Download the latest issue of Business Today Magazine just for Rs.49
Firms Must Test Cyber Resilience Plans, Policies

Firms Must Test Cyber Resilience Plans, Policies

Fear, uncertainty and rapid business shifts have created the perfect storm for cybercriminals to capitalise on

Representative Image Representative Image

In the world of cybersecurity, security defenders have to look far ahead to outpace the speed of business, technology, and cybercrime innovations while also keeping active threats at bay. In a year that has seen the most dramatic changes to business operations in recent memory, maintaining a strong cybersecurity posture is no easy feat.

These changes are mostly driven by a rapid shift to work-from-home models, which are truly testing companies' tolerance for risk. Businesses of all shapes and sizes are now leaning on technology more heavily than ever before. Unfortunately, many of the security guardrails normally in place have fallen by the wayside in the process - and criminals are waiting in the wings to take advantage.

In fact, times of chaos and uncertainty are when cybercriminals thrive the most - from attempts to trick individuals working under stress into clicking malicious links, to looking for open doors into companies' networks introduced during the rapid deployment of new tools for remote work and operations.

Today, businesses are facing many of the same challenges that they've been addressing for the last decade - just at greater scale and speed. Now is a critical time for organisations to re-evaluate security strategies to ensure they have visibility across their IT infrastructure, understand and prioritise the most critical threats, and have comprehensive plans on how they respond to cyberattacks in a way that works for today's new normal.

Protecting New Tech Frontier

As new technologies are being adopted at a breakneck pace, the traditional IT landscape that security teams are charged with protecting has grown exponentially more complex and dispersed. There's no question that the future of business operations is digital - and increasingly, cloud-based apps and infrastructure are the foundation of that shift. Companies spent $31 billion on cloud computing services between January and March of this year, up 34 per cent compared with the same period in 2019.

The ease at which new cloud tools and resources can be deployed can create a wild west of broad and distributed resources, which can be harder to centrally monitor and secure. Individual employees introduce the element of human error into the equation, and as new cloud-based apps and infrastructure become easier for anyone to deploy, opportunities for misconfiguration or introducing vulnerable applications become a major concern.

Overall, 86 per cent of records compromised last year were due to misconfigured cloud servers and other improperly configured systems - that's nearly 7 billion records exposed due to common mistakes, which often could be avoided through following proper policies and checkpoints.

With employees now working from home - often from personal devices or without new security policies or technologies in place - the opportunity for attackers to take advantage of human error is more present than ever.

Staying Ahead of Emerging Threats

Cybercriminals have never been known to let a crisis go waste - and the fear, uncertainty, and rapid business shifts taking place during the pandemic created the perfect storm for attackers to capitalise on. Phishing attempts, which lure individuals into clicking malicious links to steal work credentials, are the primary way attackers gain initial access to systems.

Beyond just leveraging the latest crisis as a guide for phishing, cybercriminals are also constantly evolving their techniques to target emerging technologies and to avoid security defences. Ransomware is an attack vector that has grown around 70 per cent in recent years, and these attackers are innovating new ways to break into networks and hold critical company systems hostage. Ransomware is an industry agnostic threat, impacting everyone from local governments to retailers, financial services, and critical infrastructure suppliers. To defend against these attacks, it's essential to have the right data and recovery plans in place - yet many companies have still not evolved their security response plans to account for this breed of attack.

Redesigning Policies For The New Normal

It's clear the business world looks significantly different than it did six months ago, companies need to take a hard look at security policies, training, and attack response plans they have previously developed to protect themselves in this new climate.

To deal with an increasingly dispersed technology landscape, companies have adopted an overload of security point-products, which are disconnected and only add complexity to the response process - using nearly 20 tools to respond to a single incident on average. Using tools that are interoperable, as well as leveraging automation to help streamline the response process, is one way to alleviate this burden.

Planning and policies are foundational elements of any security strategy and remain essential in today's fast-changing landscape. Companies must re-evaluate how employees are now using their devices, accessing sensitive customer data, and meeting regulatory requirements under new, increasingly remote work models. Retraining for staff on security policies and handling of customer personal identifiable data to meet applicable privacy regulations is in order for many companies.

The security planning that companies undertake must also go beyond attempting to prevent incidents, but also prescriptive plans on how they will effectively respond to the various security attack scenarios they are facing on a daily basis. Playbooks for the most common attack types are needed - but most companies are still lacking formal incident response plans. Companies must also frequently test the plans to ensure they are still effective under current operating procedures. Even amongst companies with formal plans in place, more than half of them have either never tested their plan or have no set schedule for testing them.

An effective and comprehensive security response plan, testing of that plan, and having the right response team in place can have one of the greatest overall effects on how much damage companies will incur from an attack - saving around $1.2 million on the cost of a data breach on average.

Now is the time for companies to update and test their cyber resilience plans, re-evaluate their security policies and strategies, and make sure their employees are equipped with the right tools and training to operate in the new normal. By understanding current threats, prioritising top risks, and planning ahead, companies can significantly reduce downtime and limit financial and reputational impact of the security incidents they're facing.

(The writer is Vice President, IBM X-Force Threat Intelligence)

Published on: Jul 08, 2020, 10:14 AM IST
Posted by: Vivek Dubey, Jul 08, 2020, 10:14 AM IST