While the impact of COVID-19 pandemic is still growing there is key information security challenges organizations face and may need to prepare for. Sound security means protecting the confidentiality, integrity, and availability of the organization’s data while making information accessible. The pandemic has changed CISO’s priorities to focus heavily on securing work-from-home arrangements.
Cybersecurity is all about protecting digital assets – data in electronic form – from security breaches at all times. It is a subgroup within the information security domain, and it matters more than ever now, during the coronavirus pandemic because the shift to teleworking increased the risk of cyber threat, such as:
- More devices mean more attack surfaces – companies need to figure out how to outfit employees with new devices that they can use from home
- Bad actors have new ways to get in and out of the organization now, some which may not be protected and regulated
- As the use of enterprise virtual private network (VPN) servers increases, the possibility of security misconfiguration increases as well.
- Insider Threats – increase in unemployment, may result in more insider threats by disgruntled or displaced employees and contractors
- Compliance Challenges – for more regulated industries, telecommuting presents even more problems when complying with new or updated regulations, standards, certifications, and internal policies
Immediate steps to consider:
- Accelerate Patching of critical systems – shortening patch cycles for VPN, endpoint protection, and cloud interfaces, that are essential for remote working will help eliminate vulnerabilities soon after their discovery. Patches that promote remote infrastructure are key.
- Expand security monitoring – particularly for data and endpoints, as cyberattacks have increased significantly. The basic boundary-protection mechanisms, such as proxies, web gateways, or network intrusion-detection systems (IDS) or intrusion-prevention systems (IPS), won’t secure users working from home, off the enterprise network, and not connected to a VPN. Also, Identify and monitor administrative privileges. Update security-information-and-event-management (SIEM) systems with new rule sets and discovered hashes for novel malware.
- Increase security awareness – It is critical that users are educated on social engineering. When phishing and ransomware attacks are considered, users will always be on the front line so education and making them aware of the threats is important. By showing users typical attack examples and providing tips on recognizing lures. Some of these are:
– Financial scams offering of government assistance payments during the economic shutdown
– Information about vaccines, masks, and other personal protective equipment
– Free downloads of high demand technology solutions, such as video and audio-conferencing platforms
– Critical updates to enterprise collaboration solutions and consumer social media applications - Roll-out Multifactor Authentication (MFA) for employees working remotely. – Prioritize users who have elevated privileges, such as superusers, domain, and sysadmins and application developers.
- Install compensating controls for applications migrated to remote access – require employees to activate VPNs and use to MFA to access applications even if accessing other parts of the corporate network only requires the use of MFA alone.
- Testing Incident Response and Business Continuity/ Disaster Recovery (BC/DR) capabilities – with increased traffic, validating remote communications, and collaboration tools companies might have to adjust their IR and BC/DR plans. Also, verify that contractors and service providers conducted incident response and business continuity drills and review results. Should any third parties fail to demonstrate adequate security controls and procedures, consider limiting or even suspending their connectivity until they remediate their weaknesses.
More Strategic Approach for the long term – Cybersecurity Risk Assessment
- An effective risk assessment is the foundation of an effective risk management program and the foundation for developing an effective information security program. Every enterprise’s enemy is risk, and the key to remaining resilient and secure is understanding that risk as much as possible.
- A cybersecurity risk assessment (a process of identifying, analyzing, and evaluating risk), is the only way to ensure that the cybersecurity controls are in place, or planned to be implemented, and are appropriate to the risks the organization faces.
- Once an enterprise fully understands its risk and a security program is in place, a gap analysis is a great next step. A gap analysis provides insight and perspective on the information security landscape, helping to identify possible security holes, weaknesses, and risk factors in the enterprise’s network. This enables the enterprise to better understand what needs to be addressed and take action. It is important to look for gaps from a total-systems perspective.
- Since ISACA (Information Systems Audit and Control Association) suggests that a cybersecurity risk assessment should take place at least once every two years, companies should aim to implement a cybersecurity risk management program, based on the results of the risk assessment.
Read Andrea’s Hero Story:
High-Tech Performance and Results