The COVID-19 pandemic has created an environment in which malicious cyber actors thrive. They are exploiting today’s uncertainty and anxiety through ransomware attacks, phishing campaigns, social engineering and financially-motivated scams. Although we are living in unprecedented times, the cyber threats we face and the malicious actors we defend against are not new. But the globe’s singular focus on COVID-19 may make us the proverbial fish in a barrel for bad actors.
These attackers understand and target our thirst for information to help us navigate this pandemic. A sudden, intense focus on specific topics such as local coronavirus case data or where to find face masks makes it easier than ever for bad actors to design a phishing email, scam, or other attack. At the same time, organizations scramble to adopt remote-working best practices as employees move en masse from working inside a traditional office to remote environments practically overnight.
IT and security leaders understand how to defend against the types of cyber-attacks we’re seeing, but need to adapt their defenses to the current environment of uncertainty and social distancing. Below are three ways leaders can fortify their cyber resilience amid COVID-19.
Adapt Ransomware Response Playbooks
In today’s threat landscape, IT and security leaders cannot simply focus on preventing ransomware attacks; they must also have a robust strategy for how to react to such attacks. In addition, organizations should adapt their ransomware response playbooks for the current remote working environment.
For example, in the event of an attack, convening an organization’s key decision-makers in one room to strategize on response is not likely to be an option. Simple measures such as compiling the contact information and backup phone numbers for key decision-makers can go a long way. Ransomware response playbooks should also outline topics such as whether or not the organization would pay the proposed ransom, the legal teams the organization will work with for counsel and mitigation, and considerations for engaging with legal counsel other key players remotely.
Consider Network Visibility & Secure Devices
Most likely, few organizations had plans to shift from in-office work to most staff working remotely in a matter of days. Network monitoring protocols that works in a traditional office setting may leave you in the dark in a remote working reality. A foundational step in understanding the risk profile is to first understand the network visibility available and adjust enterprise protocols as necessary to protect in today’s environment.
To uncover gaps in the defenses, embrace expanded threat hunting activities. Though not a perfect solution, red teaming and penetration testing are key levers to pull to help find vulnerabilities or threat actors lurking in the system. Another key tool at the disposal of security leaders is the trusted network list. In these unprecedented times, reducing the number of trusted networks and restricting user access to hinder credential escalation attacks.
Maintain Employee Engagement
The coronavirus pandemic has already caused significant swings in global markets, with a possibility of the steepest economic downturn since the Great Depression, according to the International Monetary Fund. Given the current financial volatility, we have already seen layoffs, furloughs and reductions in work hours, with other difficult decisions ahead.
In this uncertain time, critical in these times of increased emotional and economic stress that can lead to increased insider threats – intentional or otherwise. In addition to internal communications plans, security leaders should evaluate their more traditional purview, refreshing insider threat programs and response plans to ensure they can locate and quickly address any threats in a new, remote working environment.
Although our global response to COVID-19 poses significant cybersecurity challenges, leaders must not lose sight of the transition at the end of this pandemic. IT and security leaders alike should look at the technology and processes put in place during the pandemic response and consider how these might help the organization leapfrog forward. Are there aspects of the network that were once considered critical to be “on-prem” that can now migrate to the cloud? Is there sufficient infrastructure in place to enable more advanced remote work options than what is in place today?
IT and security professionals, in partnership with other enterprise leaders, can and should chart out upgrades today and consider the organizational changes that will empower the enterprise to become more agile and more secure in the future.