Covid 19 pandemic has created limitless new opportunities for cybercriminals posing multiple new challenges to cyber security professionals which include but not limited to the below:
- Considerable increase in the number of registered fake domains on the Internet that contain the terms: “coronavirus”, “corona-virus”, “covid19” and “covid-19”. Cybercriminals are creating thousands of new sites every day to carry out spam campaigns, phishing or to spread malware
- Countless new malware, spyware and Trojans embedded in interactive websites. Significant increase in phishing/spear phishing attacks constituting 60% – 70% incidents faced by enterprises today
- Endpoint based attacks have significantly increased due to increased remote workforce
- Data expansions have created the need for integrated data governance. Data is everywhere and accessed by everyone. How do we protect it? Achieve governance? The problem here is technological limitations and challenges
- Employers have started deploying surveillance apps and programs to monitor employee productivity and wellbeing. With the amount of data getting collected could there be any potential privacy concerns
- Surveillance apps and programs to monitor employee productivity and wellbeing This will increase the amount of data to be protected for enterprises
As it becomes evident that remote working is likely to become the new normal for 2021 and years ahead – may not be by choice, how prepared are organizations from cybersecurity perspective? What measures should be put in place for cyber security threats and risks that spawned with the new WFH culture? Are the enterprises ready to deal with these emerging security threats? The answer is Yes and No. Enterprises with higher adoptions of digital & cloud technologies have been more prepared for Covid 19 than the others, from a ‘ready-to-securely-remote-work” point of view. Up and running remote was just part of the problem; many enterprises achieved it in weeks. But reduced risk, comprehensive, secure remote working needs continuous measures, monitoring, enhancements and improvements.
How do organization see their future, and what should be the top 10 design priorities and security controls?
- More rigorous risk assessments – not just to clear compliance audits but to achieve comprehensive security measures. Customize & refresh your existing risk assessment framework & BCP / DR plans to address the threats and challenges presented by 2020. Include fine-grained cloud security controls (ISO 27017 & 27018 will be good starting measures), IoT security, NIST, CMMC, data protection controls, secure remote working checklists, BCP & DR drills should be part of the revised risk assessment approach. Keep checking BCP DR status and conduct drills.
- Anti-Phishing measures: It is impossible to detect and prevent all phishing & social engineering attacks. This creates an increased demand than ever for Advanced AI-based anti-phishing tools, phishing training that is contextualized for your organization’s structure, operations, supply chain and business model. employee training & awareness, regular phishing drills are also of paramount importance.
- Mobile and endpoint security: Attackers can easily gain access to an insecure home network and move laterally throughout the corporate network or cloud services. Mobile security aspects will need more and more attention. Device availability, BCP/DR drills, secure remote working aspects with all models/versions tested for content, access and email security should be part of information security strategy & continuous improvement plans. Investments into advanced endpoint protection tools, EDR & XDR, MAM are a must.
- Hybrid cloud security: Secure remote working demands more cloud adoption to fulfil the growing demand for instant collaboration, thus moving more and more sensitive data onto the cloud. Cloud security and seamless technological integrations for hybrid cloud environments is a further challenge. Cloud readiness with Cloud-native security measures may not be enough to protect your organization assets. Prioritize cloud readiness with advanced security measures – next-gen FW & WAF, Sandboxing, anti-phishing, automation, container security, API security, CASB etc.
- Zero trust is the need of the hour: The increased remote workforce of 2020 demonstrates the need for a new approach to keeping enterprise assets and data Safe. To safely and quickly authenticate 3rd party users, automated data and system access controls that are user and endpoint behaviour based and network-aware security controls. However, achieving zero trust access is easier said than accomplished. It involves architectural changes and careful planning and refactoring of network & application’s AAA measures. Revisit your network design and introduce flexibility for access controls at perimeter level through SDN, micro-segmentation.
- Content and context-aware security controls are essential when you digitize your enterprise as traditional measures are inadequate and unprepared to protect sensitive data against advanced attacks. Data access cannot be restricted any more so focus on implementing content-aware DLP, data classification, MDM, MAM that are offered by many security partners now out of the box.
- Edge-based security techniques to be considered while making product choices & design decisions. Edge computing lets enterprises to process and store data coming off the line in realtime and thus significantly improving response times and better adherence to geographical compliance restrictions. There will be more and more adoption of edge computing in the coming years. Enterprises should include edge into their security strategy – authentication/access controls / Data protection/threat hunting & prevention at the edge as the first line of defence.
- Effective config/patch management: No need to patch everything; define a vulnerability prioritization approach that is customized to suit your enterprise’s nature of the business, geographical spread, network design—key Focus to be given to the vulnerabilities that are actually exploitable. Move away from periodic vulnerability assessment-based patching and use eternal threat intelligence, attacker activity and asset criticality to provide a better view of real cyber risks for effective patch management.
- Human Risk Analytics: Human factor is often beyond all cybersecurity investments and cyber threat prevention techniques. Security strategy should also focus on this uncontrollable element. The need of the hour is threat prevention tools that take human behaviour into account and go beyond monitoring typical user activity such as – which websites a user is visiting, or if the user is using an unencrypted drive, which clouds shares are being accessed or which files are uploaded. Maintain a Realtime risk profile of each user and endpoint and feed this knowledge into vulnerability, incident and patching prioritization.
- Keep in mind the new norm –. Bring It all together. Focus more on intelligence / AI-driven cybersecurity technologies – there is no other way to prevent advanced persistent/zero-day attacks. Be it for emails protection, endpoint protection or data on the cloud. Proactive threat hunting using advanced TI feeds, automation for faster response & resolution times and automated privileged accesses/management/monitoring/recording
(Image Courtesy: www.en.pango.co.il)