In these trying times, the issues in cybersecurity are changing. Some emerging key themes we are seeing as consultants are:
- A suddenly remote workforce
- An acceleration in digital and cloud transformation
- A surge in cybercrime related to COVID-19
How does having a robust security framework with well-defined policies enable companies to react quickly when a major disruption occurs?
It is always better to take a programmatic approach than to take an ad hoc approach. It takes more time up front to plan, but in the end, it helps create a more proactive program and reduces the risk of major gaps with the security posture.
Many organizations have to abide by security as well as privacy requirements - it is really about data governance and management. Companies need to understand what data is the most critical and sensitive, where their data is, with whom it is shared, and how it is protected.
Using an industry standard security framework in which to base your program upon along with sound risk management principles and information risk management frameworks, helps organizations to define significant risk areas, apply appropriate controls, and spend the money where it is going to have the greatest impact to the organization. This will also help align with vendors, partners, suppliers, customers, and auditors by having a common baseline of governance and controls to facilitate communication and improve collective risk management. When a major disruption occurs, organizations that understand what data needs to be protected and available, may have to adjust safeguards, but effort will be significantly less.
As we emerge into the post-COVID world, what changes will companies make that will make them more resilient and secure?
Well for one thing the teleworking scenario / global pandemic scenario will now be covered within their response and recovery plans. It will also enable organizations to step back and think about scenarios that they have previously thought were not likely. Shifting to a remote workforce and enabling that culture even post-COVID-19 means that organizations will need to change. They will need to update:
- business continuity plans (BCP)and disaster recovery (DR) plans
- incident response plans and detection capabilities
- capacity management plans
- Processes to access internal as well as external data to gain insight on threat intelligence.
Cyber criminals are very opportunistic and will take advantage of the pandemic. It seems that many threats sit “outside the firewall” - how must organizations respond?
There are the basics that organizations should have in place to protect against threats outside the firewall - backup and recovery, centralized log management, incident response, configuration management, inventory management, least privilege, secure administration, strong authentication, resilience, and threat intelligence. However, focus must be placed upon:
- Monitoring digital assets for malicious behavior: Expand the monitoring strategy to align with the new external footprint.
- Protecting sensitive / critical data: what devices are remote employees using? Can the data be protected?
- Ensuring compliance: Organizations still need to maintain security and privacy compliance. That means evaluating the threats “outside the firewall” and determining adjusted controls to sustain that compliance.
- Training users: Phishing attacks are definitely on the rise. There are a lot of opportunities for the bad guys – clicking on guidance to get into enterprise resources, ransomware attacks on overstretched hospitals, and people who need government assistance.
We are speculating that we will see an acceleration in cloud-based initiatives. What must our customers begin to think about as they move workloads and storage off-prem?
Cloud-based initiatives are certainly expanding. Cloud is on the rise and thank goodness it was already here and gaining adoption before this pandemic or this could have been a more challenging transition for many organizations. Even so, it does increase the attack surface. Organizations need to think about the architecture of the cloud network, data that is being accessed from the cloud, and the access each user should have, based upon the data, architecture and the device that they are accessing the data from. If organizations are not prepared to consume cloud services with these and other factors, including robust monitoring and enforcement, built into their cloud strategy, security gaps may exist.
I would guess right now a lot of IT teams are focusing on the sheer scale of connectivity alone. What advice can we be giving our customers on looking at the bigger picture?
Having plans, strategies, and testing those are key to being prepared in the future. Organizations should document / improve major programs using risk management principles and ensuring compliance including:
- Governance, monitoring, and enforcement
- Vulnerability and threat management
- Detection capabilities
- Response capabilities
- BCP / DR capabilities