. What we are doing at Acronis is focusing on the protection of endpoints, because that is where the initial compromise is happening – and it is where you can prevent the majority of attacks. We have placed a lot of emphasis on AI and Machine Learning in our malware detection, and especially in our ransomware protection solutions. We believe that ransomware is the No.1 threat, but the way we have structured our security offering is that even if a hacker is successful in compromising your organisation there is always a last line of defense, so even if all our early detections fail along with everything else, and there has been a full compromise – all you need to do is wipe it clean and restore it from the server. Our ability to enable businesses to respond that quickly to an attack is what differentiates us from market rivals”, concluded Reed.