Andrew de Lange, Anomali’s Senior Solutions Consultant in the Middle East, provides some insight into his time as Head of Intelligence and Incident Response for a major African bank.
Weekends, holidays and now most recently, panic during the Coronavirus pandemic, all of these have one thing in common for your Security Operations team. They are the times when our focus tends to shift and we let our guard down. The COVID-19 pandemic has the potential to be the most opportune time in history for cybercriminals to strike and strike effectively. As the novel coronavirus spreads and infects humans around the globe at an unprecedented rate, it is natural for organizations to place their staff’s health and safety as a top priority. This includes limiting physical interaction in an office setting.
I remember the days when we rigorously tested BCM (Business Continuity Management) plans, most of the time it was an irritation but in times like now, it all makes total sense. Can the security of your organization continue to function should you remove all of your soldiers from the battlefield? You can be sure of one thing, the enemy does not walk away when there is a crisis. In fact, this is when they will use your weakness against you. Every major incident I have been involved in, either occurred after business hours, on weekends or when the staff was in a “relaxed” state, or on a skeleton crew.
If we look at the COVID-19 situation from a Threat Intelligence, and community collaboration perspective, there is a big chance that the sharing communities that exist today will not be “watching each other’s backs” and although this is not by choice, it leaves a potential blind spot within these communities. Anomali prides itself on being the biggest and most effective enabler of community and trust-based intelligence sharing communities through our Trusted Circles in the ThreatStream platform. And our Anomali Threat Research (ATR) team is already witnessing an increase in malicious actor activity on a global scale, these same researchers will continue to provide the highest quality intelligence to our customers, during these uncertain times.
There is no doubt that the current situation will impact our lives for years to come in many ways, we are already witnessing the impact to global financial stability and stock markets, the substantial loss of life, and now the potential threat of cybercriminals ramping up activity when our focus is elsewhere. Many lessons will be learned, chances are we will wash our hands more from this point forward. Yet one thing is very evident, COVID-19 is a game-changer in the way we approach our daily lives from here on. Stay safe and try not to get distracted from what matters.
Andrew de Lange is a solutions consultant for Anomali. Andrew has over 15 years experience in cyber security, with the bulk of that time spent in Financial Services and Banking, he is an evangelist for Cyber Threat Intelligence collaboration initiatives and community driven defence.