Organizations should balance several priorities to respond to the current COVID-19 challenges of protecting against newly arising cyber attacks, and balancing the business continuity.
The extra effort taken by the organizations to manage workers and serve customers through online during COVID -19 has increased their chances of cyber attacks. Due to the adoption of work from home technologies, there are increased activities on customer-facing networks and the use of online services also presents fresh vulnerabilities that hackers would love to exploit.
The major challenge of CISO’s and information security professionals are maintaining a fine balance between protecting their institutions while ensuring operations go smooth without interruptions.
For Instance, information security teams of a service company must ensure that their security controls are foolproof while shifting to work from home solutions. At the same time, the management should ensure that the security team should be able to take care of themselves and their loved ones during these challenging times.
Addressing these changes of competing requirements are not easy but ensuring some governing principles will help them to meet the challenge.
We are going to discuss this in the article.
While many CISO’s and info-sec executives are working with their experience to curtail challenges but considering the pandemic’s vast scale and unpredictable duration are highly unusual.
There is no written document for the CISO to refer to for guidance. But most of the experienced security professionals are following the below basic principles of Security.
The security and IT operations team should concentrate on only those technologies and security requirements that are critical to the daily operations. For Example, some areas which may need attention over the coming days include maintaining infosec operations, providing access to sensitive data for the employees, product development environments, and implementing secured access like MFA and SSO for the remote employees.
The most important area to focus on is to provide awareness to the employees on the safe remote-working protocols. Ideally should provide a security awareness training platform for the employees to have an ongoing engagement. This will help them to understand procedures for threat identification and escalation. Thus, the employees in the front line will play an important role to keep the organization safe.
Auditing the existing Environment
Consider conducting an IT audit within the organization to understand the current info security map of the company. The area to consider auditing should be remote monitoring of collaboration tools, auditing the network for current and novel strains of malware, and auditing employees and endpoints to identify any data related vulnerabilities that may later become an operational risk.
Proper adherence of compliance and polices
Cybersecurity teams are likely to receive a lot of request for policy deviation like allowing the user to install an application or allow the use of a mass storage devices which is not part of the policy, while the immediate response of the tech Team is to deny the request but during these challenging time they may be forced to accept such request to maintain business continuity. In this case, the security team should grant waivers or relax controls, but they should ensure formal evaluation and review of policies and implement time limits to periodic reevaluation or limit the exceptions to particular user groups.
Testing the policies
If the organization has a test plan in places such as incident response, business continuity, disaster recovery, talent succession, and vendor succession—then test them immediately. If you do not have such a policy then it is not late creating one and test them. You must evaluate whether your organization’s risk-response approach is effective and efficient. Eliminating risk events is impossible, but you can reduce the aggravated risk associated with a poor response.
The COVID-19 crisis is a nature challenge above all else. Everyone is going through this by balancing their professional and personal lives. The coming days may be more challenging, But adhering to some policies and compliance to an extent we can uphold the institutional information security and maintain business continuity
Contact us to discuss your challenges with our experts at email@example.com