The coronavirus is now a pandemic and is very much at the forefront of all decisions that businesses are taking. This article examines how this latest pandemic is affecting the role of a CISO and provides recommendations on how they can achieve a sound level of security amidst the panic.
Article 32 of the General Data Protection Regulation (GDPR) requires that companies implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk posed to the rights and freedoms of individuals. In doing so, they should take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the data processing, as well as the risk of varying likelihood and severity for the rights and freedoms of the individual.
This requirement informs, to a great extent, what a CISOs responsibility should be when it comes to processing personal data. One of the key roles of a CISO is to consistently review and monitor the security measures that are in place to protect systems and information. In the event that such systems and/or information are compromised, the CISO will play a vital role to ensure such compromise is contained and remediated effectively.
Businesses always run a risk of falling victim to a cyber attack. However, this risk has now heightened as cyber criminals are taking advantage of the pandemic and the pressures that businesses are under. An article published by the BBC on 13 March 2020 examined five phishing campaigns in which hackers are purporting to provide information on the virus in an email that is in fact delivering malware to the recipient. This is just one illustration of how cyber criminals are trying to capitalise on the current climate.
On a daily basis, we are seeing news articles stating that various companies have closed their offices in the city and workers will now be carrying out their jobs remotely from home. This alone presents several challenges to CISOs in relation to the security of their virtual private network (VPN) connections and corporate devices.
Some cyber attacks and breaches are preventable if certain measures have been implemented. Here are our top recommendations for CISOs to ensure that their systems and data are secure:
In recent years, we have seen a rapid increase in bring-your-own-device (BYOD). Given that several offices are now closing because of the threat of the coronavirus, CISOs will need to go back to basics and see if devices that will be used to facilitate home working (both corporate and BYOD) have the optimal level of security.
In practice, this means ensuring all devices are encrypted, have the up-to-date security updates installed on them and that appropriate password protection is applied to devices and systems.
Where new devices are being issued to employees to enable them to work from home, guidance should be given to staff to promptly change the default passwords set on such devices because these default passwords are extremely easy for attackers to guess.
With most employees relying on a VPN connection to log onto their work systems, CISOs must give particular attention to protecting the internet connection with an appropriate firewall that can also alert IT security to any unusual or suspicious activity.
The National Cyber Security Centre's Cyber Essentials provides helpful guidance on how device, system and internet security can be achieved.
Multifactor authentication is a simple but very effective measure to implement in order to protect your systems and data. Data protection regulators often refer to the lack of its use when commenting on cyber attacks. Multifactor authentication should be used to log in to work-related services, in addition to simply using passwords.
Given the increase in phishing emails relating to coronavirus, this is an obvious area for CISOs to focus on. Re-train employees, circulate guidance on phishing emails and perform a mock phishing attack to see if employees can correctly identify such emails.
We often see that, despite the right training, employees still fall victim to such attacks. Therefore, revisit your system security (as mentioned above) and implement multifactor authentication, which will be effective in preventing the attacker gaining access to your systems.
Imagine your whole workforce has been advised to work from home and when they try to log onto your systems remotely, they encounter problems some cannot connect to the VPN while others find the connection too slow. This will put immense strain on your IT helpdesk.
Before instructing employees to work remotely, CISOs should test whether this will work in practice. A method currently adopted by many organisation is that they allocate a time over a weekend when they will instruct all their workforce to log onto the systems via the VPN connection. They will review log statistics and obtain feedback during this time to determine whether their systems can sustain that level of demand and what improvements can be made.
Despite having all the relevant security systems and policies in place, you may still have an unfortunate situation where you fall victim to a cyber attack. Therefore, you must have your incident response team ready to deal with such an incident.
The most obvious and key item here is to ensure that they key actors in your incident response team can be contacted easily in the event of a breach. Dont just rely on emails to report and escalate breaches because, in the event of a cyber attack where your systems are compromised, these may never get picked up. Companies should look to set up a breach hotline that is managed 24/7 to ensure breaches are picked up.
An equally important point is to ensure that your incident response team is trained to be able to effectively action the incident response plans that you have in place.
Coronavirus will not be an excuse for failing to comply with statutory obligations. CISOs may be tested where business continuity plans have been executed for the coronavirus, and other incidents occur. It will be critical for organisations to understand their legal and reporting obligations in the context of data security and to be capable of implementing their incident response and management plans, even while operating remotely.
Sabba Mirza is a senior associate in Fieldfishers privacy, security and information law group. This article was also reviewed by regular Computer Weekly contributor and Fieldfisher partner James Walsh.
- Is COVID-19 Making the Internet Sick? - Government Technology - May 27th, 2020
- Thanks to Physics, This Chocolate Is Iridescentand Safe to Eat - Smithsonian.com - May 27th, 2020
- $100 million in bounties paid by HackerOne to ethical hackers - BleepingComputer - May 27th, 2020
- Types of Encryption: 5 Encryption Algorithms & How to Choose the Right One - Security Boulevard - May 27th, 2020
- Asian consumers worried about securing their data - BusinessWorld Online - May 27th, 2020
- Move online to survive businesss new mantra - BizNews - May 27th, 2020
- China Demands Us Withdraw Sanctions on Tech Suppliers - Manufacturing Business Technology - May 27th, 2020
- DDoS Protection Market Overview, Regional And Restraint Analysis By 2020 2026 - 3rd Watch News - May 27th, 2020
- Galaxy S20 security is already old hat as Samsung launches new safety silicon - The Register - May 27th, 2020
- Amid the COVID-19 crisis and the looming economic recession, the Electronic Bill Presentment and Payment (EBPP) market worldwide will grow by a... - May 27th, 2020
- Global Internet of Things (IoT) Security Market Research Studies Competitive Strategies, Regional Analysis Forecast 2025 - WaterCloud News - May 27th, 2020
- When COVID-19 and Economic Fallout Put Millions of Kids in Unsafe Places, Communities in Schools Went in After Them. - The 74 - May 27th, 2020
- DNS over HTTPS: How to activate it on Windows 10 Build 19628 - WinCentral - May 27th, 2020
- The lack of women in cybersecurity leaves the online world at greater risk - The Conversation US - May 17th, 2020
- COVID-19 Impact and Recovery Analysis | Internet of Things (IoT) Security Market 2020-2024 | Increasing Incidence of Cyberattacks to Boost Growth |... - May 17th, 2020
- Break On Through To The Other Side - Seeking Alpha - May 17th, 2020
- Post-COVID 19: The Virtual World And Digital Participation And Its Challenges In Ghana - Modern Ghana - May 17th, 2020
- Embracing Remote Learning and Working after COVID-19 as our New Reality - THISDAY Newspapers - May 17th, 2020
- The lack of women in cybersecurity leaves the online world at greater risk - Kiowa County Press - May 16th, 2020
- Internet security Market Research Report 2020 By Size, Share, Trends, Analysis and Forecast to 2026 - Cole of Duty - May 16th, 2020
- The best antivirus protection of 2020 for Windows 10 - CNET UK - May 16th, 2020
- Bill Proposes to Incentivize Cybersecurity Innovations With Cash Prizes - Nextgov - May 16th, 2020
- The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet - WIRED - May 16th, 2020
- Spains DGT Warns Of A New Scam Circulating Which Tricks Users Into Giving Their Data - Euro Weekly News - May 16th, 2020
- What is the Internet of Things? - Fox Business - May 16th, 2020
- Air Force aims to make secure mobile identity management the norm - FCW.com - May 16th, 2020
- Internet Security Market Analysis, Size, Regional Outlook, Competitive Strategies and Forecasts to 2027 - Cole of Duty - May 9th, 2020
- (2020-2026) Internet Security Audit Market to Witness Robust Expansion throughout the Forecast Period - Cole of Duty - May 9th, 2020
- OODAcast A Conversation With Lou Manousos, CEO of RiskIQ - OODA Loop - May 9th, 2020
- COVID-19 Crisis To Help Akamai Replicate $300 Million+ Revenue Growth From The Past 2 Years? - Forbes - May 9th, 2020
- Global Internet Security Market is Segmented by Applications, Technology, Product Type And Service and Region - TechnoVally - May 9th, 2020
- Google Releases May 2020 Android Security Patch; Fixes Bug That Allowed Remote Code Execution - Mashable India - May 9th, 2020
- Gregory Boehm | The Harvard Press | News | Obituaries - Harvard Press - May 9th, 2020
- Wifi/ Internet/ IoT Testing and Security Solutions Market 2020 by Company, Regions, Type and Application, Forecast to 2024 - Cole of Duty - May 9th, 2020
- More Salt in their wounds: DigiCert hit as hackers wriggle through (patched) holes in buggy config tool - The Register - May 9th, 2020
- Zoom's Rise, Reign and Era of Reform at the Top of the Teleconferencing Throne - BroadbandBreakfast.com - May 9th, 2020
- The Pleasures and Pitfalls of Motherhood on Instagram - ELLE.com - May 9th, 2020
- Global IT Security Spending in Government Market Expected to reach highest CAGR by 2025: Check Point Software Technologies, Cisco Systems, Fortinet,... - May 9th, 2020
- Millions of Android users need to update, or risk having attackers take over their phone - Express - May 9th, 2020
- Deal of the Month: 50% off Integos Mac Internet Security X9 bundle - 9to5Mac - April 20th, 2020
- COVID-19 impact: Internet Security Firewall Market: Promising Growth Outlook with a Steady CAGR of X% 2020-2026 Cole Reports - Cole of Duty - April 20th, 2020
- Russia And China Hijack Your Internet Traffic: Heres What You Do - Forbes - April 20th, 2020
- Internet security Market 2020 Break Down by Top Companies, Applications, Challenges, Opportunities and Forecast 2026 Cole Reports - Cole of Duty - April 20th, 2020
- Investor Paul Meeks overhauls tech strategy due to coronavirus risks, turns negative on two widely held stocks - CNBC - April 20th, 2020
- Authentic8's Front Line of Defense Tool Aims to Safeguard Government Agencies from Cyberthreats - WashingtonExec - April 20th, 2020
- Blockchain: The Most Awaited Ally For The Security Of The Internet Of Things - CoinCodex - April 20th, 2020
- The internet's battle against bots is heating up - The Hustle - April 20th, 2020
- Bot creates millions of fake eyeballs to rip off smart-TV advertisers - Naked Security - April 20th, 2020
- Where to buy Kaspersky Internet Security? - RecentlyHeard.com - April 17th, 2020
- Citing coronavirus disruptions, PhishCloud offers year of free service to prevent phishing scams - GeekWire - April 17th, 2020
- The Global Software Defined Perimeter Market size is expected to reach $10.7 billion by 2025, rising at a market growth of 23.7% CAGR during the... - April 17th, 2020
- Women are essential helpers during crises but they need access to the internet | TheHill - The Hill - April 17th, 2020
- How To Browse The Internet Privately on Your Phone (Our #1 Tips) - Know Your Mobile - April 17th, 2020
- Faster Internet and protection against cyberattacks: UPC Business offers customers free additional services during the coronavirus crisis -... - April 17th, 2020
- Teaching your kids to surf the internet safely - The Star Online - April 17th, 2020
- No, the Internet Is Not Good Again - The Atlantic - April 17th, 2020
- Cyberattacks on endpoints will rise by up to 40 per cent unless we act quickly - Techerati - April 17th, 2020
- RBR's CyberPatriots Continue their Winning Ways - The Two River Times - April 17th, 2020
- The Weaponization of Dogs on the Internet - Lawfare - April 17th, 2020
- Investment opportunities in the internet sector - Times of Malta - April 17th, 2020
- Matt Hancock has no answers for anything but he does have a six-point plan and a very small badge - The Independent - April 17th, 2020
- Best internet security suites of 2020: anti-virus and anti-malware cyber security - TechRadar - April 17th, 2020
- The security conundrum of 5G network slicing - Urgent Communications - April 13th, 2020
- How to Make Sure that Antivirus is on your Endpoints - Security Boulevard - April 13th, 2020
- Why you can't trust your vote to the internet - CyberScoop - April 13th, 2020
- IoT security, neglected infrastructure, and a crisis of trust deemed major threats for 2022 - TechRepublic - April 13th, 2020
- Aspects of cybersecurity not to overlook when working from home - Big Think - April 13th, 2020
- The Rise of the Secure Internet Gateway - Communal News - April 13th, 2020
- The University and its students must be more considerate of essential USC staff - Daily Trojan Online - April 13th, 2020
- Foreign Operatives Allegedly Using Zoom To Spy On Americans - Brinkwire - April 13th, 2020
- Top Ways to Guard Against Work-from-Home Phishing Threats - Infosecurity Magazine - April 13th, 2020
- Get 2 years of Webroot internet security and antivirus for $50 at Amazon - BGR - April 12th, 2020
- Internet Security Software Market Growth Analysis, Top Manufacturers, Shares, Growth Opportunities and Forecast to 2026 - Germany English News - April 12th, 2020
- Foreign Spies Are Targeting Americans on Zoom and Other Video Chat Platforms, U.S. Intel Officials Say - TIME - April 12th, 2020
- iOS users beware: Myth of Apple security invulnerability is just that - The Star Online - April 12th, 2020
- Experts: Internet voting isn't ready in the face of coronavirus pandemic - CyberScoop - April 12th, 2020
- Slack in the security spotlight lessons for collaboration servers - Naked Security - April 12th, 2020
- Google removes Android VPN with critical vulnerability from Play Store - Naked Security - April 12th, 2020
- Is there a way to find this file that's being used by another processor? - Windows 10 Support - BleepingComputer - April 12th, 2020
- Global Internet of Things (IoT) Security Industry 2020 Market Research With Size, Growth, Manufacturers, Segments And 2026 Forecasts Research -... - April 12th, 2020