Preparing for New normal -Cyber Security Perspective

These days, complete businesses have shifted from the conventional cubicles to Work from Home due to COVID-19. We are also seeing substantial increase in losses due to cyber-attacks and board raising concerns on cyber security. The concern of board on cyber control is obvious since usage of technology has increased and instead of physical operation, online digital business operation model is being adopted. In online business connected over network there is inherent risk and opportunity of cyber-attack. Adding to this threat, is the increase in likelihood to attack considering economic downturn, lower employee sentiment, economic pressure and weakness in IT cyber security environment in many organizations. All this give perfect combination for cyber-attack.  We accordingly are therefore seeing substantial increase of cyber-attack including ransomware attack. To give some view Trend Micro detected roughly 50,000 phishing detection related to office 365 and outlook between January and April 27, 2020 alone. In India The Kaspersky Security Network (KSN) report shows that its products detected and blocked 52,820,874 local cyber threats in India between January to March this year (1). Also, cyber security firm Checkpoint found 4,000 corona virus-related domains, of which 3% were sources of malicious attacks and another 5% were considered suspicious. There is a thus new vulnerability everywhere. (2)

According to recent cyber security incident reports, apart from BFSI sector increasingly we notice that the Manufacturing Industry being consistently featured among the most frequently targeted industries. 4 in 10 manufacturers surveyed that their operations were affected by a cyber incident in the past 12 months. In fact, Corona virus-themed cyber-attacks have now been confirmed in every country in the world. Viruses have spiked on a year-over-year basis, rising 17 percent in January, 52 percent in February, and 131 percent in March,2020(2). Also, on June 20 ,2020 the Indian Computer Emergency Response Team (CERT-In) had warned that there could be major phishing attack, wherein millions of Indians could be targeted by fake emails, social media posts or texts messages, which promises free Covid-19 testing across India.

So, what’s the solution?

As per NIST cyber security framework which is designed for individual businesses and other organizations to manage cyber risks they face. There are 5 functions that have been laid down for cyber security, they are Identify, Protect, Detect, Respond and Recover.

We may use the framework as basis and leverage same for preparing for new normal from a cyber security perspective. Broadly however this need to be aligned to overall Enterprise risk management framework and integrated view should be taken. Holistic approach needs to look at the overall Cyber control environment. It may cover element of Cyber Governance, Cyber Strategy, Cyber Risk Assessment, Cyber security control Implementation and continuous monitoring and Improvement across the entity, business unit, functions including third party and external environment.

Following are a few suggestions:

  • Cyber Governance: Cyber Governance can be achieved by a well-defined business aligned framework, covering long term and short vision and plan. WFH requires re-look at cyber management based on change in IT asset inventory to cover the increase usage of remote devices, cloud services and distributed network. It requires redesigning Roles and Responsibilities and KPI based on new way of working. It entails re-looking and changing some policies, standards and procedure of managing business, aligning cyber security policy, procedure in comprehensive manner covering varied IT asset including endpoint, enterprise application, Infrastructure platform, network and Data management across the corporate environment. 
  • Cyber Strategy: Organization may consider need to prepare and update cyber strategy based on emerging business strategy to meet the current and future plans. Performing regular analytics to identify new threats and the likelihood of threat due to digital business operation model is required. They are need to update data leakage prevention programs to cover the risk of work from home and increased access outside the existing security build. Creating a mobile device management program covering the aspects of online business, social media, access over larger number of remote mobile devices including online meeting platform need to be considered. Also, there is increasing requirement to educate the employees about the array of threats they face: phishing attacks, malware, virus’s scareware, spyware, worms, misleading applications that are downloaded on endpoint systems etc.
  • Cyber Risk Assessment: Organization may consider to align cyber risk with Enterprise risk management framework. For same they can review Cyber risk assessment program and perform cyber analytic. They can re-look at incident response playbooks and adapt necessary activities or steps for risk management of digital and remote working model. Risk management in specific may cover cyber control to manage and monitor how business teams are collaborating remotely, ensure employees are notified and aware of the tool’s usage processes, risk and cyber controls.
  • Implementation of security: It involves actual implementation of cyber control, regular review and monitoring of the same and taking a corrective action and thus being always vigilant. In specific it may require an increased attention to user identity and access management to have well defined revised roles and access and allowing only verified and authenticated devices and users with multi-factor authentication to access network system, enterprise applications and data. For network security using of VPNs or cloud-based home office solution for VPN (based on adequate risk analysis) can provide some control. Enforcing encryption including end to end encryption based on risk assessment may need to be considered. Revised WFH security policies, methods, and processes and in specific for Geo-specific data privacy may be required to be implemented and monitored in much holistic manner. Antivirus updation and extending patch management to all remote devices and endpoint also need to be additionally considered.
  • Continuous monitoring and Improvement: Having well defined controls, measurements and reporting mechanism is not a choice now. The control monitoring and reporting should cover all enterprise technology layers i.e. data layer, endpoint layer, network layer, application & hosting layer and monitoring & responding layer. In specific view should be taken for System and data access to partner and supplier systems and data, communication and collaboration tools, productivity tools etc. All should be regularly monitored and responded by continuous improvement and thus taking leap toward building resilient cyber solution.

 Thus, organization may need to consider a revised, improved and better approach to manage the ever-increasing cyber risk specifically when some casualness comes with relaxed homely environment and they are inherent security risk in digital and remote work aggravated with economic pressures both internal and external. Thus, the only way to address the risk is by adopting cyber governance, strategy, security implementation, monitoring and improvement of it on regular basis.

References:

1 https://ciso.economictimes.indiatimes.com/news/37-increase-in-cyberattacks-in-india-in-q1-2020-report/75962696 2 https://blog.checkpoint.com/2020/03/05/update-coronavirus-themed-domains-50-more-likely-to-be-malicious-than-other-domains/ 3 https://www.businessinsider.in/tech/enterprise/news/hackers-have-hit-every-country-on-earth-with-coronavirus-themed-cyberattacks/articleshow/75056584.cms

Co-author :Raghav Khattar, VIT-B-Tech 4th Year

Digital & Risk Management Leader with Digital, Risk Consulting & Auditing strengths. Nature-lover. Mom. Views / RT’s are personal.

Site Footer