Back to Insights

Risk Management In Futuristic Work Environment

Cyber security 05/28/2020 - 13:17 by Sabita Sriram

Emerging Trends in Risk Management

With work from home becoming the new normal, professionals and students spend more time indoors. They pass the time by studying online, working remotely, learning new skills, shopping online, and video streaming to keep themselves entertained. Now, there is an increased need for collaboration tools. This has increased the need for cyber controls.  For starters there could be anxious employees who are trying to connect online, this could render VPN useless or attempts by employees to bypass controls. There could be a possibility of relaxing firewall rules to get things done in a lockdown, only the business risk is heightened.

It is time to keep track of the security of collaboration tools that we use, remote infrastructure needs proper technical vulnerability management. Patch management and systems hardening becomes all the more critical. Cloud security is a basic aspect of IT operations to keep organizations stable. Defense needs to be with more depth and emphasis. Multi-factor authentication becomes business critical.

  • Proper management of access control is indispensable. A step-wise approach would be to determine sensitive data, systems, and networks, the roles that are required to come in contact with such systems, and the business needs as well as, compensating controls.  Be it a system administrator application administrator developer or network administrator proper segregation of work is a basic necessity to ensure reduced scope for fraud.
  • Security testing at the piloting phase of an application will help in reducing vulnerabilities or scope for exploits.IT and cyber security teams must account for shadow IT which implies the creation of certain tools or using certain system resources that are not authorized. Emphasis must be laid on considering the additional risks of using such infrastructure. These are present to augment office IT capabilities.
  • Adopt and embrace virtualization for your IT infrastructure. This offers a desktop interface that is more hassle-free from a security perspective. This is one step ahead in handling additional risks arising from a lax working environment. For instance, imagine your employees working from their couches and browsing social media pages/blocked pages in between work hours from their mobile devices. End-point protection is of massive importance in such a scenario wherein there is minimal scope for monitoring. Alternatively, an employee may respond to a phishing email or divulge some confidential data.
  • End user training for increasing information security awareness is of considerable importance. Besides this, digital laggards can no longer afford to use cyber security as an excuse to avoid emerging technologies.

Somewhere a lot of cybersecurity-related communication is drowned out in emergency or crisis-related communications. This is where we need to pay attention to effective means to engage audiences. Wikis, post-it notes, real-time querying, or incident reporting anonymously are all some ways to enhance the effectiveness of two-way communications. Send informatory emails to users periodically to keep them aware of the latest security attacks or threat vectors.

A risk-based approach to handling new attack vectors or threats is the only answer to all these concerns. To begin with, start by identifying high-risk user groups, classifying sensitive data, and monitoring for anomalous behavior patterns. For instance, if someone is accessing systems during unusual times try to log their actions/ restrict such untimely access. It could be bulk downloads of data or unusual bandwidth consumption.

Robust and scalable IT processes help in ensuring that business needs are not compromised. IT helpdesks may be more stressed or worked up now because of the increasing workloads they need to tackle. Deployment of security tools may increase demand for capabilities, here companies can explore the possibility of using contractors for quicker deployments/ surged demands. Explore the availability needs of existing collaboration tools and validate their business continuity/ disaster recovery capabilities.

Encourage employees to implement proper record document management and retention practices for physical copies of information. Ensure secure retention and disposal of mission-critical documents. At a time when there is a hiring freeze, and furloughs the demand for security consultants is increasing. The simple reason is that organizations recognize the need to recruit more personnel in their security operations at a time when digital transformation is taking the lead.

The security stack of every firm varies depending on the approach, and availability of resources. However, we need to take cognizance of security and incident event monitoring tools which need to be implemented to improve our cyber readiness. If there are some information processing facilities of the organization which are not monitored then these constitute a major vulnerability. One point we need to consider is the insecure and uncontrolled channels that employees use. This should not be a loophole in the IT infrastructure.

Many social engineering attacks are being launched on employees. These include phishing, vishing, smishing, and using fake websites to deliver malware or solicit payments. A large government entity in North America suffered from a distributed denial-of-service attack aimed at disrupting services and issuing misinformation to the public. A major hospital in Europe was hit with a cyberattack that forced it to suspend scheduled operations, shut down its IT network, and move acute-care patients to another facility. A department of a local government had its website encrypted by ransomware, preventing officials from posting information for the public and keeping employees from accessing certain files. Remote access

A combination of technical controls, and employee engagement.

Supply and configure a work laptop and network connection such as a wireless mobile connection. Consider using USB dongles, all communications need to be encrypted, and split tunneling must be disabled in Virtual Private Networks. Instruct remote workers to avoid unnecessary web browsing activities using the organization’s infrastructure.

When it comes to remote access ensure that only limited access privileges are granted within the system, a unique paraphrase is used for every system.  Educate employees to maintain a private physical space, that remote workers lock sessions and maintain secrecy of their authentication information.

Consider the use of a Virtual Local Area Network to segregate the traffic relating to corporate work. Some technical solutions need to be implemented on the corporate side and these include setting up a vulnerability monitoring facility, real-time monitoring of remote access logs, and disabling internet protocol or geolocations.

Consider providing logically segregated access to personnel working from home. Prioritize remote access connections if there is an overload.

Start by creating a network architecture document, and identify points for remote access, and the potential weaknesses.  Ensure there is clear documentation for all changes. Patch systems wherever possible. This logical flow of data must also have sufficient detailing to ensure that business continuity aspects of infrastructure and application are captured.

A robust backup and change management process is needed to handle proposed and unforeseen configuration changes. Keep a rollback point or a decision point to manage the implementation. Disconnect systems that are identified as launching internal attacks. It is about maintaining a vision of alerts that need to be in place to handle anomalies or malicious attacks. This involves an interplay of incident response and crisis management/communications planning.

Ensure you hire sufficient telecommunications specialists and cyber security specialists to manage the infrastructure during critical times. There needs to be formal communications between different stakeholder groups namely, security operations, change management, etc.

A combination of virtual private networks, virtual desktop infrastructure, and demilitarized zones would make the organization’s systems more secure. Use 2 jumps to establish a remote connection. Needless to say, the principle of least privilege, maintaining unique identities for users, ensures that edit functionality is disabled in remote access. Do not allow drive redirections that help in information disclosure or malicious file transfers. Verify the authenticity of patches before deployment.

Consider reports for monitoring anomalous activities. Ensure audit trail for incident response and planning. There could be context-specific brief alert messages that are sent to security operations teams and minimize the scope for false positives.

There could be data capture in unencrypted regions within the organizational boundaries or sniffing attacks, so try to mitigate these issues. An internal and external scan or penetration test will help reduce many risks, and ensure this does not harm the production environment. Remote access

Cybersecurity challenges

The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.

To prepare for changes to technology work, the workforce, and the workplace, C-suite executives can focus on the big picture like remote access.