COVID 19 – IMPACT ON TECHNOLOGY
BDO Cayman - Webinar
Richard Carty – Director (RAS)
BDO’S PERSPECTIVE COVID 19 - This is a global event has left no place on earth untouched ❖ The recent events around novel coronavirus 2019 (COVID-19) have been unprecedented, and business here in the Cayman Islands has taken measures to maintain business continuity. ❖ Information technology departments are now implementing processes that have been discussed but rarely executed.
Richard Carty Risk Advisory Services (RAS) Director – Data Privacy, Security, Governance Risk & Compliance
❖ This is business continuity without any probable end time, amid conditions that change daily, on a scale that businesses have never seen before. ❖ Supply chains of IT products and services are opaque, demand for a different kind of IT service – remote capability, and IT is needing to juggle available capacity and ensure that services are available to its end users. ❖ Security can never be an afterthought, and this has never been truer than now. But…where to start? Where are the new attacks coming from? ❖ Addressing key areas of concern and top information security treats/priorities ❖ And at the same time accommodating the mobile workforce while remaining secure
Richard is an Industry Leader in the Risk Advisory Services sector, matched by a working knowledge of significant business trends, such as Regulatory Compliance, Data Privacy and Protection, Cyber Security, Governance Risk & Compliance (GRC), Internal and External Audit, and an ability to relate these trends to clients businesses and risk profiles. Sector/Industry Focus: With more than 20 years combined experience across various industries, Financial Services, Insurance, Telecommunications & Media, Travel & Transport, Healthcare & Pharma, Government
COVID 19 – IMPACT ON TECHNOLOGY In General Terms As we find ourselves dealing with this unprecedented COVID-19 pandemic businesses are increasingly challenged with the question: •
how do we keep data safe online while staying connected to our clients, suppliers and staff, and at the same time protecting confidentiality, integrity and availability of that data
In addition, Governments across the region have urged people to work from home where possible to prevent the spread of COVID-19, forcing an overwhelming number of organisations to rapidly implement remote working policies, thus raising further questions, for example: • • • •
is remote working here to stay how do we adopt innovative thinking around successfully managing remote working from this point forward during this 'shift,’ the need to increase collaboration between offices and with our clients as this is an unprecedented opportunity, businesses should strive: ➢ to bolster client relationships, ➢ demonstrate greater efficiency and effectiveness and ➢ at the same time ramp up the value that our clients are seeking
COVID 19 – IMPACT ON TECHNOLOGY Post Implementation Test Over the last 2 years technology advances have pushed the bar higher whilst disrupting industries forcing businesses worldwide to review their current IT strategies and business models. In 2020, COVID 19 tested those strategies and found that in a large number of cases businesses were simply not prepared
April 2020 - 216 million records breached – 204 % increase compared to 71 million in April 2019 (IT Governance UK)
COVID 19 – IMPACT ON TECHNOLOGY Key Focus areas
Culture and Awareness
Network Security
Spread awareness. If you don’t have a remote work policy, build one.
Ensure that IT is granting credentials and access to the proper people.
Now is the time to reinforce your security awareness campaign: don’t click on links or open attachments you are unsure of.
Social engineering attempts can exploit a panicked service desk under tremendous pressure. Remain diligent.
Endpoint Security
Secure all the endpoints. Ensure that everyone is running an effective antivirus application. Ensure that everything is patched and updated – even the PCs that don’t belong to you!
Vulnerability Management
Remediation in a WFH scenario can be very different than the norm, especially if BYOD is allowed. Review your remediation strategy and ensure it will address your new distributed architecture.
Security Incident Management
Your incident response processes must be updated to accommodate remote responders. Events normally protected by your perimeter defense must also be reassessed for risks and severity.
CULTURE AND AWARENESS Retrain your end users
Defense against: Culture and Awareness
• Phishing emails • Bad domains and fake websites
• Social engineering
Info-Tech Research Group |
6
EDUCATE USERS ABOUT THEIR RESPONSIBILITIES IN A REMOTE SETTING During a remote-work situation, new vulnerabilities arise. Business are unable to ensure the physical security of a home office, coffee shop, or public workspace.
Continually educating end users ensures they are up to date on current security best practices for the new technology they use at work and at home.
Businesses are unable to control or ensure the security of the network that employees are using. Others may have access to the network.
Keeping end users aware of the current threats that affect them will allow end users to remain active defenders of your organization’s critical information.
Remote workers need to understand their role and responsibilities when it comes to working remotely.
Training end users to be aware of new methods of attack – and how to protect their devices from these attacks – will help prevent security incidents.
Hackers attack
Hackers develop new methods of attack
Risk is mitigated
End users are trained to defend against new attacks
SECURITY INCIDENT MANAGEMENT Update your runbooks
Security Incident Management
Ensure your team is equipped to respond to security events, despite recent changes.
Info-Tech Research Group |
8
UPDATE YOUR SECURITY INCIDENT MANAGEMENT
Review Incident Response plans and runbooks
Review/update escalation lists
Consider new attack vectors and risks to prioritize plans/runbooks
Review plans with appropriate stakeholders
THE TOP THREATS Here are the proliferating cybersecurity attack vectors during the COVID-19 pandemic period:
Phishing Emails
A constant threat made worse due to panic and users seeking reassurance. Attackers are running COVID-19specific campaigns targeting vulnerable end users.
Malicious applications
Examples include “COVID-19 Map”, “Trickbot”, and the new “EMOTET” variant, some benefiting from fake information spreading on social media.
Insecure endpoint
“This free antivirus I’m running at home should be fine, yes? And what’s with these annoying Windows Updates messages??” This same computer is connecting to your network.
Bad domains & fake Websites
DNS hijacking is prevalent. In times of panic, end users may be tricked into entering personal and sensitive business information to malicious websites.
Ransomeware
Defense-in-depth mechanisms implemented in your office networks may not protect your remote endpoints; end users decentralizing data for remote work invalidates your backup strategy.
To IT Security, these are nothing new; however, work-from-home potentially increases your attack surface.
ENSURE A BUSINESS CONTINUITY PLAN IS IN PLACE Plans should be in place to keep essential functions running. Some experts suggest organizations should be prepared for up to 40% of a workforce to be absent (either sick or caring for others) (CNN).
Essential
Identify essential functions to maintain.
Functions that must be completed in all scenarios
1
• Identify your priorities (which may differ by location). • Identify critical services that must be maintained. • Identify critical suppliers or contractors.
Establish a plan to mediate physical absence. Extended Suspension
Temporary Suspension
Functions that can be suspended for an extended period
Functions that may be suspended for a short time
Insight Communication channels with employees must be identified and shared with employees in advance.
2
3
• Establish a list of designates who can fill in for critical employees. • Determine how your business will run with a reduced workforce. • Create a contact list with all employees’ emails, phone numbers, and addresses. • Determine how your business will run if customers or suppliers can’t come to the place of business.
Contact key Suppliers and Contractors. • Ensure key suppliers or contractors have their own business continuity plans in place.
REMOTE WORKERS ARE MOST AT RISK Focus on these first
Culture and Awareness
Endpoint Security
Security Incident Management
Retrain your end users Regardless of the previous state of your security culture and awareness program, this is the time to retrain all your employees as they adjust to a remote-work first or remote-work heavy culture.
Secure remote endpoints You may have a mix of managed, unmanaged, and BYOD endpoints. To keep remote workers connected and productive, you may need to compromise on baseline standards. Building a plan to ensure these endpoints are protected will be paramount to your security goals.
Update your runbooks
Maintaining visibility on your endpoints and their connectivity into your services and ensuring your security response staff can detect and respond to security events in this new normal can be challenging.
For more information, please contact Richard Carty: Director (RAS) Email: rcarty@bdo.ky
The proposal contained in this document is made by BDO, and is in all respects subject to the negotiation, agreement and signing of a specific contract. It contains information that is commercially sensitive to BDO, which is being disclosed to you in confidence and is not to be disclosed to any third party without the written consent of BDO. Client names and statistics quoted in this proposal include clients of BDO and BDO International.