Article written by:
Doug Davidson,
Director of Information Technology Services
Rob Pyles
Director of Information Technology Services
Globally, industries have seen a sharp rise in cyberattacks since the Chinese government disclosed the spread of the coronavirus, or COVID-19, within China and internationally. More specifically, cyberattacks focused on healthcare systems using spear-phishing and ransomware, impersonation attacks combined with business email compromise (BEC) targeting financial systems, supply chain cyberattacks focused on redirected manufacturing operations outside of China, and distributed denial of service (DDoS) cyber-attacks on the energy, hospitality, and travel industries.
With the spread of COVID-19, increased demands for information technology (IT) support services are occurring across nearly all industries, as worldwide employees, students, university faculty and others are being asked or required to work or study remotely from their homes to reduce the spread of the virus. As a result, nation-state cyberattack groups and criminal cyberattack groups are taking maximum advantage to target cyber vulnerabilities in select industries, especially those most impacted by the current crisis.
Realizing that 40% or more of cyber vulnerabilities are directly linked to employee behavior, per Gartner’s latest studies, it is vital that organizations focus more on their employees via cybersecurity awareness, education, training and use of simulations to create a stronger human firewall to protect their vital digital assets.
Cybersecurity Top Five Recommendations
To reduce the probability of a cyberattack and/or significant data breach and mitigate the negative financial and reputational impacts, we offer the following cybersecurity recommendations which are clearly applicable to all industries:
1. Create an organizational culture of cybersecurity: Ensure the C-suite consistently promotes and supports employees practicing effective cybersecurity policies, processes and procedures via a comprehensive cybersecurity awareness, education and training program including spear-phishing campaigns. Raising awareness during this time period is critical because remote employees are often working with less security protection than when they were in the office. They are weaker and the prime target.
2. Harden new network components: As firms have moved to network architectures that support social distancing with remote working, key vulnerabilities have likely been introduced.
- Ensure remote workers are accessing company resources using VPN technologies
- Ensure that no remote desktop connections are in place. Instead, use a remote viewing program like Anydesk or TeamViewer
- Independent of the remote connection, technology ensures visibility and monitoring for remote connections including those of employees, contractors and others with access to company network resources
3. Continue cyber diagnostic assessments to find weakness before an attacker does, on a regular basis, including:
- Email cyberattack assessments
- Spear-phishing campaigns
- Network & endpoint cyberattack assessments
- Vulnerability scanning assessments
- Penetration testing
4. Conduct 24/7/365 monitoring, detection, and response (MDR): It is essential to continually monitor, detect, and respond to all cyber incidents, including any incidents relating to your company’s: email system, network, software applications, and all information system endpoints using advanced security information event management (SIEM) software, data visualization tools, automation, and artificial intelligence (AI) capabilities.
5. Plan for more bad news both from cyberattacks and other events:
- Establish a rapid cyberattack incident response plan: Develop and periodically test an enterprise-wide well-coordinated information system incident response plan to quickly identify, contain, eradicate and recover from cyberattacks. Inform employees of their role in reporting incidents and consider grace to those who make mistakes but quickly report them.
- Ensure information system resilience: Review and test existing enterprise-wide business continuity plans (BCP) and disaster recovery plans (DRP). If no plan is in place, implement and test an enterprise-wide BCP and DRP.
For information on best practices and implementation, contact us today.
