COVID-19's Positive Impact on CybersecurityTarun Kumar on How CISOs Can Improve Security in the New Normal
The COVID-19 crisis is an unparalleled situation for the world, and it has posed an unparalleled challenge for cybersecurity. Like COVID-19, cyberattacks spread fast and far - creating more and more damage.
But the pandemic has also had a positive impact on the cybersecurity function.
Cybersecurity has never been considered more important than it is now. Organizations are realizing that enhanced digitization increases the economic impact that a widespread digital shutdown would have and that recovery from the destruction of digital systems would be extremely challenging. CISOs are acknowledging the formidable challenge of protecting the organization's assets and digital infrastructure - current and future - while enabling operations without interruption.
In the future, as organizations transform, the focus will be on digital, cloud and automation, and there will be pressure on cybersecurity operations to be an integral part of the entire process. In these times, we need to take a stronger and more strategic leadership role within organizations. We need to move beyond being compliance monitors and enforcers to better integrate with the business, manage information risks more strategically and work toward a culture of shared cyber-risk ownership across the organization.
The Remote and Hybrid Workforce
The pandemic led to a sudden shift to a remote workforce, which has drastically altered the risk profile of organizations. The perimeter of organizations is a lateral pyramid now, and the former majority of inside-inside access has changed to outside-inside access.
Cybercriminals are launching opportunistic and targeted cyberattacks on large corporations involved in manufacturing, IT, healthcare and government.
Not only are businesses being targeted, but end users working remotely are easy prey to business email compromises schemes. The risk of cyber intrusion increases exponentially as employees work from home.
Getting organizations on a stable model for the future is key. Security models will be based on zero trust, especially when an organization will be operating over untrusted networks and infrastructure.
In April 2020 alone, Google blocked 18 million daily malware and phishing emails related to COVID-19. The heightened dependency on personal devices and home networks with insecure routers has opened multiple vectors for cyberattacks. And misconfiguration in VPNs can expose sensitive information on the internet and also expose the devices to denial-of-service attacks.
The need for security awareness is more important than ever. As we are seeing an increase in phishing attempts, we should continue to send frequent reminders to employees to avoid clicking suspicious links or attachments and remain vigilant against phishing emails. Security awareness trainings for remote workers are critical; conduct as many as you can.
We should be cognizant of the risks that changes in operating models of their key vendors bring to their organizations. Vendors can be expected to make quick decisions to protect themselves and their employees and in the process, they may not fully consider the effects on the organizations they service.
We need to understand the current environment and proactively work with all critical vendors to understand how their operations have changed or are changing. We should review the risk ratings for their suppliers and know where their supply chains might fail.
Questions to Ask
We need to understand how crisis-driven operational decisions have changed the organization’s risk profile. At a minimum, we need to be able to answer the following questions:
- Can my business function effectively through remote working?
- Is there an appropriate understanding of the situation?
- Are there online trainings/awareness sessions on how - securely - to work remotely?
- Are traditional security controls operating in a similar manner in the new environment?
- Are your employees equipped with the right tools and technology?
- Are you effectively regulating the use of personal devices?
- What single points of failure exist that should be monitored closely to achieve redundancy and maintain availability?
- Are there single pieces of equipment, such as network devices or servers that may affect one or more applications or processing functions?
- What would happen if there was a cyber incident?
- Do you have a list of immediate steps to undertake to contain a cyber incident?
- Do you have mechanisms to assess who has access to the servers that were infected and how the attack was initiated?
- Are employees aware of your business's policies and processes regarding cyber incident response?
- Are you aware of the protocols to notify stakeholders, employees, etc. - to manage fallout from the cyber incident?
Steps to Take
As the majority of organizations accelerate their digital transformation journey with a focus on cloud technology and automation, cybersecurity needs to be embedded as an integral part in all phases.
CISOs and their cybersecurity teams need to adjust the security programs and risk management practices to enable fast adoption of digital services, whether using the hybrid cloud model or the cloud-first model.
We also need to revisit their business resiliency and embrace newer security models that are likely to be based on zero trust principles and will be rich in orchestration and automation.
Last but not the least, we need to show empathy and patience and be flexible. We need to do whatever we can to support their teams, internal customers and external stakeholders during these difficult and uncertain times.
CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.
Join the Community - CyberEdBoard.io.
Tarun Kumar is CISO at Nissan Digital. He has over 20 years of experience cybersecurity, IT risk management, data protection and privacy and has provided cybersecurity services to international clients representing broad industry sectors. He has previously held leadership roles at PwC, EXL, Computer Sciences Corp. and KPMG and has extensive experience in establishing road maps and budgets for large cybersecurity, security governance and IT risk management transformation programs.