Revisiting Information Security areas during Pandemic COVID 19
Ajay Upadhyay
Information Security Expert / Cyber Security Enthusiast CISSP, CISM, CRISC, CCSP, CEH, CISA
During the pandemics, organizations are focused on employee health and business continuity, “Take preemptive steps to ensure the resiliency and security of your organization’s operations as attackers seek to exploit human nature and nonstandard operating modes.” Gartner had recommended these prime security areas to focus. In a sea of overwhelming priorities, security and risk teams should focus on these security areas:
1. Ensure that the organization’s incident response protocols reflect the altered operating conditions and are tested early Given that most of the security and risk team is now operating in completely different environments and mindsets, incident response plans and protocols might become obsolete or need to be adjusted. Even incidents that would normally be well-managed risks can become bigger issues if the team can’t respond effectively. Begin by reviewing the response team. Ensure that primary, secondary and alternate roles are filled and that everyone has access to the equipment they need to be effective. It is time to review SLAs for the service tickets, Escalation Matrix and response times of first and escalated response times for incident response. This is also a good time to reach out to suppliers to see what hardware they have and whether you can get it to the right people if needed. Review all documentation and conduct a walk-through with a careful watch for any problem areas. If the organization does not already have an cybersecurity incident response capability, consider using the services of a managed security service provider instead of trying to stand up a new system.
2: Ensure that all remote access capabilities are tested and secure and endpoints used by workers are patched Given how quickly most organizations found themselves moving to remote work, it makes sense that security teams would not have had time to perform basic endpoint hygiene and connectivity performance checks on corporate machines. Further complicating the matter are employees who are working on personal devices. Ensure that corporate laptops have the minimum viable endpoint protection configurations for off-LAN activity. Security and risk teams should also be cautious with access to corporate applications that store mission-critical or personal information from personally owned devices. Make sure someone from the security team is part of the crisis management working group to provide guidance on security concerns Where possible, they should confirm whether personal devices have adequate anti-malware capabilities installed and enabled. If not, they should work with the employee and their corporate endpoint protection platform vendor to ensure the device is protected as soon as possible. Other mechanisms such as software-token based multifactor authentication will also be useful to ensure only authorized personnel have access to corporate applications and information remotely.
3: Reinforce the need for remote workers to remain vigilant to socially engineered attacks The reality is that employees will have more distractions than usual, whether it’s having kids at home, worrying about family or concerns about their own health. They’re also operating in a different environment, and might not be as vigilant about security during a time where cybercriminals will exploit the chaos. Make sure you reach out to senior leaders with examples of target phishing attacks, and alert employees to the escalating cyberthreat environment. Remind them that they must remain focused and hypervigilant to suspicious activities. If appropriate, send out reminders every two weeks and remind them of the location of pertinent documents such as remote and mobile working policies, as well as where they can access security awareness training material if they want a refresher. Further, clearly communicate who to contact and what to do if employees suspect a cyberattack.
4: Ensure security monitoring capabilities are tuned to have visibility of the expanded operating environment The sudden relocation of much of the workforce (including security and risk management teams) to remote locations creates the potential for cybersecurity teams to miss events. Ensure that your monitoring tools and capabilities are providing maximum visibility. Check that internal security monitoring capabilities and log management rule sets enable full visibility. If using managed security services providers, check in to make sure they are adapting their monitoring and logs in a manner that makes sense for the new operating landscape.
5: Engage with security services vendors to evaluate impacts to the security supply chain The changes in the security landscape won’t just come from your own organization. Be aware of what your partners and supply chain are actively doing with regard to security that will affect your organization. Confirm how they will be securing collected data and information from the business. Remember that each of these organizations has their own people to worry about and their own business concerns. Ask questions about where third-party organizations might fail to deliver on promised security services.
6: Account for cyberphysical systems security challenges COVID-19 is stressing many pieces of the economy, from hospitals and healthcare to delivery services and logistics. This extends cybersecurity concerns to cyberphysical challenges, especially given the increase in automated services and systems. For example, a robot in a hospital will help reduce the human workload, but must also be deployed safely. In the legal world, firms are asking employees to disable smart speakers and voice assistants. Security and risk teams should focus on ensuring foundational CPS/OT security hygiene practices such as asset discovery and network segmentation, and evaluating the risk of fixing a vulnerability against the risk, likelihood and impact of an attack to prioritize scarce resource deployments.
7: Don’t forget employee information and privacy Organizations may collect employee information that relates directly to the COVID-19 pandemic. For example, organizations might want to record when an employee visits a risk area or is home with an illness. First, all this information is subject to laws and industry rules. Beyond that, organizations should seek to collect the least amount of information possible, ensure it is factual and store it in a secure manner. This information should be disclosed only when required by law and within the organization only on a need-to-know basis.
Here are the few Frequently asked questions about Cyber Threats in rise and handling techniques during COVID 19 1. What are some basic tips to avoid scams and security threats during Covid-19? Answer: While the Covid-19 crisis is putting a spotlight on security scams, there are some key things you should always do to avoid scams and cyber security threats:
- Always look out for phishing, and be careful about clicking links in unsolicited emails or text messages. Phishing and scamming are intended to trick you, so often, the messages look genuine. Hackers aren’t just targeting corporate email accounts – they’re also sending messages with malicious links to personal email addresses and even to phones in text messages. Before you click on anything, make sure it is a legitimate link.
- Install the updates on your devices. If you’ve been ignoring that pop-up about updating your phone, don’t! Install it now. Many updates for phones, tablets, and laptops include patches for known vulnerabilities. In other words, they prevent hackers from using outdated software on your devices to get access to your device or information.
2. How do I identify fake websites, scam calls, fake stimulus and phishing emails used to promote bogus Covid-19 related products? Answer: Be skeptical of any unsolicited outreaches. The saying that “if it is too good to be true, it probably is” applies with scams and phishing. Avoiding fake websites and avoiding phishing emails are similar in that for both, you want to (1) look for clues that they are fake and (2) if you're suspicious or just want to be cautious, type in the website name or phone number you know to be correct rather than clicking/calling back. This government website is a great resource to help understand trending consumer scams, identify them and be better prepared to mitigate any risk.
3. What are best practices for securing online conferencing services? Answer: As many businesses utilize online conferencing services for both work and school, bad actors are taking this opportunity to gain access. The easiest and most effective way to protect yourself is to make sure that you add a password when you organize a call. Most major services give the option to set a password, but it may not be turned on by default.
4. Shopping is more prevalent online in the age of social distancing. What are some of the ways I can keep my personal and financial information safe? Answer: There are several things you can do to protect yourself when providing payment information online.
- Ensure that you are actually dealing with the correct vendor. As stated above, phishing is increasing as an issue and before you execute any transaction, check the web address to make sure it is valid.
- Do not pay with a debit card if possible. A debit card provides direct access to your bank account, while credit cards may offer more protection.
- Enable multi-factor authorization. Again, it may be a hassle, but it drastically reduces your exposure to an issue.
- Avoid performing financial transactions over unsecured public Wi-Fi networks.