Navigating Information Security Risk Post-Pandemic
In celebration of Cybersecurity Awareness Month, we want to spend a few minutes discussing some lessons we’ve learned over the last 18 months since the pandemic started. We believe, like others, that the pandemic has largely accelerated existing cybersecurity trends. It has been encouraging to see the pace of innovation of many of our customers and within the industries where we work. With that change, however, we do see some common struggles among our customer base.
Many of our clients are currently transitioning large portions of their infrastructure to the cloud. With this, they’re incorporating new vendors into the management and support of these platforms. In addition, they’re often trying to integrate these new deployments with legacy technology and applications in traditional data centers. These changes have blurred the lines of traditional network and security boundaries and the roles and responsibilities between internal personnel and third-party vendors.
The traditional model of perimeter-based security no longer works in this new paradigm. The movement towards BYOD and work from home has created a patchwork of networks and systems that must now be trusted and secured to help protect enterprise data. In addition, all of this has changed the user’s workflow and the way they interact with enterprise systems. Often user authentication and system behavior are quite different from what employees have seen traditionally. This creates a situation where users become targets for phishing attacks.
All of this comes at a time when attackers’ abilities to monetize ransomware events have created a well-organized black-market industry that is looking to exploit your weaknesses. These are professional threat actors who are employed by well-organized international cybercrime syndicates utilizing sophisticated attack techniques.
Managing Information Security Risk in the Current State
With so many changes occurring all at once, organizations must focus on maintaining and updating information security management systems to align with the current state, including:
- Update the ISMS. Ensure you have complete coverage on your core information security responsibilities (Identify, Protect, Detect, Respond and Recover). Map these responsibilities onto your new vendor relationships and make sure these align with your expectations. Don’t assume your vendors have it covered.
- Focus on Legacy Application Risk. Be thoughtful of how you integrate legacy applications with your hybrid or cloud applications. Legacy applications often require the use of outdated or insecure services and protocols. These are often the entry point for an attacker into the rest of the organization.
- Minimize User Risk. Ensure your users have the proper security awareness training on new technology deployments and current phishing tactics. Apply multi-factor authentication for your online and cloud-based applications. Implement security controls on the user’s endpoint, which minimizes the impact if a user is phished.
- Update Detection Capabilities. Ensure your organization can detect malicious behavior across your infrastructure. We’ve found that many organizations are losing much of the traditional monitoring and tracking abilities within their hybrid and cloud-based deployments. It often becomes difficult to track user behavior within and across cloud-based applications. Many applications service user accounts and the backend, making nonrepudiation difficult at best.
- Implement a Breach Response Plan. Prepare for your breach now, before it happens. Ensure you have a well-developed response plan in place. Ensure you have a robust ability to detect attacks early and often, minimizing the potential impact from these events. Before it happens, develop relationships with third-party vendors who will help respond to a ransomware event. Your ability to act quickly is directly correlated to the cost and impact when recovering from these events.
- Revisit Cyber Insurance. Ensure you have the appropriate cyber insurance coverage in place and that you’re meeting the security requirements for these policies. Many underwriters are now refusing to pay out coverage because security controls and best practices were not implemented.
If you’d like more information or to discuss your organization’s cyber security needs, please contact us at Connect@CompliancePoint.com.
Finding a credible expert with the appropriate background, expertise, and credentials can be difficult. CompliancePoint is here to help.