COVID-19 Echo Effects for Cyber Security, Risk and Compliance

Golden Age

Golden Age for Hackers is what noted Shark Tank investor and cyber security business owner Robert Herjavec declared, days into the COVID-19 national lockdown recommended by the US government.

The implications of this are broad. Work from home (WFH) is the new business normal, at levels and scale few if any organizations prepared for. At the macro level, there will be at least three huge COVID-19 Echo Effects in the coming weeks, months and years:

1. Cyber damage suffered and disclosed- due to a fresh wave of successful cyber attacks (Ransomware, Data Breaches, …) currently underway,

2. New Risk to manage and account for - with unknown scope, undefined mitigations and uncertain underwriting requirements,

3. Regulatory Compliance violations discovered - with new civil and criminal liabilities incurred.

Root causes for Business Disruption, Data Loss, Data Privacy violations, Industrial Espionage / IP Theft, Customer Confidentiality Breaches and other problems include:

• Hastily deployed VPN solutions to support WFH with no immediate disruptions to business. These often lack modern Zero Trust protections and therefore establish unnecessarily large security perimeters with correspondingly large attack surfaces and vulnerabilities for cyber attackers to easily exploit.

• Unmanaged home WiFi, PCs, Tablets and Mobile devices unwittingly became part of every organization’s core business infrastructure.

• Smart speakers (Alexa/Echo, Sonos, Google Home, …) Smart TVs and other consumer-grade unmanaged IoT devices continuously stream voice/audio, video, location, biotelemetry and other data sets to non-approved vendors and their vast network of advertising network partners, data brokers and undisclosed (often foreign) 3rd party suppliers / contractors.

Not even complete, this large root cause list alone comprises well-documented and lucrative known vulnerabilities for cyber adversaries of all kinds (nation-state, organized crime, terrorists, anarchists, …) to easily exploit.

From Defense to Offense

As IT/ICT/OT and security teams coordinate reactively to restore business continuity, planning for the proactive work to identify, minimize and eliminate the 3 COVID-19 Echo Effects above begins. One of first the essential assets to secure are your indicators of compromise, such as logs for all operational, security and business systems.

According to cyber security customer surveys, 39% of cyber attacks remain undetected. It’s high time to reduce that figure. Anti-forensic techniques applied to logs are at the top of the list to identify, reduce and remove.

Risk management in a WFH world has new variables to consider for existing security and privacy models, as well as net new models to create over time as we uncover more unintended consequences of a volatile and dynamic edge to new security perimeters.

In addition to detection challenges before cyber damage begins, attribution and scope of threat remain open challenges for forensics investigators. This is due to lack of artifacts and lack of artifact integrity as a byproduct of the aforementioned anti-forensic techniques.

Chains of Custody - Quantified Risk, Evidence with Integrity

Wrapping indicators of compromise inside of a chain of custody offers irrefutable, reproducible evidence of tampering (removal, modification, obfuscation, …) against all anti-forensic techniques known to bypass existing cyber security defenses. This is because Anti-Virus (AV), Endpoint Detection (EDR), Intrusion Detection (IDS), File Integrity Monitoring (FIM) and related solutions are reported to be only 61% effective (detecting attacks) according to the same customer surveys cited above.

Quantifying risk at a granular level near real-time is the holy grail of risk management. Digital Chains of Custody enable powerful new integrity workflows throughout data sets, networks, endpoint stacks, DevOps & Machine Learning pipelines which represent today's business technology. Underwriters for example, can now craft fine-grained cyber insurance policies tailored to very specific client risk, which can be quantified, monitored and enforced with unprecedented granularity and cadence.

Post-cyber attack, forensic artifacts inside a chain of custody offer irrefutable, reproducible attestation of full integrity against all known anti-forensic techniques. Digital Forensics and Incident Response (DFIR) investigators will no longer have to deliver inconclusive reports, working around incomplete and untrusted evidence when assigning attribution and establishing scope of damage.

Getting to Work!

The award-winning Chainkit for Splunk App and Chainkit for Elastic Plug-In are ready today for rapid, seamless deployment on top of popular Security Incident and Event Management (SIEM) solutions. Large organizations and their Managed Security Service Providers (MSSPs) can quickly and easily wrap all indicators of compromise inside Chains of Custody at any scale or granularity, while adding unlimited forensic artifacts on demand.

Rising to the challenge of turning a Golden Age to Lumps of Coal for cyber adversaries is within our grasp. Let’s silence threatening COVID-19 Echo Effects now, to get our lives, societies and economies back as soon as possible!