top of page
  • Writer's pictureRobert Reed

Ten questions financial institutions must answer now about cybersecurity

Navigate the new work-from-home world and understand what the threat actors are doing and what your firm can do to prepare



COVID-19 is changing the way people work and forcing organizations to alter their operational model in a way that increases their cyber risk profile. At the same time, we know through our own market intelligence that phishing emails and ransomware have increased significantly, as have the domain registrations related to COVID-19 and the use of pandemic issues as “lures” with document attachments to exploit system (and human) vulnerabilities. Cybersecurity may not be top of mind or the most pressing need right now, however, you can’t lose sight of it.


While technology enables our remote workforce and helps protect our systems, people remain both our greatest asset and liability — engage and support them. 10 questions organizations should ask themselves:


  1. How are you protecting your organization against the increases in cyber attacks?

  2. How did you determine if your workforce and infrastructure can handle the increase in remote working?

  3. How is your information security (InfoSec) team able to monitor the increased number of remote workers?

  4. What is the plan if your InfoSec team or other key personnel are unable to work?

  5. How will you make critical decisions in the absence of key employees?

  6. What testing did you apply to assess the resiliency of your infrastructure?

  7. How will you respond and recover from a cyber attack or other outage?

  8. What response did you receive when you reached out to critical suppliers/vendors to verify that they are sufficiently protecting their networks and will continue to provide supplies/services throughout and after the crisis?

  9. How often are you communicating with your board, employees, clients and suppliers?

  10. What work-from-home guidance and training have you provided to remote workers?


What happens: Now, Next and Beyond


Now: As people settle into new routines, they will start to get restless, become complacent and cut corners.
  • Adding remote capacity to prevent outages and moving jobs that were never intended to be performed off-site, to work-from-home environments, creates new risks that require monitoring to prevent irreversible threats.

  • Fatigue will set in; some InfoSec teams and other key personnel will not be able to work; a shortage of staff is likely.

  • Security and event response will become more difficult as “false positives” increase because of new and unique working environments; teams reviewing logs will fall behind, missing critical threats.

  • Data leakage is a bigger problem.


Next: The honeymoon of settling into this new way of working has ended.
  • Major supply disruptions and shortages have emerged, including technical and security staff.

  • Nation-states are starting to exploit the malware they deployed in the early days of the pandemic.

  • Significant breaches by nation-states and criminal groups are reported in the press.

  • Ransomware has become a bigger problem as people spend more time on computers and criminals seize the opportunity to profit or disrupt.

  • Unintended privacy and General Data Protection Regulation (GDPR) breaches are identified. Account takeovers and Denial-of-service (DDoS) attacks are on the rise.


Beyond: Shelter-in-place restrictions are being lifted, people are going back to work, and normal operations are resuming.
  • Some employees are reluctant to return and continue to work remotely.

  • Shortages and supply chain risks will continue to disrupt normal business.

  • Insider threats remain high as staff members’ futures remain unclear.

  • Nation-states continue to exploit the persistence obtained previously.

  • InfoSec continues to uncover historical breaches while managing ongoing significant ransomware risks.

  • Budgets are tight; projects need to be prioritized and strategies revised.

  • Companies invest in infrastructure as emphasis on resiliency and contingency planning is renewed.


Steps to take now:
  • Save security logs so information security teams can review the data later.

  • Confirm all systems are fully updated, patched and properly configured.

  • Plan for your InfoSec team, help desk and other key personnel to be unable to work.

  • Conduct simulation exercises to practice decision-making and crisis response.

  • Remind employees not to open unsolicited emails from unknown senders.

  • Delay or cancel non-essential projects, and focus staff on critical tasks and reporting any suspicious behaviors, including phone calls (social engineering).

  • Increase communications with employees, customers, suppliers and the board.

  • Block remote printing; minimize the number of workers with admin/privileged access.

  • Confirm critical suppliers are taking steps to protect their networks.

  • Verify critical vendors have the capability to meet or scale up their commitments.


Summary


COVID-19 is changing how we work and forcing organizations to alter their operational model, which can increase their cyber risk profile. It’s important to understand what the threat actors are doing and what is likely to happen next. We’ve outlined ten questions firms can ask themselves and steps they can take now.



コメント


bottom of page