World Economic Forum's Advice for C-Suite to Navigate COVID-19 Threat Landscape
Firms are adjusting to a new reality as the spread of the Covid-19 global pandemic continues to unfold new business implications each day.
Over the past weeks, we’re seeing organisations around the world putting their business continuity plans to the test as the global workforce shifts to a remote working model. Amidst efforts to minimise disruptions to daily business operations, firms must also be cognizant of the increased cybersecurity vulnerability they are likely facing in light of this shift.
Meanwhile, fraudsters and cybercriminals are ramping up their efforts to prey on users’ intent on helping others at a time of crisis. Yesterday, the World Economic Forum stressed the urgent need to address the cyber poverty gap between businesses that are and are not prepared for cyberattacks.
Cybersecurity guidelines as published by the World Economic Forum for collective, global resilience are as follow, coupled with technology and strategic recommendations.
The Adoption of Next-Generation Defences
More than ever, now is the time for organisations around the world to leverage advanced security capabilities to maintain a bulletproof profile. Whilst network security practices and the use of firewalls are security essentials all firms should be deploying, Security Information and Event Management (SIEM) and Dark Web Monitoring strategies are advised for that extra layer of resilience.
Dark Web Monitoring
Across the dark web criminals are buying and selling stolen user credentials, including email addresses, usernames and passwords, to access high value (i.e. executive and privileged user) accounts. Once in a system, malicious hackers steal financial assets, uncover trade secrets and exploit the vulnerabilities of users. To stop this threat firms must monitor the Dark Web and respond.
Dark Web Monitoring is a vital security practice that should be adopted by companies of all sizes and technology deployments (i.e. cloud or on-premise), and is offered by trusted IT providers. So, how do we implement this you ask? If outsourcing this task to experts, simply provide a watchlist of assets including IP addresses, email addresses and domains for cybersecurity intelligence analysts to monitor across the dark web on a 24x7 basis. If exposed credentials of an active user are matched, the IT provider will alert the respective user to reset their password at next login.
For investment management firms, as IT resources become more security conscious, the amount of security related data available for analysis has grown exponentially. This increase in available data has become too massive for humans or dispersed systems to decipher which threats are significant.
Too much data can lead to delays in performing preventative measures and distraction to what really matters. Dirty data in your environment can make your firm vulnerable to attacks, and not fully understanding the data your company possesses can lead to challenging circumstances if information is corrupted or stolen.
This is where a SIEM (security information and event management) service comes in. SIEM provides real-time analysis of security alerts generated by applications and network hardware. Here are some key reasons on why you need to deploy SIEM.
• Regulatory standards (GDPR, NYDFS, OCIE, etc.)
• Cybersecurity guidelines (such as ISO27001, NIST, CIS)
• Log management and retention
• Continuous monitoring and incident response
Accelerate Skills Development
Expert knowledge (and leadership) is required to drive the adoption and value of new security-centric technology and innovations, adopt the right practices and deploy strategies across the business.
Firms are advised to re-assess whether it is more effective to partner with an external IT and security solutions provider or invest in building on inhouse skillsets to be able to respond to cyber threats in the face of Covid-19. Depending on the nature of the firm, there are pros and cons to both.
To help make the right decision, firms are encouraged to think about the feasibility of responding quickly and effectively to cyber-attacks with each option, as we are rapidly seeing new phishing scams and cyber-attacks surfacing each day.
Download our eBook 'How Strong is Your Human Firewall?' for phishing best practices.