Cybersecurity Resilience
For the past year and a half, we have been responding to COVID-19 and its impacts on our organizations. It seems that just yesterday we were a well-oiled workforce, comfortable in our brick-and-mortar corporate settings, and then we suddenly had to scramble to abandon those comforts to work from home in response to the pandemic. Organizations were frantically trying to procure laptops, tokens, monitors, and other equipment to meet the needs of an abruptly displaced workforce. We were all a little on edge and nervous, except for the cybercriminals. They were looking at the chaos as nothing more than opportunity and fantastic profits.
As we transitioned to home…
we naturally became more and more reliant on email. This medium replaced much of the face-to-face communication that we enjoyed while working in our corporate environments. Information technology introduced new systems, tools, devices, and technology that enabled us to continue serving our customers. While we were preoccupied with this transition, the average corporate technology footprint expanded exponentially. Your business may have occupied a three-building campus; however, your footprint grew 10, 20, or even 100X as you had to support your displaced workforce. While all of this was going on, cybercriminals were probing and looking for weak spots that could be exploited.
It should be no big surprise that the cyber thieves jumped on to email as an easy gateway into organizations. In fact, email remains the most popular way to slip an organization’s defenses and wreak havoc. For cybercriminals, the transition to employees working from home represented the golden ticket to corporate information. This transition was a tumultuous time for many. Factor on top of that our worries about the virus, our families, friends, and health. Would we return to normal at some point, or would this be our new normal for the foreseeable future? This turmoil is exactly what the bad guys needed. Cybercriminals understand that human users — not software and hardware — are by far the easiest component of any computer systems to manipulate, trick, and crack, according to Professor Henry Collier of Norwich University’s (Vermont) cybersecurity department. Collier, a cybersecurity expert with more than 30 years of experience in the Army, points out that almost every single cyber incident can be traced back to human error and the human condition.
Our dependency on email continues to grow, which only increases an organization’s risk. 75% of respondents to a recent Mimecast survey point out that email-based attacks are increasing. Employees worldwide are clicking on malicious URLs embedded in email at three times the rate as before. This behavior is causing organizations to play defense in many cases and taking time and resources away from offensive actions.
The threat landscape has become more mature, and bad actors are savvier. We still see the poorly constructed and written emails targeted to lure employees into clicking a malicious link or attachment. On the other hand, it has been noted that the bad actors have become more sophisticated and are using tactics such as “Important COVID-19 Update” or other feigned “corporate messages” designed to prey on our COVID fears. The goal remains the same: fool or trick employees into revealing important corporate information, such as their login credentials.
Ransomware continues to be a huge threat for many corporations. Companies experience an average of six days of downtime as a result of ransomware attacks. A Mimecast survey revealed that 61% of respondents noted that their business was disrupted by a ransomware attack at some point in the past year. This is up 10 points from the previous year’s study. This data reveals that we still have a significant amount of work to do to stay ahead of the bad actors. We must be prepared with the appropriate tools, technologies, and a strong cyber-resilience strategy to overcome the threat.
What can be done to better protect our organizations?
First, make a strong investment in cybersecurity from both a human capital perspective as well as tools and technologies. Conduct training often — one of my clients conducts a program called “phish of the day” in which they send internal phishing emails every day to small groups of employees. This technique increases awareness and helps people be more aware. It helps to develop muscle memory and keeps in mind Professor Collier’s argument that the human is the weakest link in the cyber chain.
Another way to protect your organization is to adopt a strong cybersecurity framework. NIST Cybersecurity Framework helps businesses of all sizes understand, implement, manage, and reduce their cybersecurity risks, as well as protect networks and data. NIST best practices help organizations devise where they should invest their time and money for cybersecurity protection.
Finally, exercise your cyber plans. Have a third party develop a cyber exercise and lead your organization through the scenario. Stress test your plans to ensure that they will enable your organization to detect, respond, and recover from a cyber event.
A strong cyber-resilience program is paramount to protecting your organization, employees and customers. When a cyber incident strikes an organization, the financial, operational, and reputational impact can be significant, if not catastrophic. Organizations can reduce these risks and expedite the return to normal operations through the development and routine practice of a cyber-resilience plan.
References
Giving His All; Robyn O. Green. Norwich University Record, Fall 2021
