Empowering Employees to be the First Line of Defense

By Megan Gates

25 September 2020

GSX+ Daily 2020

It sounds like the plot of a spy novel. A Russian travels to Nevada where he meets with an employee to convince him to introduce malware into his corporate network, wreak havoc, and walk away with $1 million to his name.

But that scenario isn’t fictional. In September 2020, the U.S. Department of Justice unveiled charges against a Russian national, Egor Igorevich Kriuchkov, 27, for attempting to recruit a Tesla employee to introduce malicious software into the company’s network, extract data from the network, and extort ransom money from the company under the threat of making that data public.

Kriuchokov’s alleged plan only failed because, instead of taking him up on his offer, the employee alerted Tesla’s security team that Kriuchkov had made contact with him. Tesla officials then alerted the FBI, which set up a cyber sting operation that resulted in Kriuchkov’s arrest in Los Angeles, California.

This event demonstrates how a cybersecurity incident response calls for empowered employees, and that criminals are becoming increasingly bold during the coronavirus pandemic, said Keren Elazari, CISSP, in her keynote remarks on Thursday, 24 September, at GSX+.

Elazari is a former hacker and a senior researcher at the Interdisciplinary Cyber Research Center at Tel Aviv University. In 2014, she became the first Israeli woman to speak at a TED Conference and advocated for the stance that hackers are the immune system of the Internet—a stance she continues to promote.

“In the age of COVID-19, we need a digital immune system,” Elazari said. “Hackers teach us a lot about what’s possible out there in the world. With this illness, criminals haven’t taken a single day off. They don’t waste a good opportunity to make the most of our digital assets.”

For instance, malicious hackers are launching new forms of ransomware attacks that target down to the region where a victim would open an email with an infected attachment. They’ve also discovered new attack methods in what Elazari called a “criminal renaissance,” including Wi-Fi spreading, where one infected computer could cause other devices to become infected—similar to a real-world virus.

This is especially concerning as the attack surface expanded drastically during 2020, with more devices are connected to the Internet and people spending more time online in response to COVID-19.

“During the pandemic, we’ve become more dependent on digital services than we’d like to admit,” Elazari said, adding that cybersecurity is no longer about just protecting secrets but about “connecting our digital way of life.”

While malicious hackers have been using these opportunities for financial gain and to enact harm, good hackers have been using their downtime during the pandemic to conduct research and share vulnerabilities with organizations at an unprecedented level.

For instance, during March 2020—when COVID-19-related shutdowns began all over the world—hackers’ volumes of submissions of vulnerability reports through bug bounty programs were “the highest ever,” Elazari said. Friendly hackers have also taken up the gauntlet through initiatives like the CTI League to provide voluntary cybersecurity support to healthcare institutions and public safety organizations that have been targeted by malicious hackers.

“In the last few months, they’ve taken down dozens—if not hundreds—of criminal websites and malicious campaigns,” Elazari said.

These developments show the importance of talking to employees about practicing good cyber hygiene and being aware of security protocols, so when something happens they can alert the right people to respond—like in the Tesla incident.

“The organizational perimeter, the boundary of the organizational network, is very abstract these days,” Elazari said. “In fact, it might be gone. So we need people to be that line of defense…we have to empower them to protect their digital assets better.”

These partnerships also demonstrate how critical it is for security professionals to engage with hackers—they can teach us about the vulnerabilities in our systems and help us fix them to prevent future harm.