COVID-19 has forced business leaders to adapt operating models faster than ever. The large-scale adoption of work-from-home technologies, exponentially greater use of cloud services and explosion of connectivity allow companies to continue operations even with social distancing and process “stay at home” orders.
However, more use of technology will obviously bring more data security and cyber-security responsibilities. Every organization should be prepared for a Zero day and its not just the big players anymore, the smallest businesses also get affected by this but since the news is not that big it never reaches the surface.
CISOs and their Cybersecurity teams are facing extreme challenges:
- Working from home has opened multiple vectors for cyberattacks because of the dependency on personal devices and home networks.
- Social engineering tactics are even more effective and seem to work more due to the panic caused by the Covid-19 situation.
- Critical business assets and functions are significantly more exposed to cyber attacks and internal attack surfaces and properties have become easier to reach by the attackers.
- Public-sector services such as hospitals and healthcare services are under serious pressure and have been hit particularly hard by new types of ransomware aimed at disrupting connectivity and denial-of-service attacks.
- SOC’s by design are made to monitor anonymous behaviour but now since everyone is anonymous and out of the assigned network which forces the resource requirement to be doubled.
To create effective conversations between business leaders and Chief Information Security Officers (CISOs) below are a few key points which can be followed!
- Clearly define roles and responsibilities related to cybersecurity and make sure it is communicated at every level of the organization up to the CEO and Board.
- Make sure business leaders understand the cybersecurity risks they are accepting.
- All technology solutions in the organisation should be designed, integrated, and operated with security and privacy in mind.
- You should incentivize the adoption of cybersecurity in every aspect where its required.
- Make sure third-party risks are managed effectively!
Cybersecurity teams must adjust security and risk management practices to enable work-from-home tools and fast adoption of cloud services. There should be streamlined guides and SOPs for every tool and how to use it in the right way while making sure that the security is intact.
At the same time, they must make it possible for security team members to look after themselves and their families during a health crisis. What good is security without real health?
- Create a culture of cyber resilience.
- Focus on protecting critical assets and services (internal ones on priority).
- Reduce data privacy risks by implementing strict IT Policy to be followed by every employee.
- Update the organization’s business continuity plans as business transitions to the “new normal” make sure to opt-in for a reliable Business Continuity Solution.
- Make sure external collaboration is monitored and internal file management rules updated and followed.
No organization today can expect the CISO to achieve faultless security in the current context with the havoc caused and sudden exposure multiple assets to external networks. Effective cyber-risk management and digital transformation can help organizations and stay ahead in these uncertain times. The end goal is avoiding any sort of data or financial loss whatsoever.
We at Matrix3D, a cyber security firm strongly believe in securing data and avoiding any data privacy issues. For further details feel free to contact us at firstname.lastname@example.org