Cyber Security in a Global Crisis

“The first rule of business: protect your investment.” Etiquette of the Banker, 1775

We are living in very uncertain times; business is hard enough as it is without a global pandemic shutting down large areas of the business world. But that doesn’t stop security events and malicious actors from attacking organisations, if anything, with all of the confusion and the fact many of these malicious actors being off work, furloughed or made redundant, it’s making them all the more active. We all need cash to survive and they are no different. Only recently as an example it’s come to light that Marriott has had ANOTHER security breach and is facing a fresh set of problems, definitely not needed when, like every other business, they are no doubt seriously feeling the pinch in the current economic climate.

Information security is tough to manage at the best of times; in a situation where most of your workforce is remote or laid off, it becomes a serious issue. This is going to be a period of time that will seriously test organisations’ BCP and DR plans as well as their defence in depth security countermeasure. It’s also going to test a security department’s ability to detect and undertake corrective measures, as in some cases staff are accessing company facilities with their own computers. Managing the security of an organisation in lockdown with distributed workforces is a significant challenge.

I predict, and indeed we are already seeing, a significant increase in phishing attacks using the coronavirus as a delivery method, with malicious actors stepping up attacks to take advantage. It’s been reported that ransomware attacks are also on the rise, and in this current situation it could be catastrophic. The thought of having a ransomware attack against ANY of our critical infrastructures at the moment such as gas, power or – god forbid – NHS infrastructure is inconceivable and a significant threat not only to the technology, but it’s also a very real risk to the safety of the public. It’s a very, very serious risk.

It’s now that we’ll see how organisations’ security performs. It’s horrible to think that the only way to test organisation security countermeasures is to have a security event, but it’s the unfortunate truth: over the next few weeks or months, basically until things begin to get back to normal, we will see how things turn out. I do strongly think that after this there is going to be a significant rise in BCP/DR planning, with people using lessons learned throughout the experience to ensure that if this does happen again, they will be able to handle it quickly and more effectively. But I will cover this subject in another article.

All in all, as I usually do, here are some Top Tips for managing your information security during a crisis:

Don’t panic!

As a favourite author of mine once put on the front of the greatest book in the history of the universe: Don’t Panic. You will have a lot of work to do, it will be a pretty tough time, accept that and do what you need to do for the best of the company. Secure the investment…

Communication is key

If you’re an information security person, then check in with your staff and key staff members throughout the crisis, be visible and approachable at all times and as responsive as you can. Communicate any issues, alerts and information as quickly and effectively to all staff as needed to ensure people are on the look out for potential security threats, especially phishing and ransomware!

Upgrade email security

If you have email security packages, it is strongly advisable to make sure they are up to date and working. Also ensure that any tolerance settings that the solution may have are correct and if possible updated to a more secure setting. As mentioned before, phishing and ransomware attacks will rapidly increase in size and scope so setting a higher security stance than normal is definitely recommended, actively review all quarantined emails and either release them or remove them as required.

Check defence in depth

As well as email security, also check your antivirus products, IDS/IPS, patching status of all devices and ensure that these products are all up to date, in place and actively scanning and checking for security issues. It’s vital that you also check alerts are active and being reviewed at least daily and that all security countermeasures are actively working.

Remote workers

Actively look at how people in your company are working, if any are using their own devices rather than company assigned devices, then restrict direct access to systems and where possible forbid it completely. If a direct connection from an untrusted source/device is absolutely necessary, work with the IT teams in order to achieve this in the most secure possible way, only communications that are absolutely necessary, no more.

Critical third parties

Many people miss this, but review all of your critical third parties for two reasons. The first is to ensure that they have increased their security in line with yours and that they are undertaking reviews and checks, especially if they have some form of connection to your estate, technologically speaking. The second reason is to review their current status – if they provide critical services and are about to have a business failure and go under, then plans need to be put in place to remediate this as soon as possible, either via assistance or outlining countermeasures to replace or directly take over the services they provide.

Remember compliance obligations

The last thing on anyone’s minds at the moment is that compliance needs to be maintained, but unfortunately it does, if you have PCI DSS, HIPAA, SOX or any similar compliance obligations that you are required to maintain contractually, you need to make sure you do that as best as possible. This is not always easy, but your organisation is unlikely to be in a state to pay a fine or undertake investigations or recovery exercises in its current state. If there’s a reason you can’t maintain compliance, or if you need to put some kind of temporary measure in place, make sure you document the reasons as much as the details of the temporary measures. But be objective and don’t put the organisation or its data at risk.

Document lessons learned as you go

During a crisis, you are busy, running around and trying to keep everything going, along with the stress of worrying about your position, your job, etc. In such situations it is very easy to forget key things that should be looked at after the crisis has gone, so list them, document them as much as you can with at least a little detail of why, that way when you review the lessons learned you will not forget anything.

Follow Us