The concept of attack trees or attack paths and how to increase the cost for the attacker in time and resources (not always monetary) has been discussed many times and it is still considered a good approach in any modern security strategy.
The growing popularity of MITRE ATT&CK is a good indication that finally, we have a common language to describe the tools, techniques and procedures (TTPs) that threat actors are using in their daily operations.
In a post COVID-19 world the security landscape of many organisations has been radically realigned. In particular, the healthcare sector was facing significant challenges prior to the pandemic, so the current situation has only added to the security burdens they face.
With most employees working from home amid today’s COVID-19 outbreak, VPN and remote access to enterprise resources have drastically increased. This is a huge challenge for the IT and security departments as many security experts believe that the current VPN deployments are designed for a small percentage of employees of the organizations and not for the overwhelming number of teleworkers who now need to access them repeatedly throughout the workday.
In these uncertain times, CISOs are having to deal with an entirely new security profile for their organisations. The ability to control every security facet on end users’ machines has been loosened considerably.