Monitoring, Monitoring and More Monitoring Is the Survival Mantra

The widespread impact of Coronavirus (Covid-19) is now showing signs of stress both on the society and economy. With such a dynamism in the situation, it has the potential to be as disruptive, or more, to organizational business continuity, cyber intrusion and digital disruption.

Even according to various industry stalwarts, CIOs and CISOs should focus on three areas in the short-term to have better resilience against disruptions and possibly prepare for the post Covid-19 situation.

In the series, I had been speaking to a vast variety of security and technology leaders almost every day. Last week I spoke to Akhil Verma, CISO, Airtel Payments Bank. And following are his views on the key issues.

This is a tough and most unpredictable situation for every security professional. Not only we are supposed to keep the lights on but also help business run the show as if nothing untoward has occurred.

At this time, we are supposed to take some tough, some futuristic and some tactical measures to keep the show going.

Some of the below mentioned measures may help organizations and CISOs to cope up with the existing crisis situation.

Human safety and continuous engagement: Ensuring the safety and well-being of the employees is the topmost priority of any organization in such a crisis. As many of you would be doing, a ‘war room’ should be created to deal with all possible scenarios and separate counselling desk should be setup to take care of both emotional and health needs of employees. We need to be empathically connected to the teams and the larger base of employees. The line managers and HR can be of great support.

Revisit strategy for business continuity: The second area of importance is how to keep business as usual. Traditional BCP approach proved to be of no use in this crisis. Organizations were compelled to review business continuity strategy to deal with this sudden outbreak of pandemic. We have to prioritize the key business processes first to run the show. Based on the preliminary assessment, the areas of high vulnerability for delivery of critical business products and services should be identified and then a strategy should be made to deliver on those.

Dealing with remote connectivity and work from home scenario: Last one month has proved that none of the businesses, whatsoever, were prepared for such a lockdown. Thus enabling 100% workforce to work from home came out as the biggest pain point for both the IT and security professionals from the enablement and security points of view respectively. Even during the normal times, the bad actors continuously look for weaknesses, vulnerabilities and loopholes in the system, and if found, then we doomed. Organisations should be extremely cautious while enabling remote connectivity and it has to be done only after a proper review. There should also be continuous advisories issued to all employees using remote connectivity to work from home. The recently disclosed issues in Zoom Video Conference solutions are a matter of great concern and should either be avoided or safeguarded against. I personally feel a strong review mechanism of all remote connection and access solutions, especially to the critical infrastructure, need to be scrutinized by multiple teams and multiple times.

Digital and cyber risk: Even in a normal scenario the issues of digital and cyber risks are increasing every passing day. And in the existing situation it could hit even more adversely if taken lightly. Many attacks, ranging from social engineering to DDoS have increased in the last one month. To keep these attacks under check there should be continuous advisory and awareness sent to the employees with regards to spamming, scams and phishing emails. Phishing is one of the most prolific attacks currently and could become catastrophic if it gets materialized. Apart from this, there should be increased monitoring of critical infrastructure, staggering of duties and backup plan for any eventuality. SOC monitoring should be more focused and under continuous review of all the network traffic.

Plan for recovery now and not later: There would be the day when the situation will be normalized. For rollback/recovery from this stage to normal operation should be well thought of now and not left for the future. Due to increased requirement of work from home, organizations are opening various policies at network level. If not properly planned then there could be chance that these could be missed during roll back time and might create threat to the organization.

(Disclaimer: The views expressed below are entirely personal and have no bearing on the organization that the author represents. Further, the views are based on his personal understanding of the industry scenario.)

(Image Courtesy: www.firstdraftnews.org)

Leave a Comment

Your email address will not be published.

You may also like