santiago silver - Fotolia
Developing a cyber resilience plan for today's threat landscape
A cyber resilience plan should complement a company's cybersecurity strategy so that the security culture and cyber hygiene is thought through in all IT and cybersecurity initiatives.
The COVID-19 pandemic has given cyber criminals a unique operating environment to prey on a remote and vulnerable workforce in a world that was already worried about cybersecurity in an increasingly digitally connected environment. Organizations are facing an array of weapons -- COVID-19-themed ransomware, remote desktop protocol exploits, scam URLs and spam designed to lure remote workers into mishandling external correspondence. In mid-April, Google reported that it was blocking over 18 million malware and phishing emails related to COVID-19 every single day!
Until now, companies have hoped that personal cyber hygiene followed by employees would keep them out of trouble. Clearly, that approach hasn't worked very well. McAfee's Threat Dashboard shows over 1.52 million detections of malicious threats in over 5,200 organizations between Jan. 2 and July 28, marked by sharp increases since March. It may be hard to find a silver lining in this, but the pandemic has indeed given organizations clarity of the future and a vision to focus on.
Frictionless security -- balancing control with convenience
Since global workforce members were dispersed into their living and dining rooms, organizations have encountered a dynamic threat landscape with exacerbated risk factors, making it essential for CISOs to think of an approach that emphasizes resilience. During the pandemic, cybersecurity incident response teams are likely to operate remotely, making existing protocols obsolete or inadequate. Organizations need to first adapt their cybersecurity incident response protocols to reflect the altered operating conditions and then make all relevant documents available at a central repository.
Endpoints and email remain the two most common factors in cyberattacks
But both became more vulnerable with less secure teleworkers during the pandemic. Distracted by the anxieties created by a departure from normalcy, workers are more vulnerable to ransomware attacks through business email compromise, malicious attachments or clicking on phishing links.
Endpoint protection is a cyber hygiene factor which becomes the first default step to be considered while enabling remote access. Ensuring that all corporate-provided work devices have a minimum viable endpoint protection configuration for off-LAN activity, including strong passwords, multifactor authentication, encrypted communication, up-to-date software, security patch updates and Data Leakage Prevention detection rules is next. Enterprises might also want to consider cloud-managed endpoint protection solutions as on-premises systems don't always provide management visibility for remote laptops. Ensuring all systems are able to have the latest operating system, application and security patches at all times is critical even if they are remotely connecting from home.
Access control is a critical hole to plug
Corporate devices without adequate endpoint protection and nontrusted personal devices should be kept off the network until secured. All access to critical systems should use software-token-based multifactor authentication. An audit of all privileged user accounts should also be undertaken, followed by suspension if not directly related to mission-critical systems. Data security is even more critical now in the face of tightening data privacy regimes. Ensure that necessary protections are in place for most critical data sets first before leveraging data encryption and cloud access security brokers to reduce data-security-related risk exposure arising from your remote workforce.
Data leak scenarios should be tightened
Plug issues where users still continue to have local administrator privileges and USB access to endpoints. It would also be appropriate to enforce routing of all internet traffic from the endpoint -- operating at home internet -- through corporate infrastructure so that standard corporate internet content filtering continues to apply; and this in tandem with disabling split tunneling on endpoints. Disabling data copy/paste and print screen possibilities in remote access environments can help prevent possibilities of data leakage due to control weaknesses and user-initiated actions.
Workforce as a line of defense
Digital resilience involves multiple threads -- where employees work, the tools they use, how they are managed and how they are motivated -- none of which can be treated in isolation. Workforce digital resilience is best nurtured in an engaging and intuitive digital workplace environment, which boosts employee digital dexterity. Any attempt at building a culture of cybersecurity begins with employee awareness and training.
Communicate frequently to all staff about escalating cyber threats
This will keep them focused and vigilant to phishing emails and other suspicious communication. Empowering them with company policy and FAQs on remote working, apart from clear guidance on what to do and whom to contact, if they experience a suspected compromise, will help with the response speed. Most importantly, security awareness training relating to cyberattacks, as well as how to set up secure home networks and physically secure devices, should be undertaken. In addition, cybersecurity teams must also create internal phishing campaigns to make users keenly aware on the possibilities of being targeting through phishing emails.
In most situations, IT and cybersecurity teams will be overwhelmed under the strain of sudden workload to be completely effective. The current pandemic is setting the precedent for the future of work, and consequently, cybersecurity of the workplace. Enterprise leaders who can steer their organizations toward cyber safety amidst new ways of working, are likely to be the ones who will keep their jobs in these turbulent times.
A well-thought-out and periodically tested cyber resilience plan is necessary
Having a plan in place will help businesses tackle any short- and long-term eventualities. Scenario-based test drills on a frequent basis would help ensure all relevant stakeholders are aware of how issues will play out and how to act on them in a scripted manner to minimize the impact of the cyber event.
All in all, the cyber resilience plan must clearly complement the cybersecurity strategy of the organization so that both security culture as well as cyber resilience is thought through in all IT and cybersecurity initiatives as a default expectation.
About the author
Vishal Salvi is senior vice president, chief information security officer and head of the Cyber Security Practice at Infosys. He is responsible for the overall information and cybersecurity strategy and its implementation across Infosys Group. He is additionally responsible for cybersecurity business delivery, driving security strategy, delivery, business and operations enabling enterprises' security and improving their overall posture. Salvi has over 25 years of industry experience in cybersecurity and IT across different industries. Prior to joining Infosys, he performed various leadership roles in cybersecurity and information technology at PwC, HDFC Bank, Standard Chartered Bank and Global Trust Bank.