The unfolding COVID-19 situation presents organizations and their technology teams with many new challenges. As they strive to maintain the continuity of core business functions, they need to support fresh ways of working. The pandemic has been the perfect storm for chief information security officers (CISOs) — a real-time test of security resilience and robustness.
Now, as we start our journey on the long road to recovery, we are doing so with different priorities than we had just a few months ago. To help organizations prioritize their efforts to tackle critical security risks while keeping business systems running, Fujitsu’s security experts have put together the following four guiding principles.
1. Patching is still important
The debate about when and how to patch running software has raged for decades, with many IT leaders taking a regulated approach to minimize the chance of a bad patch affecting IT operations. However, this can mean falling into patch management routines, and unnecessarily increases the attack surface.
For example, there was a patch available for the EternalBlue SMBv1 vulnerability two months before recent widespread attacks. But many businesses were impacted because they had not applied the software update.
We expect to see attackers aggressively trying to exploit the change in working practices, as IT operations teams are significantly affected by the COVID-19 pandemic. We suggest that businesses patch frequently and manage eventual outcomes, instead of a regulated approach that sees them wait for months for the perfect patch.
2. User vigilance around COVID-19 phishing attacks is important
Fujitsu’s Security Operations Centers around the world have tracked COVID-19-related phishing lures, especially targeting Office 365 users, to steal access credentials and gain access to a multitude of corporate systems including instant messaging. Phishing attacks are also targeting senior and C-level executives. They are a valuable prize as attackers can access sensitive data, and use their hijacked user profiles to manipulate other users, both inside and outside an organization.
The first step towards tackling this problem is awareness. All employees should know how to spot COVID-19 phishing emails by understanding what internal COVID-19 communications should look like and who their senders might be, and the risks of unsolicited external emails. In particular, organizations should be extra vigilant around C-Suite email accounts to avoid further attacks on other internal and external users.
3. Ensure reliable and secure network access
Secure and reliable access to the corporate network is more critical than ever as people need access to resources to do their jobs. With remote working becoming the “new normal,” both corporate and personal devices are asking for legitimate access to data and systems from both inside and outside the corporate networks. CISOs must therefore rethink the old concept that they can trust any device inside the secure network and not any device outside the network. Keep your operations and customers secure by implementing a Zero Trust model that only allows access based on individual user profiles. Monitor the use of shadow IT and promote the use of approved tools, messaging, devices and applications.
Organizations should take a risk-based approach to prioritize which assets, users and systems present the highest risks. For example, collaboration tools will most likely have taken on greater importance for day-to-day operations during the pandemic.
4. Working together for the greater good
One thing that has become apparent during the past few months is the need for teamwork. This is relevant for security teams. Cybercrime has not gone away during the pandemic. In fact, there have been some examples where it has intensified, taking advantage of peoples’ vulnerability during unusual circumstances.
Sharing cybersecurity challenges, best practices and lessons learned with your peers and drawing on external sources of intelligence will speed up the development of a secure strategy and will ensure resilience throughout your entire supply chain and industry. To give an example, there is no point ensuring your systems are resilient to an emerging threat actor if a key companies in your supply chain has been impacted.
This is a two-way street. By sharing information, you will get back both insights from your cybersecurity peers. In our new world, we need a fresh approach to ensure resilient cybersecurity.
Leo Ng, chief executive officer of Fujitsu Hong Kong wrote this article. The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Photo credit: iStockphoto/Sundaemorning