Posted-on March 2021
A Chat with Senior Advisor & Analyst at KuppingerCole, Phillip Messerschmidt
The arrival of the pandemic transformed the cyber-threat landscape, resulting in an explosion of COVID-related attacks. When the National Cyber Security Centre released its annual review at the end of 2020, it was reported that over a quarter of cybersecurity incidents were COVID-19 related. Just one example of these are the phishing emails claiming to be from HMRC regarding job retention schemes (source: InformationAge).
To learn more about how COVID-19 has disrupted the cyber landscape, we spoke to Senior Adviser and Analyst for KuppingerCole, Phillip Messerschmidt. As an independent analyst group, KuppingerCole coordinates seminars, workshops, conferences, and other training sessions on the fields of information security and Identity Access Management (IAM).
Day to day, Phillip supports clients with issues surrounding their IAM systems, supporting their training objectives to help build, secure, and advance their cybersecurity strategies. Read his thoughts below.
You moved from Sopra Steria to KuppingerCole Analysts AG in January 2021, what was it like moving roles during a pandemic?
To be honest, it was much easier and better than I expected. Even though I haven't met any of my colleagues personally, everyone is very warm and interested in each other. You can feel the spirit of a small company that has been working remotely since before the pandemic. So digital onboarding felt like everyday life, with no interruptions or irritations. In terms of content, the step from operational consultant to strategic consultant was much bigger, but again, I was supported by my more experienced colleagues. In addition, KuppingerCole offers tons of background information on their website to educate and update yourself.
To sum it up in a few words: I had my doubts about moving, but getting a warm welcome and lots of support makes you forget not only the pandemic, but also the risk of moving in the first place.
How do you think COVID-19 has changed the cyber landscape?
As mentioned in a number of studies, the digitization level of most companies has improved significantly over the past year. Since the start of the pandemic, the digital maturity of companies has moved forward by an average of ten years, accelerating decision-making processes, digital development and technical integration to the speed of light, at least compared to the years before. As a result, the investment backlog that has accumulated over the years has been dramatically realized and, in some cases, has dramatically become a problem. Yet companies have never had such clear indications of where the future is headed.
Just to be explicit, many of today's digital "future projects" will be best practice tomorrow and companies without these technologies will no longer be competitive in modern business.
Has there been an increase in attacks, or is it instead, just a shift to more COVID-19 related cyber threats?
Well, I can't break it down into numbers since I'm not close, but from a strategic-level perspective, we're definitely seeing more cyber-attacks across the board. This is not a big surprise after all the companies were suddenly forced to digitize their daily business at lightning speed. Rushing to adopt new technologies in a digital world without being properly prepared or having trained employees opens up huge attack surfaces for external attacks. Lack of experience also automatically leads to a learning curve, which leads to mistakes that are exploited by cyber criminals.
Therefore, I can only recommend getting professional support to protect yourself. Physically, you would never go to a new, unknown country without proper preparation, why would you do it digitally?
What types of new cyber threats have you seen arise over the past year?
As my experience has been in the IAM environment, my perspective focuses on IAM-related threats. In general, I'm not sure we're seeing that many new threats, but a few new ways to target already known and protected targets. In the IAM space, it's all about identity theft and, in particular, the highly privileged accounts.
We just saw the SolarWinds incident, which was planned and executed over nearly two years and targeted a large number of SolarWinds customers. Building a backdoor into the software allowed the attacker to install privileged accounts in the customer's Active Directory or establish a trust between an internal and external Active Directory to hijack and exfiltrate data. To prevent early detection, the malware was able to hide itself with a few very clever measures that are definitely not the straightforward attack patterns you would expect from the simple, known cyber threats. For more research and insights, we highly recommend visiting our KuppingerCole website.
Has there been an increase in Data Leakage and Data Breaches over the past year, as the world has been locked down?
I've already pointed out the challenges that companies on the move are facing right now. It's companies that leave their comfort zone without a slow, incremental security awareness that are experiencing more data breaches, simply because of the additional surface area offered to attackers. Employees without good security awareness, who have not yet been exposed, are the focus. Contrary to expectations, attackers are not using complicated, unprecedented attack patterns, but are using very familiar attack patterns on an unprepared group of employees. Even though individual attacks with known patterns have a low probability of success, the overall threat grows with the number of attacks.
Optimistically, enterprise defences are expanding every day to ensure that overall awareness is good enough to counter these new attack initiatives.
What are some of the main challenges that your clients have experienced over the past year, with the arrival of COVID-19?
In this volatile year with the challenges of digitalization, most companies have good ideas, but lack the overview and time to develop a good roadmap for these challenges. Especially in the area of IAM, our customers need structure and orientation, which we can provide as a strategic advisor who knows both sides, the market and the providers. We see strong shifts in the market, which are difficult to anticipate without the right overview and the necessary experience. Especially with COVID-19, most customers are realizing the importance of IAM as IAM is becoming more of a business enabler. Therefore, they are trying to lay the IAM foundation for their future or future digital trends like cloud, IoT, CIAM or decentralized identity. Here we can support them by pointing them in the right direction, developing a vision and strategy with them and taking the first steps.
Looking for your next role in cybersecurity and IAM? Get in touch with our team today to discuss our diverse range of contract and permanent information security job roles across the globe.