Speaking at the Genetec Connect’DX digital conference, Mathieu Chevalier, lead security architect and Laurent Villeneuve, product marketing manager, video surveillance, both at Genetec, discussed the biggest trends in cybersecurity in 2020, the nature of cyber-threats currently being faced by organizations and how companies can effectively mitigate the risks.
Whilst the speakers explored important trends such as advancing attack vectors and evolving regulatory frameworks, unsurprisingly, Chevvalier said that the biggest and most impactful security risks affecting organizations right now are the threats brought about by the current COVID-19 pandemic.
“The current pandemic situation requires everyone to adapt,” he explained. “Confinement means lots of people are working from home; organizations are doing their best to support that migration, but there is a double effect here whereby systems are more exposed than ever and attackers see the current situation as an opportunity.”
For example, Chevvalier added, the number of devices exposing RDPs to the internet has increased by 42% in the past month, whilst there was a 667% increase in targeted phishing attempts using the coronavirus as bait.
What’s more, state actors have also been exploiting COVID-19 to hurt geopolitical rivals and disrupt hospitals/healthcare organizations, he continued.
The deluge of problems being faced are therefore diverse, said Villeneuve, and mitigating them requires organizations to “set some solid bases” around risk management.
“The approach can be very similar to a standard conversation about physical security,” he argued. “Organizations need to assess the level of risk around their business and then work with their security vendors and consultants to figure out where to add layers of defense that make sense in their environment.”
Villeneuve advised starting with the basic calculation of: Risk = Probability × Impact.
Once the level of risk to an organization has been deduced, Chevvalier said that more advanced steps of risk mitigation can be addressed. “When it comes to risk mitigation, it’s useful to use a divide and conquer approach,” he advised, breaking this down into three main categories.
- Authentication: prevent unauthorized access by providing access only to known entities for whom identity can be verified
- Authorization: ensure your authorized users can see and do the right things
- Encryption: prevent unauthorized access and protect sensitive information in and out of your organization