The coronavirus pandemic has profoundly changed the way we live our lives. While it may have been the case that increasingly more employees were being allowed to work remotely, nobody expected the shift to occur as abruptly as it did.
As cybercriminals sought to capitalize on the crisis, businesses were scrambling to strengthen their security posture and adapt to the new paradigm. Now that most companies have become accustom to the new norm, it would be a good time to reflect on some of things that we can (or have already) learned about securing our systems and data in a remote working environment.
There are many similarities and parallels between the ongoing pandemic and the security threats that businesses face – both in terms of how victims are infected, and the techniques that are used to contain them. While this article focuses on the cyber-security lessons that we can learn from the ongoing health crisis, we could argue that there are lessons that Governments could learn from cyber-security.
As an example, take the five stages of incident response, which include: preparation, detection and analysis, containment, eradication, and recovery. In the context of our response to the pandemic, did we have clearly defined protocols for dealing with each of these stages? Probably not.
Lesson 1: Every second counts
There was a significant delay between the time when the coronavirus was first identified, and when authorities across the globe (specifically the Chinese authorities) issued the first public health warning and starting taking action to prevent the virus from spreading.
While we can speculate about the exact origins of the virus, it’s likely that those directly or indirectly responsible would have hesitated to inform the relevant authorities. Likewise, companies often fail to report security incidents in fear of how it would affect their reputation.
However, in a situation where an attacker is able to move laterally throughout our network, every second that we fail to identify and respond to the incident counts.
Lesson 2: Don’t wait for disaster to strike before taking action
The UK Government was a global leader in preparing for pandemics. With the exception of the foot-and-mouth disease outbreak in 2001, and the Ebola crisis in 2014, pandemics such as COVID-19 are exceptionally rare. As a result, the UK Government became complacent, and funding for the Global Health Strategy, launched in 2008, had dwindled.
The result was that the UK fared no better, if not worse than the rest of the world in dealing with the pandemic. The obvious lesson we can learn from this is to always be prepared and expect the worst. Instead of waiting for disaster to strike and then scrambling to figure out the best way to respond, we must ensure that our cyber-security programs are well funded, and that we have an up-to-date, tried and tested incident response plan (IRP) in place to deal with security incidents in a controlled and predictable manner.
Lesson 3: Make sure that everyone is aware of the symptoms
As a part of the public health warning issued by Governments following the initial outbreak of the coronavirus, citizens were made aware of the symptoms, which include a high temperature, a continuous cough and a loss or change to your sense of smell or taste.
When it comes to security incidents, the symptoms we need to look out for might include anomalous file and folder activity, failed logon attempts, suspicious outbound network traffic, unusually slow internet speeds, and so on. As with COVID-19, all relevant personnel must be given a list of these symptoms, and the list must be clearly visible and regularly brought to the fore-front of their attention.
Lesson 4: Know the rules, and follow the rules
An important lesson we can learn from the lock-down is that there are always people who either don’t know what the rules are, or simply choose not to follow them. Of course, some were not happy with the rules, and some would argue that there were times when disobeying the rules was necessary. However, in the context of cyber-security, it only takes one seemingly harmless act of disobedience to bring the entire company network to its knees.
Viruses spread quickly and in ways that we can’t predict, hence why citizens around the world were advised to stay at home. In situations where that was not possible, they were advised to wear a mask, maintain a distance of at least two metres between themselves and other members of the public, and wash their hands regularly – using sanitizer where possible.
Many of these protocols are relevant to protecting ourselves against cyber-attacks. For example, in context of work-related activities, employees should be advised to only interact and share information with people within their organization – ideally with people who they have a direct relationship with. Employees should be advised against opening or forwarding emails that might contain malware.
Another lesson we can draw from the social distancing guidelines relates to network segmentation. Network segmentation is the process of dividing a network into smaller, isolated sections. One of the main benefits of isolating network traffic is damage control, in that it helps to prevent attacks from spreading from one system to another. Likewise, if one of the network segments were to be compromised, it gives the administrator time to figure out what has happened and respond accordingly.
In the context of keeping our systems and data secure, it is important that we always wear a mask. In other words, we should ensure that all devices have the appropriate anti-virus tools installed on them, and that all servers (and devices) have a firewall and some sort of threat detection solution in place. In the case of preventing both the spread of coronavirus and potentially malicious applications, the zero-trust methodology applies, which essentially stipulates that organizations shouldn’t automatically trust anything inside or outside its perimeters.
Lesson 5: The threat landscape is always changing
Few people expected there to be different strains/mutations of the coronavirus. It was naturally assumed that once a vaccine had been found, and enough citizens had received the jab, the virus would eventually start to disappear. A common misconception held by organizations is that once they have identified, contained and eradicated a security incident, the problem is effectively solved and thus, doesn’t require any further attention.
However, just like a virus that is able to mutate, cyber-criminals are constantly changing their tactics in order to gain access to our networks. In some cases, they will install a backdoor, which they can use to gain access to the network at a later date.
Now, with AI being used to create super-viruses which are able to mutate in order to evade even the most sophisticated anti-malware solutions, it has never been so important to ensure that we stay ahead of the curve, install patches in a timely manner, and leverage the latest and greatest threat detection technologies on the market.
If you’d like to see how the Lepide Data Security Platform can help you to improve your data protection and compliance standing, schedule a demo with one of our engineers or start your free trial today.