FINAL WORD
Budgets are constrained , resources are limited and skill sets may be spread thin in the security space .
How would you describe the threat landscape right now ?
Change brings opportunity . For threat actors it is a way of life . Changes in technology allow threat actors to defeat security measures that were effective previously . Changes to our environments increase the potential for something to be misconfigured outside of IT oversight . Changes in code by a vendor to resolve a security vulnerability provides an opportunity to reverse engineer those changes and exploit it . Most recently , the rapid shift to remote work changed our IT infrastructure drastically and many organisations are still figuring out how to manage infrastructure that transcends traditional boundaries .
Ransomware started as a random spread of malware through phishing and other means to try and ransom individual systems for a three to four-digit payout . In 2016 we saw a large-scale targeted ransomware attack that increased its ransom demand . SamSam was averaging US $ 50,000 payouts by conducting a more hands-on attack while simultaneously ransoming organisations ’ critical infrastructure . In 2019 there was a drastic increase in average ransoms due to another tactical change : ransomware was now paired with data exfiltration . Sodinokibi and Ryuk , who have perfected this combination attack , quickly rose through the ranks of ransomware families . As a result , the average ransom paid had gone from > US $ 9,000 to US $ 111,605 by the end of Q1 2020 .
Beneath these attacks , the same security controls are being exploited . A user is phished , a vulnerability is exploited or a credential is stolen to gain access . Once in , the threat actors use automated and manual means to move about the environment , find and exfiltrate sensitive data , and execute the ransomware attack .
What key challenges are CISOs currently facing ?
CISOs are faced with significant challenges . Pre-COVID-19 challenges are now compounded by the pandemic . Depending on your industry , you are either worried about remote workers and how to balance security initiatives with Business Continuity or you are deep into physical security and safety concerns if remote work is not an option . Most organisations ’ remote workers prior to the pandemic were managed acceptably through a VPN and other tools . With most users now working remotely , tools may be stretched to meet demands and security requirements . Many CISOs have had to make hard decisions around prioritising Business Continuity over security in the short term .
How have your customer requirements changed and how have you adapted ?
Customer requirements have definitely changed due to COVID-19 . Prior to the pandemic , only a small number of remote workers needed support . A good example of this is Microsoft System Center Configuration Manager ( SCCM ) customers and the push to InTune . Ivanti has a thirdparty updates plug-in for SCCM that allows a company to easily publish hundreds of non- Microsoft application titles into SCCM quickly and easily . This saves companies an average
INTELLIGENT TECH CHANNELS
INTELLIGENT TECH CHANNELS Issue 33
65