It is not surprising that the COVID-19 pandemic has taken by force not only the public health systems and the world economy but also cybersecurity. It is the trend that has the most profound impact on this industry. The fear and need for information surrounding the COVID-19 pandemic has given cyber criminals a new target. Cyber criminals often take advantage of major global events making cyber security and digital landscape defenders work harder than ever.
Since the beginning of the COVID-19 pandemic, organisations globally have seen a dramatic increase in the number of malicious attacks and scams targeting people at large. These phishing and social engineering attacks exploit human’s curiosity by tricking them into clicking malicious COVID-19 related information or news which leads to a malware infection.
In June 2020, University of California at San Francisco (UCSF) got attacked by ransomware, which encrypted crucial COVID-19 research stored in the UCSF medical school’s network. Consequently, the University had to pay a ransom of $1.14 million to the attacker to recover the files and prevent it from causing further damage. Similarly, the US Department of Health and Human Services was also the recent target of cyber attackers who aimed to disrupt operations and information flow.
“Ensuring the security of health information for Member States and the privacy of users interacting with us is a priority for WHO at all times, but also particularly during the COVID-19 pandemic. We are grateful for the alerts we receive from Member States and the private sector. We are all in this fight together,” said Bernardo Mariano, WHO’s Chief Information Officer.
Navigating these impacts of COVID-19 has meant making quite a few changes resulting in making the Security Operations Center (SOC) more burdened with numerous alerts and incidents to manage and help ensure business continuity.
But what about the tools used by SOC (Security Operations Center) teams? Amid the chaos of COVID-19, are they still adequate in a new environment? COVID-19’s rapid changes and a significant rise in cyberattacks attempt to capitalise on the crisis, makes it crucial for SOC teams to reassure the customers that their security is in good hands.
Having a comprehensive understanding of the environment being monitored is necessary for a well performing SOC. For both in-house and managed security service providers (MSSP), this pandemic has presented a number of challenges and underlined the importance of working closely with various teams.
COVID-19 has forced many companies to resort to remote work including SOC operations. Your highly skilled responders, accustomed to an onsite environment are now triaging and investigating security alerts from home. By unifying security operations with alerts aggregation, case management, security orchestration and automation, SIRP provides security teams a holistic view of the entire incident management lifecycle through a single platform. Improving cybersecurity resiliency with SIRP can make a significant difference in its ability to recover and ensure business continuity quickly to minimise the impact of a serious incident.
It’s very likely that your organisation’s risk landscape has changed during the course of this pandemic, which means you need to re-prioritise your responses accordingly. A risk-based approach to security operations helps respond to security alerts and vulnerabilities that need to be addressed first based on the new risks to the organisation.
SIRP brings the events and insights from the organisation's entire security stack into a single unified view, that makes it easy for security teams to identify important areas, like which incidents to prioritise first based on assets risk score and external threat intelligence.
Security analysts spend a lot of time on repetitive tasks like enriching alerts with external threat intelligence, sending emails to internal teams to get specific information, opening tickets, and so on.
Instead, playbooks can be designed in SIRP to automate certain repetitive tasks being done by security analysts manually. The team can then spend time doing more sophisticated investigations and analysis. SIRP enables orchestration of various processes and use cases, hence enabling security teams to work smarter, reducing the response time from hours to few minutes, and resulting in optimised security operations.
By automating enrichment and responses of an alert, it’s possible to reduce critical delays that could turn an alert into a cybersecurity attack especially in this pandemic. SIRP’s Incident Management module provides complete incident timeline, description, and evidence for an effective and faster response. SIRP helps identify, investigate, and respond to threats, as well as ensure mature processes and resiliency to prevent incidents in the future.
In the wake of COVID-19, organisations are being forced to respond to potential new cyber threats and vulnerabilities while trying to maintain as much as possible business and preparing for changes to come. Automating the cycle of identifying, prioritising, and remediating vulnerabilities resists not only greater team efficiency, but also more consistent results by ensuring that the process is performed the same way every time. SIRP enables organisations to prioritise vulnerability remediation on assets by combining incidents, threat intelligence, and risks with SIRP Security Score (S3), enabling security teams to visualise the different severity levels of vulnerabilities and remediate the critical ones first that are most crucial to be secured.
SIRP’s case management and workflow capabilities enable effective communication across multiple teams. Provide your teams the ability to escalate cases to track and to monitor status and progress remotely. Teams can configure and customise workflows according to organisational processes, while collaborating on a single platform to aggregate and analyse incidents, threat intelligence, vulnerabilities, and risks, enabling them to respond effectively. SIRP enables context and data enrichment to help security teams quickly visualise the who, what and when of a security event to expedite investigation and make decisions quicker.
Cyber criminals often take advantage of major global events, and those defending our digital landscape are working harder than ever. The less time there is between a breach response and its detection, the less of an impact the cyberattack will have on an organisation. Early detection and response limits damage, and one of the tools for reducing response time is SOAR. SOAR also helps measure your company's ability to mitigate cyber risk and protect your people, processes, and technology.