Since the start of the year 2020, the world had experienced waves of COVID19 surges due to which we saw the failure of measures that we deemed to be preventive. Similarly, the end of the year 2020, saw the compromise of as many as 18000 systems and numerous confidential records use to the SolarWinds attack.
Possibly, in both cases, some of the fallout was resulted due to complacency or fatigue. Regardless of the cause we can do be better and without a doubt, we should. The good news is, COVID-19 has taught a few good lessons which can be used to mitigate cybersecurity risks even after the pandemic is done and dusted.
Security specialists need to adopt the approach of an epidemiologist to tackle cyber-attacks as well.
Lessons for a cyber-ready future.
We learned some hard lessons with COVID-19 that if applied with vigilance can improve cybersecurity across the workforce –
- Don’t assume that everything is safe – Weaknesses in the software supply chain have been accepted for far too long. More diligence should be observed while putting pressure on the entities in the supply chain to offer proof of deep security scrutiny.
- Sharing is not always good – Phishers are always looking to gain access to credentials and confidential information, which one needs to be vigilant about. One should not trust anything and everything they receive. They should not even forward any information which comes from an unverified source. Data and intellectual property should be protected from deep-fake intruders.
- Don’t simply be the super-spreader – Never open an email from an unverified source and never forward what you cant trust. Ensure that privacy settings are up-to-date and are active.
- Observe Social Distancing – Segment databases and networks. Don’t make the mistake of using third-party code without security testing. Also, create distance in the software supply chain.
- Wear a Mask – Vulnerabilities and any openings will always be exploited by invaders. Cover exposure with a sturdy firewall along with updated threat detection programs. Harmful SQL injections should be stopped. Web forms have turned out to be the favorite entry point for every intruder to inject SQL commands. The database can be accessed to make malicious changes by undetected invaders.
- Good Examples need to be set – A security program that promotes security literacy, quantifying risks, and modeling good practices need to be set. A steady flow of motivated security advocates will be ensured by the program.
- Sanitization is important – Security should be integrated across all software development lifecycle. All sensitive data and confidential information should be encoded and encrypted.
- Wash frequently and completely – Always update security patches and new software releases. Fixes are usually the plugs to vulnerabilities which would mean taking care of the most difficult task.
- Vaccinate until immunity is achieved – Security literacy needs to be achieved with training. Security should be made a part of the development lifecycle.
- Expect the upgraded infections – Considerable investments should be made in transformation, technology modernization model threats, and responses.
By detecting intrusions and assessing vulnerabilities, immunity should be built. Shut the invaders out by breaking bad habits. The demand for security literacy compels future-ready organizations to develop skills in all job roles and levels.
Enable your teams with the below IT security skills to translate past lessons learned into future actions.
- Integration of Security
- Hands-on practice detecting threats by industry and job role (Cyber Range)
- Security policies and practices for cloud security providers
- Tools, methodologies, and practices to support site reliability engineering (SRE)
It’s important to start where you are & build on proven mitigations. Also, pick fights you can win.
To read more, please check eScan Blog
