Although we’ve written before about the lessons learned from the chaos that was 2020, it still seems as though we are very much in the beginning phase of this journey. Sifting through the SolarWinds attack is a task the cybersecurity community will likely have to continue tackling for some time. But as we address what has already happened, we still need to remain vigilant about what could lie ahead in our path forward.
More Attacks Are Likely To Happen
What definitely lies ahead is the threat of other attacks. In fact, other attacks are still occurring. According to ZDNet, Google recently reported that hackers from a North Korean-led group have been targeting cybersecurity researchers. The Google Threat Analysis Group discovered that the hackers were operating under fake social media accounts on platforms such as Twitter, LinkedIn, Telegram, Discord, and Keybase which they used to reach out to cybersecurity community members to request collaborating on vulnerability research. If the target accessed what the hackers called a “Visual Studio Project” or a blog link that was provided, malware was installed into the target’s system. The Google TAG team has compiled a list of the accounts they currently know the hackers are disguising themselves as.
As we still respond to and figure out the best ways to handle such attacks including SolarWinds, Microsoft stresses the importance of “operational resiliency,” meaning an organization is still able to keep up its function even when experiencing a situation that creates stress such as a cyberattack. That sort of crisis is instrumental to strategic plans moving ahead. While this may be understood in theory, Microsoft concluded that of the companies they have spoken with, almost a quarter have not actually tested the plan. The pillars under the Zero Trust method that Microsoft really recommend are “verify explicitly, use least privilege access, and assume breach.” Within these practices are systems such as multi-factor authentication including in SMS interactions and providing only absolutely necessary privileged access.
How Is The Cyber Field Responding?
In the discussion of building stronger plans and practices, perhaps casting a wider net of talent is important to include. TechCrunch shares that the increase in challenges and demands to cybersecurity calls for greater resources. Of those resources are the people who help establish them. While cybersecurity teams were traditionally located in the hub of Silicon Valley, that is beginning to shift. The cybersecurity field is undergoing growth in locations such as the East Coast of the U.S. and the United Kingdom. And, as a new era of cybersecurity professionals arises out of the impacts recently experienced, TechCrunch predicts that entrepreneurs from other sectors like governmental and financial will look to a broader cohort to invest in.
“Google: North Korean hackers have targeted security researchers via social media” – Catalin Cimpanu, ZDNet
- Google’s Threat Analysis Group reported that a North Korean hacking group is targeting cybersecurity researchers.
- The hackers used social media accounts to reach out to researchers suggesting that they collaborate on vulnerability research. Systems of those that accessed the project link were then infected with malware.
- The TAG team has shared a list of known accounts created by the hackers.
“Why operational resilience will be key in 2021, and how this impacts cybersecurity” – Ann Johnson Corporate Vice President, SCI Business Development, Microsoft
- Microsoft recommends that “operational resilience” will be a key to progressing cybersecurity practices this year.
- While many companies have a plan for such a crisis, Microsoft estimates that only about a quarter of companies they have spoken with have practiced the plan they have in place.
- Microsoft suggests using the Zero Trust method in executing “operational resilience,” including practices like “verify explicitly, use least privilege access, and assume breach.”
“Talent and capital are shifting cybersecurity investors’ focus away from Silicon Valley” – William Kilmer, TechCrunch
- The recent challenges faced by the cybersecurity field calls for an increased number of resources as it moves forward. A sign of this is the expanding location of cybersecurity professionals beyond Silicon Valley.
- Cities such as New York, Washington, D.C. and London have seen growth in cybersecurity communities.
- This trend is likely to continue as companies look to invest in innovative answers to the problems experienced and remote work makes it more commonplace to seek out more wide-spread talent.