Insights
New Rules of the Game – Business Cyber Security with COVID-19
Cyberproof, A UST Company
With the onset of the COVID-19 pandemic and the decision by nations around the globe to implement a lockdown, business continuity suddenly became the topmost priority for corporate leadership.
Cyberproof, A UST Company
How has this impacted Indian enterprises? While many aspects of the pandemic experience are shared internationally, there are elements of the situation that are specific to each region. As one example, let’s explore what’s been happening in the Indian business community during this very challenging time.
BUSINESS CYBER SECURITY CHALLENGES:
Using COVID-19 as the primary premise, there are multiple instances of phishing and other malicious attacks making the rounds. In fact, the Internet is flooded with information & misinformation about COVID-19. This new demand for information about the pandemic is being used by various threat actors - including state actors - to their advantage, particularly in the last couple of months.
In the past few weeks, we published several Threat Intelligence updates and blogs describing how attackers used COVID-19 as an opportunity to launch attacks. Here are some examples:
- Cyber Attacks Using the Coronavirus (COVID-19) Hype
- Social Engineering Attacks Using the Coronavirus (COVID-19) Hype
- Donation Scams & Phishing Websites
- Two Zero-Day Flaws in Zoom’s MacOS Client Version
- Zoom Client Can Leak Network Login Credentials, And Zoom-Bombing Attacks
- POC Attack Executes Malware When Hovering Over A Hyperlink in PowerPoint
- Increase in RDP Exposure Due to Remote Work Puts Companies at Risk of Hacking
- Telework Threats Around Coronavirus
Additionally, there are new cyber security risks for businesses related to remote workers such as unsecured Wi-Fi networks, use of personal devices and laptops, and employee readiness to the ‘work from home’ culture.
IMPACT & COUNTERMEASURES
COVID-19 has had an impact on businesses both at the economic and the organizational level.
Impact at the Economic Level¹
Organizations in India have started factoring in the impact of COVID-19 on growth and its effect on GDP. In its April 2020 update, the International Monetary Fund (IMF) slashed India’s growth estimate for the year 2021 to 1.9% - from 5.8% estimated in January. It also projected that the COVID-19 pandemic will shrink world output by 3% in 2020. However, the IMF also mentioned that India and China would be the only two major economies likely to register growth, with all other economies contracting. On the bright side, India’s growth is projected to recover sharply to 7.4% in the next fiscal year.
Impact at the Organizational Level
Given the sudden change in landscape, organizations acted swiftly to ensure business continuity. Even if the lockdowns are eased, many members of the workforce will still continue to operate from home. This might continue until we have a permanent solution for COVID-19.
Employees working from home are connected to the public Internet while connecting to organizational servers and databases. The secure network that was built in your organization, and the security tools monitoring data in transit, have been rendered ineffective. Organizations need to quickly ensure that they address the change, and tweak their business’s cyber security policies to address these new needs.
ENSURING BUSINESS CONTINUITY
Critical considerations to ensure secure business continuity include:
- Communication: In these times of uncertainty, employee awareness has become, in many cases, the primary tool for the CISO. Employees are traditionally viewed as the weakest link, but they could also be the strongest link. CISOs and IT heads need to clearly communicate to their employees that they should follow correct security procedures and report any suspicious activity to the IT team. Ensure you are constantly in touch with all your employees, and periodically share best practices, latest threats, “Dos & Don’ts,” as well as recommendations on any secure open source tool that can be used - and which should be avoided.
- Ensure employees are aware and respect the privacy policy and obligations of the company and its clients. For example, all client-related discussions and company-related details should be shared through official channels like email, business messaging apps, company forums, etc. - and not on WhatsApp, SMS, or Telegram groups.
- Utilize Threat Intelligence: Given the global increase of malicious cyber activities, it is highly recommended that you subscribe to a reliable source of updated threat intelligence (for example, the Cyber Hub) or - depending on the budget available - explore a tool that will feed threat intelligence updates to your SOC teams.
- Invest in Timely Patch Deployment: To address risk, we need to ensure security patches are deployed in a timely manner, thereby addressing identified vulnerabilities and input from Threat Intelligence sources. Communicate that employees should install new updates as instructed by the IT Team.
- Zero Trust Model: As more and more employees use personal laptops/mobiles, companies should follow a zero trust model and ensure access is given on a least-privileged model through a strong policy framework. Wherever available, organizations should enforce Two-Factor Authentication (2FA) and Two-Step Verification (2SV), which provides an extra layer of account protection.
- It’s also important for employees to use Webmail or other platforms, where required security policies are applied - for example, by ensuring that when O365 Webmail/Outlook or Teams are used on a personal laptop or a mobile phone, the data is monitored and cannot be downloaded locally or shared outside the session. This helps your SOC monitor all technologies which are controlling the data at the endpoints.
- Address the Increase in Phishing Emails & Scams: CISOs and IT Teams need to remind staff continuously NOT to open any links or documents that look suspicious. Provide employees with awareness of how to identify such mailers and instruct them to immediately inform the IT team of such mailers or accessible sites if there is any doubt. Ensure your helpdesk and support processes are well baselined and constantly refine use cases or playbooks used in your SOC, for efficient threat detection.
- Use the Right Channel: Sensitive discussions that had previously taken place in a meeting room or in team stand-up meetings, are now taking place online via chat, video, and audio. CISOs and IT heads must now find and implement the correct technologies, tools and mobile apps, so that everything can be monitored, and security policies can be enforced.
- Explore a SASE Solution for Work from Home: With the majority of the workforce working from home, business data is being used, stored and updated over the internet - sometimes using personal laptops and mobile devices. Consider SASE (Secure Access Service Edge) solutions such as those provided by CyberProof partner Cato Networks, that make it possible to deploy your security policies in the cloud and use zero trust, and which provide the advantages of WAN Optimization, Firewall-as-a-Service (FWAAS), and Cloud Access Security Broke (CASB).
- Consider Automation: This may be the right time to consider automation in your next security policy review. Business functions like IT and Security will have to adopt this new shift to remote working with solutions for 24X7X365 operations. This may require exploring new technologies that enable continuous operation support and can provide automation, as well.
Your SOC is the backbone of your security ecosystem. By utilizing automation in your SOC, and using digitized playbooks and customized use cases that are operated and implemented by an AI-enabled chat bot, you can help your organization automate many of your security operation activities.
THE BEGINNING OF THE END OF LOCKDOWN & WHAT THAT MEANS FOR BUSINESS
COVID-19 will definitely change our lives forever with a new working culture, new business cyber security policies, and new threat vectors.
CISOs might have to rethink and reconsider the security assets in their arsenal, while CROs might have to account for new cyber security risks for businesses in their risk registers. IT Heads, Operations head, and Security heads will have to collaborate to enforce security policies at the granular level.
Lockdowns in some regions are just starting to be partially lifted. As the business world adjusts to this new reality, all organizations WILL have to circle back and rework on their long-term cyber security and privacy strategies in order to be prepared for a changing work culture.
For more information about COVID-19’s effects on Indian businesses, join us on May 12th for a webinar hosted by CyberProof India's Head of Cyber Security Business, Anand Trivedi or contact us directly to learn how to deploy security automation solutions for your company.