Pandemic Illustrates Need for New Cybersecurity Philosophy

Pandemic Illustrates Need for New Cybersecurity Philosophy

Network attacks, malware campaigns and phishing scams are on the rise as cybercriminals seek to capitalize on our increased anxiety about the coronavirus pandemic and the lax security measures of at-home workers. According to the FBI, threat reports through the first six months of the year have already surpassed the total for all of 2019, which was widely considered to be the worst year ever for cyberattacks.

The spike in threat activity was unfortunately predictable. Few organizations were adequately prepared to support the overnight shift to a remote workforce. In a new survey of information security professionals conducted by Bitdefender, half reported they had no contingency plan in place for a pandemic or a similar scenario.

Lacking a well-developed organizational strategy, employees have too often been left to figure things out for themselves. According to an IBM survey, 80 percent of U.S. employees had little to no experience with working from home before the pandemic, and more than half are still doing so without any company security policies to guide them.

Remote work will remain standard procedure for the near term, and most companies plan to make it a long-term option for at least a portion of their workforce. That concerns security pros. More than a third of those surveyed by Bitdefender say they fear that workers tend to be more relaxed about security issues when outside the company environment. In particular, they worry that homebound workers don’t stick to normal company protocols for identifying and flagging suspicious activity.

Developing Cyber Resilience

Security pros recognize that the pandemic has fundamentally altered the business landscape, and that they need to change their approach to security. Nearly a third say they plan to maintain 24x7 support for remote workers and increase the number of security training sessions for employees. Almost a quarter say they intend to work more closely with key business stakeholders to define cybersecurity policies.

A growing number of companies are beginning to explore a significant philosophical shift, moving away from traditional cybersecurity strategies and toward an evolving strategy known as cyber resilience. Unlike traditional security strategies designed to prevent attacks, cyber resilience is meant to help organizations withstand attacks.

In effect, the cyber resilience approach acknowledges that increasingly sophisticated and rapidly evolving threats can’t always be prevented. The focus instead is on responding quickly to an attack in order to limit disruptions and sustain operations. It is an iterative process that involves tight integration of information security, business continuity and business resilience. The key advantage of this approach is that security is baked into business processes instead of operating as an overlay to the business.

Security professional associations, standards groups and industry analysts have developed a number of frameworks for implementing cyber resilience. Most describe the following four-stage approach:

Preparation. In this phase, security experts, senior leadership and business stakeholders work to assess and inventory current systems, applications and data sources, make critical updates, develop governance and business continuity policies, and establish employee training processes.

Detection. Next, organizations must implement advanced analytics, active monitoring tools and enhanced threat intelligence capabilities to improve their ability to identify and act on emerging threats.

Response. An incident response program outlines how the organization will react to a threat or attack, including measures to ensure continuity of operations even while an attack is in progress. This should outline both technical requirements (notification, escalation and mitigation) and business requirements (continuity plans, internal and external communications, staff roles and responsibilities).

Recovery. This stage covers everything necessary to resume normal operations, including restoring data from backups, rebuilding or updating critical applications, and documenting and analyzing the incident to improve preparation for subsequent threats.

Give us a call if you’d like to discuss your current security posture, concerns about remote workforce security or how to begin the transition to a cyber resilience framework.