Gartner analysts discussed how enterprise security and risk leaders can respond to the 2020 threat landscape during the Gartner Security & Risk Management Summit 2020 virtually in the Americas and EMEA.
“External risk is top of mind for security and risk management leaders in 2020, yet COVID-19 has proved how rapidly and how drastically such risks can change,” said Jonathan Care, senior research director at Gartner. “Bad actors are always looking to take advantage of worldwide events, such as the pandemic, to exploit new vulnerabilities and circumvent even the most advanced security controls.”
COVID-19 highlights new threat vectors
As organizations worldwide moved to remote work spurred by COVID-19, the number of exposed remote desktop protocol (RDP) and virtual private network (VPN) services increased, and the widespread reliance on digital meeting solutions created new threat vectors. Security teams also had to develop new protocols for remote endpoint management and patching.
Threat actors took advantage of the urgency and chaotic nature of the changes in working environments to leverage new tactics. Gartner has observed an increase in reports of coronavirus-related business email compromise (BEC) and phishing scams, including SMS phishing (“smishing”) and credential theft attacks.
COVID-19 also led to increased nation-state activity from advanced persistent threat (APT) groups targeting healthcare and essential services. These actors are using scan and exploit techniques, as well as password spraying that attempts to take advantage of unpatched vulnerabilities, to obtain bulk personal information, intellectual property, and national intelligence.
What Gartner recommends
In response to the dynamic nature of the immediate threat landscape, Gartner recommends that organizations invest in security solutions that are agile enough to evolve alongside it.
“Many organizations waste time on legacy security technologies that have lost efficacy, or they continue to needlessly tune effective controls,” said Care. “Rather than trying to anticipate and block all possible threats, invest in solutions with detect and respond capabilities, which can assist with unknown threats and improve response efficacy when prevention fails.”
Gartner predicts that by the end of 2023, more than 50 percent of enterprises will have replaced older antivirus products with combined endpoint protection platforms (EPP) and endpoint detection and response (EDR) solutions that supplement prevention with detect and response capabilities. Extended detection and response (XDR) capabilities are also emerging to improve detection accuracy and security productivity.
Security and risk leaders can use a continuous and adaptive risk and trust assessment (CARTA) strategic mindset to evaluate vendor products and determine how they can build up more adaptive defenses by applying the concepts of prediction, prevention, detection and response.