By Dirk Schrader, Cyber Resilience Architect, Greenbone Networks
The coronavirus pandemic has lead to a new wave of cybercrime with hackers taking advantage of the chaos caused by the disease. They have masqueraded as WHO, sending fraudulent messages via WhatsApp and email in phishing attacks and Google is reportedly blocking around 18 million malware and phishing emails related to Covid-19 every day. Google’s Threat Analysis Group also recently published findings on how it has detected more than 12 state-sponsored hacking groups using the coronavirus as cover to disseminate their malware and even the EU has called for a ceasefire on cyberattacks exploiting the pandemic.
Even outside of Covid-19, the risk of cyberattacks is forever increasing and the FBI recently warned that cybercrime activity shows no sign of slowing down, and at great cost with a $3.5 billion fallout in 2019 alone. As cybercriminals are so prolific and their tactics forever evolving, even organizations with the very best security measures in place will not be able to eradicate threats completely. Instead, to remain operational in the event of an attack and in the chaotic times caused by coronavirus, companies should strive for a state of sustained cyber resilience.
Cyber resilience goes one step further than IT security and is a more strategic concept. It includes measures to minimize the attack surface while at the same time, it also focusses on maintaining productive operations and achieving business objectives despite a cyber incident. To achieve a state of sustainable cyber resilience, companies must not only consider technical aspects, but also people and culture, as well as processes and organization.
Below are Greenbone’s top tips on how to remain cyber resilient:
1. Employee awareness
In it’s latest survey, Bitdefender found that employee negligence remains the biggest threat when it comes to data breaches, above malware and software failures. Companies – big and small – are at risk of this cybersecurity weakness and should have solid mitigation plans in place. Make employees aware of risks that could come their way and make sure they know not to click on suspicious looking emails as they could fall victim to phishing attacks or inadvertently download malware that could affect the entire company. An important step on the road to cyber resilience is therefore to build security awareness.
2. Establish a positive error culture
Mistakes are human and happen whether you’d like them to or not. When it comes to cybersecurity however, it is important to correct them as quickly as possible to mitigate any damage and to also learn from them for any similar future incidents. Employees can often be reluctant to report they’ve made an error, and instead of threatening penalties and reprimands, companies should establish a culture in which employees dare to share their mistakes. In this way, they can analyze causes, correct them, and avoid the same error in the future.
3. Identify your critical assets
To guarantee business continuity, companies must first analyze their business processes. Which technical assets are linked to which processes? Where can errors occur and what are their effects? This makes it possible to identify the critical assets that must not fail under any circumstances.
These assets should be kept redundant in a hot standby system. The back-up system is then fully configured and runs in parallel so that it can take over seamlessly if necessary. Alternative concepts are sufficient for less critical assets. Those who develop appropriate emergency responses remain capable of acting in case of a cyber incident.
4. Resolve conflicting interests and regulations
Resilience requires the identification and assessment of risks. This can lead to conflicts of interest between safety and security. Safety ensures that people are not injured by machines. Security, on the other hand, protects machines from cyberattacks. In both areas, there are often contradictory regulations. For example, while from a security perspective it is necessary to patch systems, this would jeopardize the ISO certification for operational safety. In order to avoid any gaps in the system, management must take the reins here and resolve any conflicts that could impede achieving full cyber resilience.
5. Implement vulnerability management
Vulnerability management is an important tool to minimize attack surfaces. Such a solution scans all systems in a network for possible vulnerabilities and assesses their risk. This enables companies to prioritize and close security gaps before attackers have the chance to exploit them. Vulnerability management should be part of any end-to-end security architecture and also seamlessly works in conjunction with other security solutions such as firewalls and intrusion detection (IDS) or prevention systems. This is a crucial step in becoming fully resilient and goes a long way to helping companies prevent attacks, and as Covid-19 presents more opportunities for hackers with an increase in remote and cloud-based working tools, being aware of any and all vulnerabilities is more than necessary.
Cyber resilience isn’t just about IT
According to the latest Risk Barometer of the Allianz Group, cyber incidents and business interruptions are considered the greatest business risks worldwide. This makes it clear that cyber resilience cannot be a pure IT matter, but must also become a matter for those in charge.
With so many decisions to be made on the way to cyber resilience, it can only be truly achieved with management‘s involvement. Those at the top must analyze to what extent the company is willing to accept risks and to do this, they must understand how IT assets and business processes are interlinked. They must also accept that mistakes happen and that it will never be possible to eliminate all human and IT weaknesses completely. Rather, it is a matter of identifying and assessing risks and finding appropriate, economically viable solutions.
Dirk Schrader is an IT-Security Expert with CISSP, CISM, ISO27001 Practitioner certification, and 20+ years of hands-on experience. He is an accomplished InfoSec author and researcher.