COVID-19 rendering traditional approaches to cyber security redundant: CyberCube
The COVID-19 pandemic has rendered some traditional approaches to cyber security redundant, according to Michael Rogers, a retired admiral and a board member of CyberCube, the cyber risk analytics specialist.
Speaking to Darren Thomson, CyberCube’s head of cyber security strategy, as part of the NetDiligence Cyber War Webinar Series, Rogers warned that the increased prevalence of people working from home is making the world more vulnerable to cyber attacks.
“We're not all sitting behind a central security stack right now. Now we're dispersed,” Rogers explained. “We've blurred the lines between what is business infrastructure and what is personal infrastructure. The bottom line is the attack surface is just proliferated as a result.”
Meanwhile, nation states appear to be stepping up their own cyber warfare activities again, Rogers said, after a lull following NotPetya in 2017, which was allegedly orchestrated by the Russian government. He pointed to the SolarWinds attack in December 2020 and the attack on Microsoft Exchange in March 2021, with both bearing the hallmarks of state involvement.
Rogers, a former director of the National Security Agency and Commander of US Cyber Command, said the boundaries between nation states and criminal gangs were blurring, with some states employing organised cyber criminals to launch attacks on their behalf.
“The Russians in particular, often tend to use criminal groups to engage in state-associated activity,” Rogers said. “This proliferation of tools is creating a challenging environment.”