Covid-19 pandemic has left many organizations and individuals to embrace new practices like remote working, as a precautionary measure. While the world is focused on health and economic threats posed by the deadly virus, cybercriminals are capitalizing on this crisis, leaving the organizations vulnerable to security breaches. This is the time for security and risk teams to remain vigilant and focus on strategic areas.
In the Czech Republic, a cyberattack froze all emergency surgeries and rerouted critical patients in a busy hospital that was fighting the COVID-19 pandemic. In the United States, multiple workers received phishing emails after the government relief bill was passed. In Germany, one of the food delivery companies fell victim to DDoS attack (Distributed Denial Of Service).
Despite the global pandemic, cyber attackers are not taking any time off. With employees shifted to working remotely and businesses trying to handle the virus, security and risk management teams should be more vigilant than ever.
Many security and risk teams are now operating in completely different environments and mindsets. Therefore, taking pre-emptive steps to ensure the resiliency and security of the business operations is very crucial right now, as cyber attackers are seeking to exploit human nature and nonstandard operating modes. Cybersecurity experts at Neumetric, the top cybersecurity company in Bangalore for consultation & products, believe that with many overwhelming priorities, it is essential for security and risk teams to focus on these 6 areas.
With most of the security and risk teams operating in different environments and mindsets right now, incident response protocols may become obsolete and need to be adjusted. Incidents that can be well-managed risks otherwise can become bigger issues if the team is unable to respond effectively. Therefore, the response team should be reviewed thoroughly.
Organization’s incident response protocols must reflect the altered operating conditions and should be tested at an early stage. The primary, secondary and alternate roles must be filled, and everyone should have access to the equipment they need to be effective. This is a good time to connect with the suppliers and check what hardware they have and if you can get it to the right people when required. All documentation must be reviewed, and a walk-through must be conducted with a careful watch for any problem areas. If the company is not cybersecurity incident response capable, it should consider using the services of a Managed Security Service Provider.
During the Covid-19 pandemic, most of the organizations moved to remote work immediately. Therefore, security teams wouldn’t have performed basic endpoint hygiene and connectivity performance checks on corporate machines. Along with this, employees would also be using their personal devices for work. In such a scenario, it is crucial that all remote access capabilities are properly tested and secured, and the endpoints used by employees should be patched. The corporate laptops should have minimum viable endpoint protection configurations for off-LAN activity. Risk and security teams should be cautious with access to corporate applications where mission-critical or personal information is stored from personally owned devices.
The organization must ensure that someone from the security team is part of the crisis management team in order to provide guidance on security concerns and business-risk-appropriate advice. They should be able to confirm whether personal devices have adequate anti-malware capabilities installed and enabled. If not, they should work with the employee and their corporate endpoint protection platform vendor so as to ensure the device is protected. Options like software-token based multifactor authentication are also useful in ensuring that only authorized personnel have access to corporate applications and information remotely.
While employees are working from home during the coronavirus pandemic, they will have distractions than usual and they might not be as vigilant about security during a time where cybercriminals will exploit the chaos. Therefore, it is necessary that organizations reinforce the need for employees to remain vigilant to socially engineered attacks. The senior leaders should be reached out with examples of target phishing attacks, and the employees should be warned of the escalating cyber threat environment and suspicious activities. Reminders should be sent every two weeks regarding remote and mobile working policies. They can also access security awareness training material in case of freshers and must be aware of whom to communicate if they suspect a cyberattack along with a clear course of action.
The relocation of the workforce including the security and risk management team to remote locations creates the potential for cybersecurity teams to miss events. Therefore, it is crucial for organizations to ensure that security monitoring capabilities are tuned to have visibility of the expanded operating environment.
The monitoring tools and capabilities should have maximum visibility. Internal security monitoring capabilities and log management rule sets must enable full visibility. In case the organization is using managed security services providers, the monitoring and logs should be adapted in a manner that makes sense for the new operating landscape.
With coronavirus pandemic stressing many pieces of the economy, the cybersecurity concerns have extended to cyber-physical challenges, especially given the increase in automated services and systems. For instance, a robot may help in a hospital to reduce the human workload, but at the same time, it should be deployed safely. Many law firms are asking employees to disable voice assistants and smart speakers. Security and risk teams must focus on ensuring foundational CPS/OT security hygiene practices like network segmentation, asset discovery, and evaluating the risk of fixing a vulnerability against the risk, probability, and impact of an attack so as to prioritize scarce resource deployments.