Focus Areas To Enhance The Security Of An Organization
As most people have witnessed during the COVID-19 pandemic, cybercriminals are more active, easily attacking organizations who never imagined having to focus on a new security front - their employees who are forced to work from home.
Indeed, their infrastructures weren't ready to handle large amounts of VPN traffic, security around video conferencing, etc. As a consequence, attackers found ways to exploit and infiltrate these advanced tools with the installation of remote Trojans or other malicious viruses, and creating C&C channels. Recently, people have witnessed a few attacks where cybercriminals installed remote access Trojans (RAT) into the video conferencing software, thus leaking the data by breaching privacy and security. These kinds of advanced persistent threats (APTs) have pushed organizations across the world to revisit their border security, which is a critical piece to secure organization. But here, the focus is on protecting the employee assets. Organizations cannot have a false belief that their security controls can never be breached.
The following are areas where organizations need to be more vigilant to ensure their security is never breached:
- Password Security: A password is a basic concept, but people tend to keep the simple, easy to remember, or default password. Organizations need to have an effective password management tool to ensure users use strong passwords and to reduce operational efforts.
- Social Engineering attacks awareness: Social Engineering is a long-time method of attack that is still relevant to today. Among all of the social engineering attacks, Phishing takes the lead and has been widely used in COVID-19. When people start getting the malformed "worldometers" image on their email, and when they click on the image to open it, the malware gets executed, stealing their password and sending it through the C&C channel.
- Mobile devices: With the current lockdown situation, people are now using handheld devices more often to access their corporate data. Without proper security measures such as antimalware, encryption, DLP, and containerization, it is difficult to control these attacks.
- Remote Connectivity Security: Due to this outbreak, more and more organizations allow people to work from home. This has led to the rise of the internet, VPN, & remote connection, with wi-fi being the most common point of vulnerability in the whole chain. Irrespective of where users access their devices, it's imperative for end-users to understand the risks associated with wireless networks. These end-users need to use a VPN to prevent the network and communications from cyber attackers, which adds an additional layer of security with strong encryption.
- Data Protection: Because data has to flow through various channels and medium before it hits the destination, data protection is one of the most challenging tasks as more and more organizations and their staff is connecting remotely. From physical security to logical security, and so on and in that journey, data passes through the various modes of channels. Therefore, it is necessary to ensure that people have the proper level of encryption and Data Loss Prevention (DLP) to prevent data leaks to unauthorized persons.
- Proactive response and investigation team: The first line of defense in the operations staff is the monitoring team. They have the biggest responsibility of securing the organization round the clock and ensuring that their IT estate is always protected. To handle the incident effectively, they must have a documented incident response and handling strategy.
All in all, Cyberattacks are growing at a fast pace even during COVID-19 times and securing the IT estate constantly is as important as privacy protection, brand reputation, meeting compliance and regulatory needs. Adequate security controls must be implemented, adhering to your organization risk appetite.