Nick Emanuel, Senior Director of Product, Carbonite + Webroot, pictured, offers a resolutions checklist for cyber-security teams.
Even before the global pandemic and related lockdowns came into effect in early 2020, businesses had adopted part-time and full-time remote work schedules and began to consider the related security challenges that resulted from diminishing or non-existent IT perimeters. Cyber security professionals are often accused of scare mongering and throwing around the latest numbers, facts, and figures to justify their requests or spends but in this case the numbers don’t lie. Research looking into global click habits during covid-19 found that over one in five UK employees have received a phishing email related to covid-19 – and we know this kind of disruption breeds even more opportunities for criminals.
In March 2020 alone, we blocked 18,400 malicious domains with covid-19-pandemic related terms in their domain names – signifying their willingness to capitalise on public interest and general, global concern. And since the first public vaccination took place in the UK, we saw a 94.8 per cent increase in malicious domains using terms such as ‘vaccine’, ‘cure’, and ‘COVID passport’. Simply put, cyber criminals are evolving their tactics to match the news agenda, so outlined below are guidelines and a checklist to help cybersecurity teams ensure their cybersecurity strategies and strategies are prepared for the year ahead.
Cyber resilient
So, given the pandemic has changed our working lives for the foreseeable future – how should cyber-security professionals respond? An easy first step is to ‘recruit’ your colleagues across the business to help in creating a culture that recognises the importance of cyber awareness and resilience. They are likely just as concerned about security but may not be best equipped or armed with the information and practical advice to make a real difference.
Organised crime and opportunistic attackers exploit fear, uncertainty, and doubt to target individuals and businesses in a variety of ways. A continuous focus on creating and building a security culture via education and increased awareness of common attack methods is a central component to becoming more resilient against cyberattacks and other IT challenges. After all, no amount of investment in sophisticated cybersecurity software will help if an employee clicks on a malicious link or falls for a scam and becomes an unwitting pawn in a breach. It’s an old adage but think of it as having a top-of-the-line home security alarm system whilst leaving a window open.
The most effective security culture programmes focus on driving sustained behaviour change and security, not compliance, is the goal. Short five to ten minute bites of information (sometimes referred to as ‘micro-learning’) make it easier for employees to fit training into their busy days, regardless of position or responsibilities. Regular simulated phishing and external attacks that address the various ways hackers attempt to breach organisations through their users pays dividends and can result in up to 90% less malware on networks than businesses just using an endpoint protection product.
To reinforce a cyber resilient culture, report on the latest risks and threats and provide tips to staff about cybersecurity trends and best practices. Business leaders can easily incorporate reminders and updates about cybersecurity into ‘all hands’ meetings and other important company updates to underscore the importance and purpose of investing in cyber resilience. Additionally, businesses must ensure that all workers have clear distinctions between work and personal time, devices, and obligations. This helps to reduce the amount of uncertainty that can ultimately lead to phishing-related breaches.
Plan into action
Having a back-up and recovery plan is second nature to most security professionals, but now is a good time to shake that plan out and re-test its robustness.
Ask yourself questions such as whether your plan considers how to recover and restore now that the larger percentage of the workforce is operating remotely? Have you considered new cloud backup or hybrid backup solutions as IT has trended toward the cloud? As collaboration tools are more frequently used for meetings and communication, have these been considered? In the case of a breach these could form a method of business continuity, and a vital open channel for information, therefore paralysing an organisation if unavailable. To ensure you’re on track for 2021, I’ve prepared the following list of actions that all security teams should adhere to:
– Conduct a ‘privilege audit’ of permissions. Check all existing accounts, processes, and programs to ensure that individuals have only enough permissions to complete their job.
– Lock down Remote Desktop Protocol (RDP). It’s a useful tool but encrypt the data and use multi-factor authentication to increase security when remoting into other machines.
– Reinforce a strong password policy and make multi-factor authentication mandatory where possible to reduce the risk of a privileged admin breach.
– Shake out and test your backup plans. Ask yourself: is everyone/device covered, is the data being successfully backed-up, have your tested recovery, are the back-ups secured off site?
– Review your current patch management programme to ensure your business’ software is updated, patched, and secure.
– Ensure all layers of security are covered. The person, the device, the network connection, and the cloud (application) all form a layer of risk and require layers of security. Install reputable cyber-security software that uses real-time threat intelligence and offers multi-layered shielding to detect and prevent multiple kinds of attacks at different attack stages.
– Enable users as a line of defence. An example of a simple but effective change could be to ask employees to change their home router password from the default, out-of-the-box version they were provided, and ensure it is updated and patched.
– Educate end users about phishing/spam. Run regular security awareness and phishing simulations and provide updates and feedback at a company level. Don’t forget to let employees know when and how to report a suspicious message or activity.
