By: Vivek Soni
November 30, 2020
How Will The New Normal Impact The Cybersecurity Industry?
By: Vivek Soni
November 30, 2020
The COVID19 pandemic, which has taken many lives and has shaped itself into the worst global event that we have faced, has changed human behavior and attitudes forcing organizations to respond. The need to respond will not end even in case the threat eventually subsides. These uncertain conditions have impacted every industry and have turned the trajectory of growth upside down. It has pushed companies across the globe to rethink their strategies and their way of functioning.
Many emergency changes have transitioned from temporary to permanent due to the unimaginable crisis. Our way of thinking, designing, developing, and implementing will see a massive change because of these changes.
Risk involved with the new normal:
With the rise of social distancing, organizations and their employees are conducting meetings remotely through digital and social media applications, which have increased the usage of the internet to a large extent. The exchange of confidential data over these platforms has raised data security and privacy issues.
There is a heightened use of personal devices and various networks, which has attracted the cyber-criminals who see this as a world of opportunity. Insecure configurations, improper system hardening, and unsafe public networks are the most common vulnerabilities exploited by hackers.
As organizations are on the move to offer work from home to their employees, the new remote worker, due to not being accustomed to remote technology, has become a target of malicious activities like phishing/spear phishing, smishing, malware attacks, ransomware, etc.
As employees are operating from home, it becomes difficult for IT staff to monitor and contain network security threats. Due to the immense external traffic flowing into the internal network, the infrastructure needs to be transformed to cope with traffic and secure data flow.
The pace of change was so fast that many organizations performed some abrupt changes in the existing architecture to continue its operations without following the standard change management procedures. Most organizations performed emergency changes in the production environment, which resulted in Denial of Service (DoS). These changes can lead to loopholes in the security posture of the organization.
As the companies have switched gears to adapt to the new normal, the recovery strategies and incident management procedures need to be reshaped to include the new changes. Black swan events need to be considered while developing a crisis strategy.
The threat landscape has evolved, and a new set of risks have been introduced. User awareness and training need to be imparted more rigorously. They should be a part of the organization's layered approach to defending itself from cyber-threats alongside technical and management controls. Risk management professionals need to be proactive and perform thorough risk assessments to enable businesses to achieve the desired objectives.
The need for a robust synergy between business management and security management is much desired in the present scenario. The top management and all members of the executive management must be committed to supporting cybersecurity initiatives. The leadership should communicate the importance of cybersecurity and should create a culture of responsibility.
Cybersecurity considerations for the new normal:
The surge in communications and remote ways of operating businesses has increased the risk of cyber-attacks by order of magnitude. Organizations' safeguards at the entrance of their private networks are at constant risk of being compromised. They require always-on surveillance and concurrent risk analysis for breaches at both physical and logical entry points. Cybersecurity should be metamorphosed into a must-have function within companies. Some factors that need to be considered are:
- Security Readiness: Cybersecurity has become integral due to expanding the threat landscape and organizations getting digitally connected more than ever before. Having a contingency plan and incident response procedures are the must-have attributes.
The leaders must plan for unforeseen events. Identifying likely scenarios, conducting walkthroughs, and simulations can prepare the enterprise for adverse events. It would also help ensure that a successful cyber-attack does not hamper the continuity and viability. Management must prepare policies and procedures, giving precedence to the privacy and security of the information exchanged in any form. Some controls like periodic drill exercises, change & configuration management, creating user awareness can boost security preparedness.
Improving Security Operations: The Security Operations Centre must be aligned with business needs. Improper integration of a SOC within the enterprise can lead to issues like a lack of visibility into the IT infrastructure, an inability to uncover new threats and monitor existing ones, and growing stress on security professionals. The SOC strategy plays a crucial role in preventing threats from causing harm. Leadership needs to underpin the strategy by providing relevant funding for tools and hiring skilled staff. Proper configuration of internal security controls, monitoring, logging, and strengthening endpoint protection for remote workers can greatly support the business in achieving the desired objectives.
Secure Remote Access: There is very little visibility on employee activities when they are working from home. Personal devices and different networks are used to access the company's internal network and its sensitive data. On these personal devices lies another liability on the company's end to prevent a privacy breach. The home network carries confidential information but may be unsecured.
Companies should consider all such risks before providing remote access to employees. Access needs to be restricted and should follow stringent role-based access procedures. Sensitive data must be encrypted with strong encryption algorithms while stored and in transit. For mission-critical systems, PAM (Privileged Access Management) should be integrated for authentication. There must also be a device management system that constantly checks for device health when it connects to the internal network. All the controls deployed must be reviewed periodically for their adequacy and effectiveness. These ways to secure remote access are not exhaustive, but a bare minimum and further controls depend upon the organization's context.
- Increasing User Awareness: In remote working conditions, it is fairly easy for hackers to trap unsuspecting employees through social engineering attacks. Employees clicking on enticing links in a phishing email fall victim to malware getting installed on their systems. These infected systems could become a bot in a botnet or be used by hackers to attack the organization's internal network.
A sustainable cybersecurity-aware culture can do wonders to minimize cyber-risk, as employees are commonly the weakest link. Periodic cybersecurity training to increase awareness, test employee knowledge, and discuss major security incidents with business leaders and employees can greatly help improve the security posture.
- Improving Coordination: These tough times have demanded a lot of coordination between different departments. The management and other business heads rely on cybersecurity teams to provide them with a secure and reliable solution for seamless operations. Risks related to VPN solutions (Virtual private network), VDI (Virtual Desktop Infrastructure), and other remote access methods need to be constantly monitored.
The teams are working under huge stress and pressure to actively support the business. Top management must consider the burden that the cybersecurity team is handling and must support them by providing enough resources, hiring outside consultants, or conducting employee engagement programs.
In the new normal, threats are more sophisticated. Companies have to think outside the box about protecting their competitive edge and developing new prototypes to be cyber-secure. Cybersecurity professionals should have a thought process like a cyber-criminal; only then would they become aware of the risk of using cutting-edge technologies and how to mitigate them.
Merely deploying new technologies and tools will not give the desired result of being cyber-secure. It should go hand in hand with relevant training for the users. It is of utmost importance to bridge the gap between technology and people. The configuration settings of all these technologies must be reviewed periodically as risks are constantly evolving.
The new normal environment should be equipped with a practically viable and human-centric approach to prevent attackers from succeeding in their nefarious actions. The approach should also defend the organization's operations and well-being in a sophisticated, responsive, and resilient way.
Cybrary.it revolutionizes the way cybersecurity training is imparted. It has converted the conventional ways into a constructivist approach. It offers a multitude of IT training courses online. Cybrary provides a lot of courses on cybersecurity ranging from beginner to advanced levels. Some of the courses offered by Cybrary can also help security professionals to select career paths. Career paths help learners get hands-on experience through their built-in labs and enhance the understanding of complex subjects with subject matter experts' guidance. They help learners to get a new job role more easily. Become a SOC Analyst - Levels 1-3 and Information Security Fundamentals are popular career paths available on Cybrary.
One of the popular courses designed by Cybrary and instructors Joe Perry and Ken Underhill is Introduction to IT and Cyber Security, which provides cybersecurity enthusiasts with introductory knowledge in the areas of:
- System Administration
- Network Engineering
- Incident Response and Forensics
- Offensive Security and Penetration Testing
Finally, this course benefits the learner by providing an understanding of the fundamentals of cybersecurity. It also provides continuing education credits (i.e., CEU/CPE hours) and a certificate upon completing the course.
https://www.mckinsey.com/business-functions/risk/our-insights/a-dual-cybersecurity-mindset-for-the-next-normal https://cio.economictimes.indiatimes.com/news/digital-security/learnings-from-covid-19-the-new-normal-for-cybersecurity-leaders/77058904 https://secureops.com/improving-your-soc/