Written by Jon-Louis Heimerl, CISSP, Sr. Manager, Threat Intelligence Communications, NTT Ltd.
As 2020 drew to a close, NTT Ltd worked on our annual Global Threat Intelligence Report (GTIR). The data showed some interesting results, so I asked Michael Daniel what kind of impact he thought COVID-19 was having on the world of cybersecurity.
Michael responded, “COVID-19 undoubtedly presented a significant challenge, but it primarily accelerated existing trends. The pandemic has driven companies, governments, and individuals to adopt new technology and processes faster than they would have otherwise, but none are new. For example, many companies had employees working from home or using video conferencing – what changed is the scale, with much larger percentages of a company’s workforce operating remotely. While the increase in remote work accelerated the erosion of the network ‘perimeter,’ that trend was already well underway. From a technology standpoint, the points of failure have not changed either; instead, their relative importance in risk management has changed. For example, before COVID-19, updating the VPN server might have had a middling priority; now, it probably has the highest priority.”
By now we have all seen the effects COVID-19 had on organizations. The lack of in person interaction for brick-and-mortar stores affected business and created difficulties retaining employees. Retail, education, and office environments were among the most affected. Millions of employees from around the globe were suddenly working from home. Thousands of organizations were required to find ways to support this newly distributed workforce. This increased the for-demand network equipment and organizational infrastructure. Equipment needed to be built, sold, shipped, configured, and installed, all in a virtual world.
Organizations had to ensure they could continue to operate despite these new changes. They built new virtual store fronts, vendor/partner portals, public portals, and workplaces that supported remote workers. Remote workplaces needed to be equipped and supplied to guarantee a successful operation. Management of raw material along with shipping and distribution became more difficult to manage necessitating the desire for accelerated communications and collaboration.
Which in turn sparked the demand for additional interfaces and portal access. As people remained socially distanced from one another, the financial demand grew. More businesses needed continuity loans, consumers wanted cash – which increased demand on mobile applications and financial portals. As the pandemic response escalated, manufacturing and healthcare companies shifted towards protective equipment and virus research and tracking. Limited access to in person doctor’s visits increased demand for telehealth and virtual appointments, thus the need for healthcare portals and secure online databases.
Portals. Websites. Apps.
Listed above are all things most companies wanted. As Michael said previously, we’re leagues ahead of what most organizations were really ready for.This was apparent to NTT when reviewing the data for the 2021 GTIR. Application-specific and web-application attacks are the two attack types most closely associated with the targeting of the external presence of organizations – their websites, along with the tools and systems used to support them and they have always been a considerable percentage of global attacks, as viewed for the annual GTIR. In 2020, however, these attacks accounted for 67% of all attacks detected by NTT, more than doubling their share from 2018. As organizations expanded outside of their perimeters to meet the needs of their workforce and their customers during the pandemic, malicious cyber actors expanded their targeting of the infrastructure that enabled that expansion.
Now, consider the industries which saw some of the biggest demand during COVID-19. While nearly every industry observed change, two industries probably observed the most change. Healthcare, as it responded to demand for treatment and virus research experienced over a 200% increase in attack volume in 2020. Likewise, manufacturing worked to manage complicated supply chains and adapt to changing demand. This included managing suppliers and distribution, while struggling with their own workforce. All in all, manufacturing experienced nearly a 300% increase in attack volume in 2020.
The escalation of web-based attacks, targeting web-related technology, affected industries that were among the most the most essential during the pandemic. It appears Michael was correct – COVID-19 did force organizations to reconsider their relationship with web-based technology, increasing their adoption of virtual and digital solutions. Unfortunately, attackers were also able to recognize these evolutions and took advantage of them in a very active manner.
To read more about NTT’s 2021 Global Threat Intelligence Report, please check here.
Jon Heimerl, CISSP, is the Senior Manager of Threat Intelligence Communications at NTT Ltd. He has worked in security since starting with the CIA in 1984 and has been a programmer, a system and network administrator, a systems engineer, a security consultant, and a product manager. He has done everything from writing a device driver in assembler to manage a worldwide network for the United States Intelligence Community. His consulting experience includes security assessments, security awareness training, social engineering, and physical security assessments, which have included scaling walls, crawling under computer floors, and he once picked a lock with a Coke from Burger King. Jon has spoken at many local and national security conferences over his 37 years in the security field.