29 minute read
A NEW ROLE FOR THE CYBERSECURITY INDUSTRY
WHY YOU SHOULD CONSIDER HIRING BUSINESS INFORMATION SECURITY OFFICERS TO DEVELOP SECURITY STRATEGIES THAT ARE MORE CONNECTED AND INTEGRATED INTO THE BUSINESS, EXPLAINS MYRNA SOTOM, CHIEF STRATEGY AND TRUST OFFICER AT FORCEPOINT.
Traditionally, those working in the cybersecurity industry have been technically savvy and laser-focused on finding tools and solutions to ensure that data, and the people who access it, are secure from breach or attack. At a time when the whole enterprise was safely housed in a corporate office and on the corporate network, this worked fine.
Advertisement
However, digital transformation, open supply chains and mobile devices have been changing this paradigm for some time, and we were all beginning to change our approach. 2020 had other ideas, however, and changes required due to the coronavirus pandemic have exponentially accelerated these trends, bringing fresh complications around assessing and balancing risk. The mass shift to remote working has dramatically increased the unmanaged security risks of the remote working environment, from unsecured networks to using unsecure personal devices to access corporate systems. At the same time, cybercriminals keep chasing the money – we’ve seen phishing attacks up more than 667% in the first half of this year.
Couple this with the sobering financial, brand trust and intellectualproperty damaging costs of a data breach (latest research shows that the average cost of a breach is US $3.92 million) and you’ve got a perfect riskbased storm.
Ensure you have cybersecurity warriors who know the business inside out
I do believe that the changes our industry has had to make due to the pandemic will be irrevocable, and they go far deeper than mass home working. CISOs are no longer operating within the tight controls
of a traditional security system and have new unmanaged security risks to tackle – once this genie is out of the bottle, it’s hard to put it back in. We now need to enhance the skillsets of cybersecurity personnel, and find and train people within an IT department to both understand risk, and how a business operates, so they can advise on how best to protect it. Our recent research found that 63% of cybersecurity leaders report that a lack of common vocabulary between CEOs and CISOs can make identifying top organisational priorities difficult, and 53% say it makes technical decisions more challenging.
In my previous role as CISO of Comcast, I encountered these issues first-hand, and created the role of Business Information Security Officers (BISO), to develop a security strategy that was more connected and integrated into the business. Although I had ultimate responsibility for the security of the business, the BISOs who reported into me helped to develop a line of sight across different business units.
The security professionals in this role developed relationships with business unit leaders in order to better understand the goals of the business unit, and what it would need to protect and achieve in order to be successful. The role undertaken by BISOs helped us to realise that because the goals, missions and workstreams of each business unit was different, they required different security and tech solutions to protect them.
The skills required to be a BISO
If you’re considering deploying BISOs within your business, you’ll need to know the key skills that makes a candidate good for the role. BISOs should not only be well versed in the latest cybersecurity threats and technologies, but also great communicators and fast learners. They will need to be able to distil complex security imperatives and talk about them in business terms, with the ability to understand risk and THE MOST SUCCESSFUL SECURITY LEADERS UNDERSTAND THE IMPORTANCE OF THEIR BUSINESSES AND HAVE A SENSE OF WHY IT NEEDS TO BE SECURED. IN OTHER WORDS, THEY UNDERSTAND THE BUSINESS GOALS AND SECURITY’S FUNCTION IN ENABLING AND PROTECTING VALUE CREATION IN ORDER TO CONTRIBUTE TO THEM.
the impact of security decisions. An understanding of data analytics or machine learning would be helpful: when it comes to gaining true visibility of risks across an organisation, it can’t be done by human alone – data analytics offers both a real-time and historical view of events. This provides a unified view of threats and security breaches and allows for smarter planning, faster resolution and better decision making – something that a BISO would benefit from. Good candidates are also those who have had some sort of operational role during their career where they managed a team, who understand P&L and costs, and who are strong analytically. For example, I have hired BISOs previously from financial analyst backgrounds – they had moved into technology or fintech roles and learned security controls. However, it’s clear that in a world with limited talent, you’ll need to train and nurture people from a range of different skillsets and backgrounds to become a successful BISO. You cannot expect new hires to be completely up
to speed on business principles and terminology, so you may consider fasttracking their learning by embedding them within different business units for “tours of duty” to understand how different departments work. This can benefit not only the enterprise but also the individual’s growth, helping to open their eyes to business needs and perspectives and make them more well-rounded employees and executives. The flipside can also be valuable: technically savvy business-side workers can be stationed temporarily in the security organisation to expand their perspective and knowledge. Crosspollination across all levels can only increase understanding and help security better understand what’s at stake. The most successful security leaders understand the importance of their businesses and have a sense of why it needs to be secured. In other words, they understand the business goals and security’s function in enabling and protecting value creation in order to contribute to them. Too many cybersecurity professionals are focused on hardening of systems, asks or perimeters without wondering why. Understanding what you’re trying to secure allows you to make the correct risk-based analysis and choose the correct security solutions to tackle today’s most pressing security problems.
TIPS FOR LEADING A TECH COMPANY THROUGH COVID-19 GUY YEHIAV, GENERAL MANAGER OF ZEBRA ANALYTICS, ON STEPS BUSINESSES SHOULD TAKE TO NAVIGATE THE GLOBAL PANDEMIC
The societal effects of the COVID-19 pandemic have been repeatedly characterised by a pair of terms that, at this point, we’re all likely a little tired of reading. Unprecedented is the first that comes to mind, followed by A New Normal as a close second. While it’s accurate that the cause-and-effect scenario stemming from COVID-19 has been entirely unprecedented, the pandemic hasn’t actually created a new normal. Our current reality is a world of erratic uncertainty. Nothing about 2020 fits the definition of normalcy.
Instead of a new normal, the pandemic actually represents a new era of opportunity. Right now, there’s never been a greater need for digitisation. As the power of advanced technology is at an all-time high, industries have quickly learned that the companies transforming through digitisation amid the pandemic are the ones that will emerge from the pandemic more capable than they were before it. The power of advanced technology is what will shape our normal in the years to come, and it’s vital that the leaders of top technology organisations are cognizant of that. As the late Steve
Jobs once said, “Innovation is what distinguishes a leader from a follower” -- so it’s on us, as stewards of the sector, to be proactive in our leadership and continue offering digital innovation for industries that are combating the complexities of COVID-19.
Take Care of Your Team
Before technology organisations can achieve any level of success amidst the pandemic, they first must take care of their own. In that sense, it’s essential to support our employees in order to maintain a productive remote workforce. The sudden shift to
full-time remote operations has been a major adjustment. Employees are experiencing cross-team collaboration challenges, communication gaps, increased levels of stress, and workfrom-home burnout. Now more than ever, they need to feel supported.
Prior to the pandemic, informality was the glue that kept organisations intact. Informal interactions like a quick hello in the hallway, a chat at the water cooler, bringing someone their coffee or an impromptu lunch outside of the office helped to build trust across all levels of organisations. However, informal interactions are now few and far between. As leaders, it’s our responsibility to reinvent informality within remote environments.
Take advantage of numerous channels of communication, such as instant messaging, texting, and calling, instead of traditional emails and calendar invites. Find time to interact with employees outside of planned meetings or scheduled events. Make impromptu calls between team meetings, as if you walked into someone’s office to ask a question. Extend your availability by making time for colleagues outside of traditional business hours. Being accessible builds trust and strengthens relationships. Keep your teams informed by making an active effort to hold staff-wide meetings to share updates on company successes, new challenges, industry trends, and the overarching direction of your organisation.
Focus on the Future
From a technology sector standpoint, the winners of the pandemic have been the ones who have made moves with a forward-thinking approach. Don’t hold a singular focus on what technologies are helping industries today. While it’s still important to keep tabs on current trends, you should also leverage insights from those trends to accurately forecast what advanced tech will make a difference after the pandemic.
• Automated Intelligence and Machine Learning: Artificial intelligence (AI)
will be utilised everywhere, ranging from streamlining supply chains and weathering demand volatility to optimising inventory management and in-store layouts. • Prescriptive Analytics and Advanced
Data: Companies will be relying on data-driven insights to analyze postpandemic consumer trends, demand returns, and budgeting strategies. • E-Commerce: Consumers have become increasingly accustomed to the convenience of simplified online shopping, direct to consumer marketing (D2C) offerings, buy online and pick up in store (BOPIS), and curbside pick-up during the pandemic.
While in-store shopping will resume, e-commerce demand will continue to rise. Companies will be leveraging advanced technology to support, develop, and manage e-commerce fulfillment. Assess your organisation’s business strategy to identify how your offerings and specialisations align with the future of digitisation. Knowing this information will allow you to develop areas of emphasis moving forward.
Retire Your Legacy Mindset
The formula for success after the pandemic will require technology companies to operate proactively instead of reactively. In turn, legacy mindsets must be left behind. Leaders with a legacy mindset lack openness to change and are instead confined to traditional (and often outdated) norms and business practices that don’t fit with the changing world around them.
Collaborate with your leadership team to streamline every aspect of your company’s internal operations and product offerings. You’ll then be able to identify and make necessary adjustments needed to meet the new needs of partners, customers and employees. For example, retailers are still stinging from the effects of widespread out of stocks at the height of the lockdown. There’s no telling where the next COVID-19 hotspot will be next so it’s impossible to prepare for such an event with traditional forecasting.
A better solution is to leverage a prescriptive analytics tool, the best of which includes a built-in capability called “demand sensing.” Demand sensing monitors demand trends in real time and adjusts your plan accordingly. For example, if it detects a slight, but guided, surge in sales of cleaning products in a specific area, it will determine whether or not the area’s planned-for supply is sufficient to meet projected demand in the coming weeks. If not, it will automatically adjust the plan, perhaps rerouting other areas’ shipments to the area at risk of an outbreak. By aligning your offerings and internal operations with the ripple effects of the pandemic, you can boost prospect conversion rates and improve your ability to retain internal talent.
For technology organisations, these three leadership qualities will be essential for advancing in this era of opportunity and successfully navigating the changing industry landscape. During this period of uncertainty, leadership is what will separate the winners from the losers. With the right approach, organisational leaders can foster higher levels of sustained success leading into an unpredictable post-pandemic environment.
TAP THE POWER OF COLLABORATION
CHARBEL KHNEISSER, REGIONAL PRESALES DIRECTOR, MENA AT RIVERBED, EXPLAINS THE BENEFITS OF BRINGING NETOPS AND SECOPS TEAMS TOGETHER AND GIVING THEM FULL-FIDELITY VISIBILITY.
As companies continue to cope with COVID-19 and maintain a work from anywhere workforce, many have had to content with security infringements and breaches. And the cause could be a lack of integration between their network operations (NetOps) and security operations (SecOps). By working in collaboration, these teams could avoid missing crucial information from one another that would enable them both to operate more efficiently and securely.
However, collaboration, and the success of any such venture between the two departments, relies on having and sharing, end-to-end visibility over their network and applications. Including capturing and storing every packet and flow. Without this full-fidelity visibility, NetOps and SecOps risk not being able to discover and troubleshoot security problems quickly and seamlessly within the network. This in turn results in a reduction in productivity levels, as employees are left operating on slow running systems and inefficient, fragmented applications for longer periods of time. Something no company can afford in the challenging COVID-19 business environment.
NetOps, SecOps and why their integration matters
As its name suggests, NetOps — and the people and tools it includes — is focused on delivering networking operations. Crucially, NetOps teams provide networking that meets the demands of business applications and technologies, as well as of end-users. As part of this, they identify and resolve bottlenecks to deliver agile, high-performance infrastructure which underpins the entire business estate.
Meanwhile, SecOps is a philosophy and development system that champions collaboration between IT security and
operations teams. Its goal is to get both to work together more effectively, chiefly through the integration of the technology and processes they employ to ensure the security of systems and data.
Although NetOps and SecOps teams have traditionally operated in siloes, they are interested in the same type of data. This is because security events and network performance issues are inextricably linked; with one unavoidably triggering the other. For example, a distributed denial-of-service (DDoS) attack could overwhelm a network with malicious traffic. Therefore, it would present as a network problem before the security issue that was the root cause has even been identified. Left unresolved, an attack such as this results in severe network disruption and financial cost for the business. Furthermore, this can inhibit not only the productivity of the workforce, but also the safety of their data as DDoS attacks may serve as a distraction to launch other more dangerous attacks while the SecOps teams are busy dealing with it.
However, by working together, network and security teams can use their data and insights across both the estates, to find any breaches quickly. This has become increasingly important as the number of cyber attacks and network performance issues has risen due to COVID-19.
How COVID-19 impacted the relationship between NetOps and SecOps
At the onset of the pandemic, there were a significant spike in security incidents; as recorded by organisations such as Interpol. Alongside the increase in cyber threats, businesses also grappled with reduced network efficiency. In fact, 94 percent of business leaders surveyed for Riverbed’s Future of Work Survey reported technology performance problems. Both issues were somewhat unsurprising. Afterall, businesses across the world had to switch to work-fromanywhere models before they had a chance to develop the security protocols and network infrastructure needed to underpin new ways of operating. ALTHOUGH NETOPS AND SECOPS TEAMS HAVE TRADITIONALLY OPERATED IN SILOES, THEY ARE INTERESTED IN THE SAME TYPE OF DATA. THIS IS BECAUSE SECURITY EVENTS AND NETWORK PERFORMANCE ISSUES ARE INEXTRICABLY LINKED; WITH ONE UNAVOIDABLY TRIGGERING THE OTHER.
However, it has presented an invaluable opportunity for NetOps and SecOps teams to integrate for a more efficient and secure operational future.
Overcoming obstacles to collaboration and embracing full-fidelity visibility
Actively deciding to unite NetOps and SecOps is the first obstacle to collaboration, but it is not the last. Not only do both teams have different lines of reporting, budgets, and goals, but most importantly they lack a single, shared data source that can allow them to collaborate effectively. This is where achieving full-fidelity visibility and sharing the information across both teams comes in.
Full-fidelity visibility means having end-to-end insight, across all network and application data, from packets to flows and logs. This enables teams to not only monitor every piece of the estate but see where the correlations are and make informed decisions based on them. Both NetOps and SecOps teams can achieve this independently, but it will not enable them to collaborate unless they share their data to provide a single source of truth for analysis to be conducted upon. Afterall, if one team has blind spots and another has outdated information they cannot work from the same page. Network Performance Management (NPM) offers the solution.
Adopting Network Performance Management tools
NPM tools collect, record, store and analyse all the data that flows through the network for every application and every device. As such, they provide NetOps and SecOps teams with a holistic view of the IT environment across both departments. Armed with this information, both teams can carry out forensic analysis of the data to identify performance problems or investigate security threats that have originated inside or outside of the enterprise. In both instances, this empowers them to resolve the issues, by acting quickly and putting the necessary measures in place before they negatively impact business operations.
Collaboration and visibility are the answers to success
By enabling NetOps and SecOps teams to collaborate and giving them the right performance management tools to have and share full-fidelity visibility, companies can gain a better overview of the network. In doing so, they can identify any relevant behaviour changes, mitigating attack risks and responding accordingly. This will empower them to optimise performance and ultimately drive the productivity vital to the success of their business going forward.
BRIDGING THE CYBERSECURITY SKILLS GAP
SANDRA WHEATLEY, SVP, CUSTOMER MARKETING, THREAT INTELLIGENCE AND INFLUENCER COMMUNICATIONS AT FORTINET, ON ADDRESSING THE GLOBAL CYBERSECURITY SKILLS SHORTAGE WITH ROBUST TRAINING PROGRAMMES.
By now, the majority of industry professionals are aware of the cybersecurity skills gap and its impact on organisations’ abilities to consistently protect their data and networks. The coronavirus pandemic has only amplified the issue, manifesting the economic strain that has forced many business leaders to make budget cuts and furlough, or even lay off, critical employees. Meanwhile, cyber criminals saw the pandemic as an excellent opportunity to execute attacks on vulnerable networks as more employees shifted to remote work. The Fortinet NSE Training Institute’s programs enable IT professionals, students, veterans and more to learn new cybersecurity skills, reskill or upskill as a way to address the growing talent shortage our industry faces.
The Cybersecurity Skills Gap: Implications for 2021 and Beyond
In a recent survey of industry leaders, it was found that 68% of responding organisations struggled with recruiting, hiring, and retaining cybersecurity talent. For such a critical branch of business, it’s an alarming statistic. Perhaps even more troubling was the discovery that 73% of surveyed organisations had experienced at least
one intrusion over the past year that could be partially or wholly attributed to the cybersecurity skills gap.
When organisations lack a large enough team of qualified, experienced cybersecurity professionals, their networks, customer data, and even operational technology are far more vulnerable to threats. At the same time, the number – and level of sophistication – of cyberattacks on commercial businesses is steadily climbing. When successful, such attacks can be debilitating, costing hundreds of thousands of dollars in downtime or reparations. To help address this risk, organisations must shift their mindset away from traditional hiring and work to implement new, agile solutions that leverage untapped resources, without burning out their employees. Organisations should invest in reskilling and upskilling current employees, which can effectively help bridge the skills gap.
Identifying the Right Individuals for the Job
One of the biggest issues in cybersecurity hiring has to do with the sets of skills and attributes hiring managers believe are mandatory in a “qualified” individual. All too often, these wish lists grow much longer than what any individual could have possibly attained over the course of a 5-, 7-, or even 10-year career in the industry. Worse, hiring according to a set list of qualifications tends to rule out some of the most talented and capable recent graduates – those who are eager to learn and most excited about the profession.
By restructuring the hiring model to prioritise innate strengths over “X years of experience,” organisations will end up with employees who are happier to do their jobs and fit in more seamlessly with the rest of the team. Interviewing for, say, communication skills and leadership ability, analytic sharpness, level of comfort with abstract ideas, mathematical and modeling skills, independence and autonomy, and other such “soft” skills may reveal much more about a candidate’s chances for long-term success than his or her resume alone.
Then, organisations must put programs in place for on-post training, whereby talented and new hires pick up the technical, hands-on skills they need to monitor networks and mitigate threats. But this should not be the sole focus of these cybersecurity training programs.
Even tenured employees appreciate and benefit greatly from opportunities for continued education, whether via in-person or online courses, seminars, or conferences. Many organisations have found some of their best cybersecurity professionals by looking elsewhere in their IT departments, encouraging individuals who may no longer be stimulated in their current roles to move laterally into a cybersecurity position by completing training programs and/ or certifications. These workers bring a new, fresh perspective, benefiting the organisation in more ways than one – this alone demonstrates why upskilling and reskilling should be considered essential when looking to build out security teams.
Bridging the Skills Gap
Fortinet is committed to helping close the cybersecurity skills gap through its technology, the NSE Training Institute programs and Corporate Social Responsibility initiatives. Employers and aspiring network security professionals alike should be able to access the resources needed to close the skills gap – whether via training and certifications, professional networking opportunities, or mentorship.
The Fortinet NSE Training Institute programs provide IT professionals, students, veterans and more the opportunity to expand and learn new security skillsets. The NSE Training WHEN ORGANISATIONS LACK A LARGE ENOUGH TEAM OF QUALIFIED, EXPERIENCED CYBERSECURITY PROFESSIONALS, THEIR NETWORKS, CUSTOMER DATA, AND EVEN OPERATIONAL TECHNOLOGY ARE FAR MORE VULNERABLE TO THREATS. AT THE SAME TIME, THE NUMBER – AND LEVEL OF SOPHISTICATION – OF CYBERATTACKS ON COMMERCIAL BUSINESSES IS STEADILY CLIMBING.
Institute’s flagship NSE Certification Program, which has issued more than 500,000 certifications worldwide, has eight levels of certifications, ranging from cybersecurity fundamental education courses to advanced solution-based training. Additionally, Fortinet has made its entire catalog of self-paced NSE courses available free of charge for anybody interested in learning new skills or upskilling. Through the Information Security Awareness Training service, Fortinet also provides organisations with free training for their employees to be cyber aware to identify and prevent threats.
By implementing cybersecurity training programs for all employees and diversifying the overall hiring strategy, companies across industries will see a marked improvement in their overall security program’s fortitude, as well as a greater degree of employee satisfaction and far less turnover.
THE JOURNEY TO EFFORTLESS CUSTOMER CARE
STEVE HARDING, CSM VP FOR EMEA AT SERVICENOW, ON HOW TO BUILD A BETTER CUSTOMER EXPERIENCE
Operating a business in 2020 is challenging in ways that few of us could ever have predicted. Rarely have we seen change occur with such magnitude or velocity. Customerdemand fluctuations, fractures in supply chains, workforce disruption, and rapidly evolving government policies have stressed organisations all at once.
Meanwhile, customer anxiety levels have soared and their priorities have shifted. In the COVID-19 era, many customers have less money to spend. They are concerned about the future and increasingly want to engage digitally with organisations. This is true in both B2C and B2B scenarios.
Before the COVID-19 outbreak, customer service experts were already emphasising the “experience” of customers over the service itself. Matt Dixon, an authority on sales, customer service, and customer experience, talks of the “effortless experience” and how it’s the new battleground for customer loyalty.
Today’s customers aren’t looking for prolonged engagements. They want organisations to eliminate frustrations and make interactions quick, effortless, and effective. This is more important than ever during the pandemic, when we’re all dealing with stress in multiple aspects of our professional and personal lives. If customers must expend what they see as unnecessary effort to receive support, they will ultimately spend less, leave earlier, and share negative word of mouth more readily.
Moreover, when customer spend is constrained and budgets are under prolonged pressure, businesses must renew their focus on operational efficiency.
So how do you deliver effortless customer experiences while simultaneously reducing cost and boosting productivity?
Focus on solving problems, not adding channels
Because many organisations believe choice is the key to satisfaction, they often focus on providing multiple channels of engagement for their customers. This omnichannel approach fails on many levels.
Many of us are very time poor in our daily lives. Although it’s nice to have multiple ways to connect to a company, we really crave faster resolution to issues via the most efficient medium. What’s more, moving from channel to channel in the hunt for answers is incredibly frustrating. Not surprisingly, research shows 84% of customers care more about the ultimate solution than about the channel on which they engage. Furthermore, customers tend to be less loyal when they are switched from one channel to another during a service interaction.
The emphasis needs to be on effortless experiences that solve problems. Orchestrate work so customers don’t have to engage with a service rep. This leads to faster problem resolution. So much the better if the resolution can be fully automated through non-human workflow.
However, don’t stop there. Find opportunities to drive proactive customer service and inform customers of an imminent problem — and a corresponding solution — before it even happens.
And where human involvement is desired, or perhaps preferred, arm your agents with the knowledge they need to resolve issues quickly, presenting them with rapid workflow pathways to get work done.
Respond rapidly
In a world where change is constant, it’s key to invest in technologies that help you adapt quickly.
Low code and no code platforms let people build enterprise-grade apps with minimal programming effort, offering an alternative to the traditionally slow, costly, and inefficient development process.
This kind of agility is critical in times such as the COVID-19 pandemic,
when companies are crying out for applications that accelerate workflows and processes that help maintain business continuity, particularly as volumes of incoming customer requests increase.
Above all, organisations need digital workflow solutions that are simple, fast, and affordable to build, while still meeting enterprise standards for security and scalability.
A typical self-service interaction can be as much as 98% less expensive than a phone- or email-based interaction — meaning your organisation can save money exponentially by moving more support requests to self-service.
Where this investment is made is important, as unfettered use of technology can erode customer care. If customers are anxious, stressed, or worried, it’s important to pair selfservice offerings with a customer service team that can focus on hightouch interactions that require care and empathy.
The primary goal is to make the user experience effortless. This is especially true for self-service channels. Focus on a small number of key interactions in the user journey where user experience is won or lost.
Remember too that self-service isn’t something that can just run in the background. Prioritise its improvement and maintenance and make it a priority for your service teams. Putting in place measurable goals will put the spotlight on the impact of self-serve on the customer experience, ensuring it complements your wider customer engagement strategy.
Customer experience at the crossroads
Customer experience is more important than ever during the pandemic, when customer service teams are under extreme pressure while their organisations race to adapt business models and drive cost efficiencies.
Sectors such as hospitality and air travel are facing dramatic increases in customer support requests. Customers are chasing refunds, adding nothing to the bottom line, and squeezing operating margins like never before. In contrast, many online retailers face unprecedented demand. This promises big revenue increases, but exposes customer experience models that are unable to cope.
Operating through a pandemic has highlighted the importance of bringing agility and business continuity to customer service. But it can also be a catalyst for positive change.
Let’s learn from 2020 and take the opportunity to bring together people, processes, and technology so that effortless experiences become the heart of customer service.
PHISHING ATTACKS SOAR DURING COVID-19
COVID-19 CONTINUES TO SIGNIFICANTLY EMBOLDEN CYBERCRIMINALS’ PHISHING AND FRAUD EFFORTS, ACCORDING TO NEW RESEARCH FROM F5 LABS.
The fourth edition of the Phishing and Fraud Report found that phishing incidents rose 220% during the height of the global pandemic compared to the yearly average.
Based on data from F5’s Security Operations Center (SOC), the number of phishing incidents in 2020 is now set to increase 15% year-on-year, though this could soon change as second waves of the pandemic spread.
The three primary objectives for COVID-19 – related phishing emails were identified as fraudulent donations to fake charities, credential harvesting and malware delivery.
Attacker opportunism was in further evidence when F5 Labs examined certificate transparency logs (a record of all publicly trusted digital certificates). The number of certificates using the terms “covid” and “corona” peaked at 14,940 in March, which was a massive 1102% increase on the month before.
“The risk of being phished is higher than ever and fraudsters are increasingly using digital certificates to make their sites appear genuine,” said David Warburton, Senior Threat Evangelist at F5 Labs.
“Attackers are also quick to jump onto emotive trends and COVID-19 will continue to fuel an already significant threat. Unfortunately, our research indicates that security controls, user training and overall awareness still appear to be falling short across the world.”
A Phisher’s Domain
As per previous years’ research, F5 Labs noted that fraudsters are becoming ever more creative with the names and addresses of their phishing sites.
In 2020 to date, 52% of phishing sites have used target brand names and identities in their website addresses. Using phishing site data from Webroot, F5 Labs discovered that Amazon was the most targeted brand in the second half of 2020. Paypal, Apple, WhatsApp, Microsoft Office, Netflix, and Instagram were also among the top ten most impersonated brands.
By tracking the theft of credentials through to use in active attacks, F5 Labs observed that criminals were attempting to use stolen passwords within four hours of phishing a victim. Some attacks even occurred in real time to enable the capture of multi-factor authentication (MFA) security codes.
Meanwhile, cybercriminals also became more ruthless in their bids to hijack reputable, albeit vulnerable URLs – often for free. WordPress sites alone accounted for 20% of generic phishing URLs in 2020. The figure was as low as 4,7% in 2017.
Furthermore, cybercriminals are increasingly cutting costs by using free registrars such as Freenom for certain country code top-level domains (ccTLDs), including .tk, .ml, .ga, .cf, and .gq. As a case in point, .tk is now the fifth most popular registered domain in the world.
Hiding in Plain Sight
2020 also saw phishers intensify efforts to make fraudulent sites appear as genuine as possible. F5 SOC statistics found that most phishing sites leveraged encryption, with a full 72% using valid HTTPS certificates to trick victims. This year, 100% of drop zones – the destinations of stolen data sent by malware – used TLS encryption (up from 89% in 2019).
Combining incidents from 2019 and 2020, F5 Labs additionally reported that 55.3% of drop zones used a non-standard SSL/TLS port. Port 446 was used in all instances bar one. An analysis of phishing sites found that 98.2% used standard ports: 80 for cleartext HTTP traffic and 443 for encrypted SSL/TLS traffic.
Future threats
According to recent research from Shape Security, which was integrated with the Phishing and Fraud Report for the first time, there are two major phishing trends on the horizon.
As a result of improved bot traffic (botnet) security controls and solutions, attackers are starting to embrace click farms. This entails dozens of remote “workers” systematically attempting to log onto a target website using recently harvested credentials. The connection comes from a human using a standard web browser, which makes fraudulent activity harder to detect.
Even a relatively low volume of attacks has an impact. As an example, Shape Security analysed 14 million monthly logins at a financial services organisation and recorded a manual a fraud rate of 0,4%. That is the equivalent of 56,000 fraudulent logon attempts, and the numbers associated with this type of activity are only set to rise.
Shape Security researchers also recorded an increase in the volume of real-time phishing proxies (RTPP) that can capture and use multi-factor authentication (MFA) codes. The RTPP acts as a person-in-the-middle and intercepts a victim’s transactions with a real website. Since the attack occurs in real time, the malicious website can automate the process of capturing and replaying timebased authentication such as MFA codes. It can even steal and reuse session cookies.
Recent real-time phishing proxies in active use include Modlishka and Evilginx2. F5 Labs and Shape Security are set to monitor the growing use of RTPPs in the coming months.
“Phishing attacks will continue to be successful as long as there is a human that can be psychologically manipulated in some way. Security controls and web browsers alike must become more proficient at highlighting fraudulent sites to users,” Warburton concluded.
“Individuals and organisations also need to be continuously trained on the latest techniques used by fraudsters. Crucially, there needs to be a big emphasis on the way attackers are hijacking emerging trends such as COVID-19.”
THE FUTURE WITH
