Reducing Cyber Threats

  • Whilst attention has been on fighting Covid-19, cyber criminals have been busy exploiting a lack of attention to cyber risks
  • We have seen a massive spike in criminal activities like phishing, data breach, business email compromise, frauds and ransomware attacks, with some universities and charities experiencing data breaches
  • As we slowly move to a new business environment with the mix of old and new normal, there are things to consider, to make it difficult for cyber actors as well as stop insider threats.

As the world was fighting the COVID-19 pandemic, cyber criminals were busy exploiting the situation to their advantage and we saw a massive spike in criminal activities like phishing, data breach, business email compromise, frauds and ransomware attacks. Multiple universities and charities have disclosed data breaches caused by a cyberattack experienced by a third-party service provider and a local authority had to revert to manual processes when its systems were halted by a ransomware incident.

As we slowly move to a new business environment with the mix of old and new normal, there are things to consider, to make it difficult for cyber actors as well as stop insider threats.

Patching: Cure is worse than the disease

One common and very important control, discussed in our previous cyber risk insights and podcasts, is the use of up-to-date systems with a regular patching regime. Patch management was challenging enough for IT before the pandemic; with many staff now working remotely, have you checked if your IT Manager is on top of this or has patching struggled to get enough priority?

Some organisations never had the capability to patch over remote network and have policies for agile working advising staff to connect their corporate devices to corporate network at least once or twice a month for them to pull down security patches.

Even if your organisation has managed to push out security patches, have you checked the compliance status of patching? The last thing any organisation needs is to end up with uncontrolled system versions over the last five months, which not only creates opportunities for cyber actors but also becomes a nightmare for network and IT teams to achieve compliance.  Also, remember patch management is one of the five areas of Cyber Essential certification: not managing to patch in time can invalidate the organisation’s certificate.

Then you have the staff using their own devices where visibility and access from central systems are limited to almost nil. It’s a BYOD (Bring Your Own Device) party, to which the security team is not invited!

Sharing and Collaborating, Securely

With many staff working from home, we saw a huge uptake of cloud sharing and collaboration platforms like Microsoft Office365. NHS Scotland rolled out Office 365 to over 160,000 workers during the pandemic.

But are end users sufficiently trained to use these platforms? Designed to enable remote collaboration, accidental data sharing is a real possibility if users are unfamiliar with the applications and could result in sensitive or business confidential data being inadvertently uploaded into personal cloud storage or shared with a wider audience than intended.

So, one question to ask the IT and Security Team will be: how they are ensuring that users are aware of the policies and processes laid out for the new cloud platforms and how they are monitoring any non-compliance or data leakage happening due to user error?

A culture and awareness of good cyber hygiene to stop frauds and insider threats

Cyber Safe Report shows that 9 out of 10 data breaches reported to ICO in 2019 were due to human error. Ensuring good cyber awareness is essential for developing a mature cyber security posture. With sudden demand for COVID related protective gears and other products we saw a huge rise in cyber related fraudulent activities. Criminals compromised business email to route payments to their bank accounts and compromised digital identity. Along with communicating policies and processes to follow, it’s important to ensure remote workers are aware of the changes in security practices arising due to the pandemic.

I know whom to contact when I face an incident!

If staff need to check an internal portal to get the IT Service desk contact details, then they might struggle if their system is locked with a ransomware.  Along with delivering a cyber aware culture, it is also important to ensure end users are aware of right channels to report any incident, especially when most of them work from home.

For most of the staff, it was never easy to suddenly change the work culture and practice. Have you ensured that along with technical security controls, you have made the processes easier from them to follow in the new working model?