Cybersecurity Implementation And Future Strategies For Enterprises
With the lockdown in place and employees coerced to work remotely, we only have digital transformation to thank for helping ensure minimal glitches to business continuity. And yet, the challenges don't end here.
The pandemic has caused a paradigm shift in the way businesses used to operate, having set into motion some unprecedented effects that businesses are gradually learning to cope with. With the lockdown in place and employees coerced to work remotely, we only have digital transformation to thank for helping ensure minimal glitches to business continuity. And yet, the challenges don’t end here.
Most employees now work from the comforts of their homes but on relatively less secure networks and devices. This leaves enough room for cyberattacks attempting to steal business-critical data. With no end to this pandemic in view, at least in the near future, cybercriminals will continue to exploit and mould the grim situation at hand to their advantage. A case in point is the recent Maze ransomware attack on a renowned IT company, which, while wrecking the company’s internal systems, also tried to gather crucial information about the system it infected (whether it was a standalone server, backup server, or primary domain controller). Such information becomes useful to influence the ransom amount. In fact, according to a KPMG report, this lockdown has caused 18 million daily malware and phishing attempts and 24 million cases of COVID-related spam messages. In such challenging times, it is imperative for us to look at enterprise security with a fresh pair of eyes:
- Since most of the security and risk teams are operating from a remote environment, the incident response and protocols need to be upgraded to identify risks. The response team should be reviewed to ensure all members of the team can access the equipment to be effective. Risks that could be well managed earlier can be detrimental if the team cannot respond effectively. If the organization does not have cybersecurity incident response capability, then consider using the services of a managed security service provider instead of implementing a new system.
- The company’s security teams must perform basic endpoint hygiene and connectivity performance on systems. Corporate systems should have the minimum viable endpoint protection configurations for off-LAN activities. Employees who are using personal PCs for work should have anti-malware capabilities installed and must be in synchronization with corporate endpoint protection platform vendors to ensure the device is free from vulnerabilities. Mechanisms like software-token based multifactor authentication should be used to ensure only authorized personnel have access to corporate applications and information remotely.
- Your threat monitoring tools must provide maximum visibility. Due to remote working, there is a possibility that the security operations (SecOps) teams will miss events. The internal security monitoring and log management rule must be fully functional to detect threats. If enterprises are using managed security providers, ensure that the monitoring can detect breaches in a new environment of working.
- Use of self- supervised AI can thwart threats. Self-supervised AI is based on machine learning, which is capable of identifying and labeling threats that earlier required human intervention and was time-consuming. It functions by collecting data to form a baseline of the network; if it detects any abnormality in network performance, it will alert the security team.
The aforementioned steps, if implemented properly in synchronization with all the verticals and silos of the organization, can help streamline data security to the maximum extent. Hopefully, the pandemic will end soon and we’ll all emerge out of it stronger, but a little precaution never hurts.
With his extraordinary skill set as an intrusion analyst and immense passion for tech advancements, he has been building threat detection systems for close to two decades and has established partners in 14 countries across several industries like healthcare, insurance, transport, banking, and media.
Prior to founding and developing DNIF a product that delivers quality attack detection products and services to its customers, he worked with ICICI Infotech Ltd. as a Senior Consultant, where his core responsibility was to solve critical cybersecurity challenges faced by customers.
Shomiron, a TedX speaker, is also an eminent speaker at many industry events including DSCI (Data Security Council of India) and SACON (TheSecurity Architecture Conference).
He is an alumnus of St. Xavier’s college. Outside the tech world he is a trained mountaineer with expedition experience in the Himalayas.