How COVID-19 Is Impacting Cybersecurity
During this panel, industry experts (showed above) discussed how COVID-19 is affecting cybersecurity. We’ve included a short transcription of the panel, beginning at 6:56 of the webinar.
Brennan Lodge, Goldman Sachs: Let’s get right into it. The first question is, and this is apropos to the environment right now, has COVID impacted your cybersecurity programs and has AI alleviated any of that impact? This is a really important question given these different times. Really the threat landscape has tremendously changed with the majority of people working from home. That that changes how blue teams and Defenders are adjusting it with their detections. Now back to the AI portion: how has that been alleviated or has it helped in any way for your programs? I’ll start with the Marina there.
Marina Kaganovich, BNP Paribas: Thanks, Brennan. I’m just going to also get a quick housekeeping matter out of the way and say for the panel and for the audience that the views that I express in this panel are my own and don’t represent those with BNP. And I think to answer your question, the COVID-19 pandemic has absolutely impacted the cybersecurity programs across the financial industry. It’s stressed our bandwidth and it’s forced digital transformation at a tremendous pace to both support business needs and to enable remote working on, frankly, an unprecedented scale. With so many folks working remotely, the industry has observed a significant uptick and phishing attacks and also a number of folks, at least in the financial services industry where this ability is typically blocked, a number of folks trying to either send materials out of the firm or to send them back in.
All of which obviously constitutes a cyber risk that needs to be addressed. So where I think that AI can help is in blocking the phishing attempts and in identifying ransomware and overall in reducing the noise from the many alerts that cyber teams are seeing at this time in order to open up some free time for the investigations that actually require more judgment and human intervention. As a general matter, we just need to be mindful that AI is trained on historical data. So as we’ve shifted to a “new normal” or I like to think a “near-term normal,” the AI needs to be tweaked accordingly to take into account these changes. Because what used to be anomalous behavior in the past may no longer be anomalous behavior today. Those false positives would need to be reviewed and the cyber team should be evaluating and adjusting thresholds based on this new normal environment.
Brennan Lodge, Goldman Sachs: Yeah, great points. Especially with the enrichment which I think AI gets slated on some of those implementations. When you think of AI, you may think of AI’s prediction or saying this is the definitive answer as to an attack in the cybersecurity domain, but that’s not always the case. It can add the enrichment, it can add the automation piece and a few other factors. So great points that are Marina overdue. How about you, Marcus, your thoughts?
Marcus Fowler, Darktrace: Sure, and I think certainly out of the gate you had this thrust in terms of work from home. You had prioritization of business operations and maintaining those in that transition in which security and all these teams had to play catch-up. Because the priority was, if we don’t have anything to secure, it doesn’t matter, so let’s make sure the business continues to run. You had this giant move that security teams were pressed to catch up on.
So, that was certainly a significant event and also changed that work from home paradigm and the things that they relied on in terms of cybersecurity and how their tool stack was. How ready were they for all these VPNs? How many VPN licences did they have? How prepared was their workforce to deal with all these spearfishing? People are starting to put an eye towards what does that return home look like? And what if there is another spike? Are there gonna be a whole bunch of devices that have been already owned out there that are quiet that are going to be back in on your home network or your corporate network?
To those companies, I would make one point and that is, that you had to rush out and security had to catch up, but you don’t have to sprint back and think about a phased approach in terms of how you come back and how you do it. Now, whatever the next normal is going to be, not everybody’s going to come back, allow security to be in lockstep.
In terms of AI, for us at least, the darkness approaches using unsupervised learning and we actually were quite surprised at how the visibility in the transition caught up fairly quickly in terms of re-normalizing or re-baselining in that transition to really allow a lot of our customers to feel very comfortable in their security posture as they move because the AI was transitioning with them in that complex environment and then alerting against it. Again, you could never test this to say how we would adapt in some of these massive changes we’re now looking at and go wow that adapted fairly quickly.
Whether Baseline reading that real-time situational awareness was so important and that allowed that to do that and I would absolutely agree with the enhanced email and what they’re seeing you have an entire workforce that is so distracted and so anxious. They’re starving for any little piece of information about COVID whether it’s from their company or is their state going back? That is a perfect time for those attackers, right? This really is a great moment for all of those attackers out there, unfortunately, to take advantage in any number of ways. But I do think AI can play a critical role, especially building time for that security team.
Learn more and watch the full video on YouTube: https://youtu.be/QWzprtSHMpg