Rethinking Your Cybersecurity Strategy post-COVID!
COVID 19 is not only a health crisis of immense proportion — it’s a catalyst driving huge changes to work, the workforce, the workplace, and the associated cyber threat landscape.
How does Covid19 affect cyber risk?
In many ways, the COVID-19 pandemic has poked holes in the organization’s preparedness and shown how underutilized cyber or in general technologies are that could have ameliorated some of the worst impacts.
The rise of working from home (WFH) during the COVID-19 pandemic as well as increased staff absence through illness, presents a unique cyber security challenge. Video conferencing and remote monitoring are two technologies that have both been instrumental for at least a decade, but only now are many companies scrambling to figure them out from a cyber-standpoint. The same reluctance has been exhibited with remote working, private access to organization assets — zero trust network access, social engineering, continuous monitoring, and securing an organization’s data, infrastructure, and cloud.
As management’s attention across the organization of all sizes is being diverted onto pressing matters surrounding the supply chain, sales, people and the technology needed to enable WFH, malicious actors are, and will continue to, seek to exploit vulnerabilities across organization’s processes and infrastructure, particularly if they believe detection mechanisms are not being intently watched. Cyber-attacks result in several consequences including extortion, fraud, data breach, and data loss.
Whilst the COVID-19 pandemic dominates the news, in the first half of 2020, we have seen multiple attack vectors targeting organizations and nations using speak phishing, drive-by downloads and misconfigurations.
What are the challenges in this changing landscape?
Predominantly, adversaries are largely still using the same methods of attack as pre-COVID-19, but the opportunities to compromise environments and their respective ecosystem may have changed.
Though these risks have been evolved the ongoing situation emphasizes organizations to look at the following aspects more closely.
1. Increased distributed working: With organizations embracing work from home, incremental risks have been observed due to a surge in Bring Your Own Device (BYOD), Virtual Private Network (VPN), Software As A Service (SaaS), O365 and Shadow IT, as it could be exploited by various Man-in-the-Middle (MITM) attack vectors.
2. Reimagine Business Models: Envisioning new business opportunities, modes of working, and renewed investment priorities. With reduced workforce capability, compounded with skill shortages, staff who are focusing on business as usual tasks can be victimized, via social engineering.
3. Digital Transformation and new digital infrastructure: With the change in nature for organizations across the industrial and supply chain sector — security is deprioritized. Hardening of the industrial systems and cloud based infrastructure is crucial as cyber threats exploit these challenges via vulnerability available for unpatched systems.
4. With an extreme volume of digital communication, security awareness is lowered with increased susceptibility. Malicious actors are using phishing techniques to exploit such situations.
Re-evaluate your approach to cyber
A COVID-19 related cyber incident is much the same as any other related cyber incident, but defensive capabilities could be lowered. As the attackers know the situation creates blind spots in defences and offers a longer window of opportunity to achieve their objectives, organizations must re-evaluate their approach. Early detection and rapid response are critical to minimize the potential impact.
The organizations should reflect the following scenarios at a minimum and consider:
a. Which cyber scenarios your organization appears to be preparing for or is prepared?
b. Is there a security scenario that your organization is currently ignoring — but shouldn’t be?
c. What would your organization need to do differently in order to win, in each of the identified cyber scenarios?
d. What capabilities, cyber security partnerships, and workforce strategies do you need to strengthen?
To tackle the outcome from the above scenarios, the following measures are the key:
a. Inoculation through education: Educate and / or remind your employees about –
o Your organization’s defense — remote work cyber security policies and best practices
o Potential threats to your organization and how will it attack — with a specific focus on social engineering scams and identifying COVID-19 phishing campaigns
o Assisting remote employees with enabling MFA across the organization assets
b. Adjust your defenses: Gather cyber threat intelligence and execute a patching sprint:
o Set intelligence collection priorities
o Share threat intelligence with other organizations
o Use intelligence to move at the speed of the threat
o Focus on known tactics, such as phishing and C-suite fraud.
- Prioritize unpatched critical systems and common vulnerabilities.
c. Enterprise recovery: If the worst happens and an attack is successful, follow a staged approach to recovering critical business operations which may include tactical items such as:
o Protect key systems through isolation
o Fully understand and contain the incident
o Eradicate any malware
o Implement appropriate protection measures to improve overall system posture
o Identify and prioritize the recovery of key business processes to deliver operations
o Implement a prioritized recovery plan
d. Cyber Preparedness and Response: It is critical to optimize the detection capability thus, re-evaluation of the detection strategy aligned with the changing landscape is crucial. Some key trends include:
o Secure and monitor your cloud environments and remote working applications
o Increase monitoring to identify threats from shadow IT
o Analyze behavior patterns to improve detection content
e. Finding the right cyber security partner: To be ready to respond identify the right partner with experience and skillset in Social Engineering, Cyber Response, Cloud Security, and Data Security.
Critical actions to address
At this point, as the organizations are setting the direction towards the social enterprise, it is an unprecedented opportunity to lead with cyber discussions and initiatives. Organizations should immediately gain an understanding of newly introduced risks and relevant controls by:
a. Getting a seat at the table
b. Understanding the risk prioritization:
o Remote workforce/technology performance
o Operational and financial implications
o Emerging insider and external threats
o Business continuity capabilities
c. Assessing cyber governance and security awareness in the new operating environment
d. Assessing the highest areas of risk and recommend practical mitigation strategies that minimize impact to constrained resources.
e. Keeping leadership and the Board apprised of ever-changing risk profile
Given the complexity of the pandemic and associated cyber challenges, there is reason to believe that the recovery phase post-COVID-19 will require unprecedented levels of cyber orchestration, communication, and changing of existing configurations across the organization.
For many leaders, the first steps they take during this phase will be informed by the necessary series of adjustments they enacted as the crisis erupted and came to a head. For others, it will mean recognizing the missteps taken during the response phase for what they were — and committing anew to continuous improvement.
There is limited precedent into how COVID-19 will impact our technology-reliant business world. Leaders in cyber needs to weigh-in on and continually assess the rapidly evolving risk landscape. Post-COVID, we believe following are the major areas which organizations need to emphasize on from a cyber-standpoint, during potentially protracted recovery period across the globe.
a. Remote work and strain on IT resources: Majority of workforce transitions to remote
b. An uptick in phishing and hacking: Hackers are taking advantage of the current climate
c. Security implications: Relaxing risk tolerance for VPN, third parties and cloud first approach
d. Insider and external threats increase: Need for increased monitoring both internally and externally
