James Thew - Fotolia
Addressing the expanding threat attack surface from COVID-19
CISOs need to ensure they and their security teams are aware of the new threats created by many businesses expanding their attack surface with many employees still working remotely.
The COVID-19 pandemic has kept CISOs busy since March 2020, as they were pushed into addressing immediate threats with large workforces moving into remote working in a very short time. There was an intense spike in the number of cyberattacks such as phishing and malware exploiting the fragility and inadequacy of the infrastructure that could support remote working, as is indicated by the U.S. federal report. Not only did the attack surface expand, but several new ones also came into play as corporate IT assets extended into home networks.
Fortunately, the intensity of attacks has reduced since March. CISOs did multiple things -- recalibrated use cases, improved monitoring and cadence, redesigned the security architecture for remote access and more.
As we settle down to living with the pandemic, it is time for CISOs to think about how this will affect their organizations' security strategies in the long term. The threat landscape is not only expected to expand but will bring new challenges.
New, dominant and urgent threats
Let us examine the increase in scale as well as the nature of risks resulting from the pandemic. Anxious to know more about the virus, people began to download apps from coronavirus-related domains, exposing their devices to malware attacks. A research team from Anomali, a U.S.-based cybersecurity company, recently found 12 Android applications that were carrying malware disguised to look like an official government contact tracing app. Google recently reported that its Threat Analysis Group has been detecting 18 million malware and phishing Gmail messages a day related to coronavirus.
The changing threat landscape has made it essential for organizations to assume zero tolerance toward poor IT hygiene. Steps such as SLAs for patch management, ensuring coverage across all operating systems and applications, and having mechanisms to ensure constant visibility of vulnerabilities are critical. The other important aspect is to improve the comprehensive coverage of IT assets through extensive scanning and monitoring. Simultaneously, organizations need to implement a borderless security architecture that prioritizes zero-trust network access, identity and access management and securing endpoints.
Given that these changes are here to stay, organizations will need to take concrete steps to prepare for the future of the workspace. Moving intelligence to the cloud can help in strategizing for a hybrid work model. Over time, they will need to build the required cyber resilience through robust governance and cadence models.
Let's look at the key macro steps that organizations must take to combating the new threat attack surfaces.
Prepare for new mandates
Companies must be prepared for new government mandates around data disclosure for combating the pandemic by reviewing their data privacy programs. Data-handling practices may likely be relaxed to support research and tracking of the pandemic. Organizations need to meet the new mandates without jeopardizing their data. For this, knowledge about the kind of data being handled, on which systems or applications and by whom is critical to ensure appropriate cybersecurity controls are implemented.
Move to the cloud
While organizations worry about safety on the cloud, it can act as the filter to identify and keep away malicious infiltration. Cloud infrastructure and services use algorithms and machine-learning techniques to identify malicious activities that can be counter-attacked before they impact the organization's critical services. Appropriate cloud-based services and a virtual desktop infrastructure can decongest a busy and dispersed grid, allowing security professionals working from home to conduct real-time security exercises.
Build cyber resilience
The experience of COVID-19 brought to the fore challenges which even the most mature business continuity practices could not address. What started as immediate crisis management has now transpired to become a business-as-usual norm. There is no knowing when, how and from where your next cyberattack will occur. Operations cannot continue smoothly unless data and applications are protected and made available to employees 24/7, such that their day jobs and global client interactions remain secure and uninterrupted, irrespective of their work location.
Organizations need to be secured by design with a comprehensive mitigation plan that can forestall attacks or create a defense that protects the entire organization and not just the point of attack. Robust anti-APT (advanced persistent threat) infrastructure, together with user entity Bbhavior analytics, advanced threat intelligence platform, threat hunting capabilities and a 24x7 cyber defense center can help detect threats early in their lifecycle, enabling prevention mechanisms to improve the cybersecurity posture as a whole.
Industry-wide efforts are on to find new cybersecurity standards that companies can follow. For example, The National Institute of Standards and Technology under the U.S. Department of Commerce is working in collaboration with The National Cybersecurity Center of Excellence to provide a reference architecture that will help healthcare delivery organizations using telehealth capabilities address related security risks.
Bring the security culture
Employees are the weakest point in the security paradigm, as a single click on a malicious link can jeopardize the entire corporate framework. Therefore, it is essential to inculcate a security-first attitude among employees, training them on best practices such as learning to identify suspicious links, not using prohibited services, etc. Employees need to consider themselves as guardians of the organization's assets. The role of senior management plays an important role in bringing this change. Organizations must place cybersecurity as an integral part of their strategy, incorporating it in every function, design, and architecture if they want to win the game against cybercriminals.
Find the right talent
A recent ISC2 study reveals that globally there is an estimated 4.07 million workforce gap for cybersecurity professionals alone. As CISOs expand their teams to cope with the challenges presented by the pandemic, they will need to look for new skill sets and different levels of experiences, as security protocols followed in the pre-pandemic era are no longer viable options. The need of the hour is to find people who have a wide range of skills and can solve challenges with creativity and ingenuity.
CISOs need to evaluate their existing teams, identify the areas where they have gaps and define a talent strategy to hire, train or retrain employees -- or even partner with other organizations -- to meet their security needs.
About the author
Vishal Salvi is senior vice president, chief information security officer and head of the Cyber Security Practice at Infosys. He is responsible for the overall information and cybersecurity strategy and its implementation across Infosys Group. He is additionally responsible for cybersecurity business delivery, driving security strategy, delivery, business and operations enabling enterprises' security and improving their overall posture. Salvi has over 25 years of industry experience in cybersecurity and IT across different industries. Prior to joining Infosys, he performed various leadership roles in cybersecurity and information technology at PwC, HDFC Bank, Standard Chartered Bank and Global Trust Bank.
