Categories
General Cyber and IT Security Uncategorized

Understanding DNSSEC and DNS Security

In our increasingly interconnected world, where the digital landscape expands every day, safeguarding our online presence has become vital. One fundamental yet often overlooked aspect of online security is Domain Name System (DNS) security. DNS is the backbone of the internet, responsible for translating domain names into IP addresses that computers can understand. To protect this system from threats, DNS security extensions (DNSSEC) plays a pivotal role.

How DNS Works

DNS Attacks

DNS spoofing and DNS cache poisoning are malicious techniques aimed at manipulating the Domain Name System (DNS) to redirect users to fraudulent websites or compromise network security. DNS spoofing involves forging DNS responses to trick a user’s device into believing it has received legitimate information when, in reality, it’s been directed to a malicious site. This can lead to various security breaches, including phishing attacks. On the other hand, DNS cache poisoning involves corrupting a DNS server’s cache with fraudulent data. Once the cache is poisoned, the server can distribute this tainted information to users, redirecting them to attacker-controlled websites. Both DNS spoofing and cache poisoning are serious threats to the integrity of the DNS infrastructure that highlight the importance of DNSSEC.

DNSSEC

DNSSEC is a suite of extensions to DNS that adds an extra layer of security by digitally signing DNS data. This verification process ensures that the data retrieved from DNS servers is authentic and hasn’t been tampered with by malicious actors. Here’s how it works:

  1. Signing Zone Data: DNSSEC involves signing zone data with cryptographic signatures. Each DNS record in a zone is signed using a private key.
  2. Public Key Distribution: The public key for each zone is published in a DNS record called the Delegation Signer (DS) record. This record is stored in the parent zone, creating a chain of trust. The public key is paired with a private key which is typically stored offline. This creates a digital signature which is published to DNS.
  3. Authentication: When a user’s device queries a DNS server for a domain, the server provides not only the requested data but also the corresponding digital signature. The user’s device uses the public key stored in the DS record to verify the signature’s authenticity.
  4. Validation: If the signature is valid, the DNSSEC client trusts the data it received, knowing it hasn’t been altered during transmission.

How DNSSEC Works:

Benefits of DNSSEC:

  1. Data Integrity: DNSSEC ensures that the DNS data remains unchanged, preventing attackers from redirecting users to malicious websites.
  2. Authentication: It guarantees that the data comes from a legitimate source, reducing the risk of DNS spoofing attacks.
  3. Trust Chain: By establishing a trust chain through DS records, DNSSEC enhances the security of the entire DNS hierarchy.

Challenges with DNSSEC:

While DNSSEC offers robust security, its adoption faces some challenges:

  1. Complex Implementation: DNSSEC implementation can be complex and may require significant effort. However, other DNS providers may offer to enable DNSSEC as part of your DNS package.
  2. Compatibility: Not all DNS servers and clients support DNSSEC, which can lead to compatibility issues.
  3. Key Management: Managing cryptographic keys can be challenging and requires careful consideration.
  4. Increased Packet Size: DNSSEC can result in larger DNS responses, which may impact network performance.

Other DNS Security Options:

DNSSEC is a cornerstone of DNS security, but several other extensions complement it:

  1. DNS-based Authentication of Named Entities (DANE): DANE allows domain owners to associate their TLS certificates with DNS records, improving the security of encrypted connections.
  2. Response Policy Zones (RPZ): RPZ enables DNS servers to block or redirect requests to known malicious domains.
  3. DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT): These protocols encrypt DNS traffic, preventing eavesdropping and manipulation.

In conclusion, DNSSEC is an essential component of our digital defense. DNSSEC provides a robust framework for ensuring the integrity and authenticity of DNS data. The benefits of a more secure and trustworthy internet make the adoption of DNS security extensions a worthy investment in our digital future.

 

Categories
General Cyber and IT Security

The Building Blocks of Cyber Defense: Why Your Business Needs a Cybersecurity Framework

Let’s talk about something that’s as essential to your business as a solid foundation is to a skyscraper: Cybersecurity Frameworks. Trust me, this is the blueprint you didn’t know you needed.

What’s a Cybersecurity Framework and Why It’s Your New BFF?

Think of a cybersecurity framework as your business’s recipe for Grandma’s secret sauce. It’s a step-by-step guide that helps you mix the right ingredients in the right order to cook up some top-notch cybersecurity.  A framework offers a common language that allows businesses to understand, manage, and reduce cybersecurity risks effectively.

  • The Universal Translator: Imagine you’re at a United Nations meeting, but for cybersecurity. A framework is the translator that helps everyone speak the same language, making sure you and your partners are on the same page.
  • The GPS for Your Cyber Journey: It’s like having a GPS that not only tells you how to get from point A to point B but also warns you about roadblocks and speed traps along the way.
  • The Health Checkup: Just like you’d go to a doctor for a health checkup, a cybersecurity framework gives your business a thorough examination to spot any weak points before they become major issues.

Popular Cybersecurity Frameworks  

 1. CIS Controls v8: The Center for Internet Security (CIS) Controls v8 provides a prioritized set of actions to help organizations defend against cyber threats. It is a flexible framework suitable for various industries, emphasizing a risk-based approach.

Industry Applicability: CIS Controls can be applied across various industries, making it a versatile choice. Whether you’re a small business or a large corporation, CIS Controls offers a strong cybersecurity foundation.

Why Choose CIS Controls: CIS Controls are known for their simplicity and effectiveness. They provide actionable steps that organizations can implement to strengthen their cybersecurity posture. Moreover, they are regularly updated to address emerging threats.

2. NIST CSF: The National Institute of Standards and Technology (NIST) Cybersecurity Framework offers guidelines for organizations to improve their cybersecurity posture. It’s especially relevant to critical infrastructure sectors.

Industry Applicability: Critical infrastructure sectors such as energy, healthcare, and finance find the NIST CSF particularly valuable due to its sector-specific adaptation.

Why Choose NIST CSF: NIST CSF is a comprehensive framework that aligns well with industry-specific regulations and standards. It helps organizations identify, protect, detect, respond to, and recover from cybersecurity incidents, making it a holistic choice.

3. NIST 800-0171: NIST 800-0171 safeguards Controlled Unclassified Information (CUI) and is mandated for government contractors. It’s crucial for industries handling sensitive government data.

Industry Applicability: Government contractors, suppliers, and subcontractors dealing with CUI must adhere to NIST 800-171 to maintain government contracts.

Why Choose NIST 800-0171: If your business is involved in government contracting or collaborates with federal agencies, NIST 800-171 is a legal requirement. Implementing this framework ensures compliance and security in handling CUI.

4. CMMC Levels 1 and 2: The Cybersecurity Maturity Model Certification (CMMC) focuses on protecting Controlled Unclassified Information (CUI) within the defense industry supply chain.

Industry Applicability: Mandatory for defense industry contractors handling CUI, CMMC Levels 1 and 2 lay the foundation for robust cybersecurity in this sector.

Why Choose CMMC Levels 1 and 2: If your business is involved in defense contracts or part of the supply chain, compliance with CMMC Levels 1 and 2 is essential for contract eligibility. These levels provide fundamental cybersecurity controls.

5. NIST Security and Privacy Framework (NIST SSDF): NIST SSDF combines security and privacy considerations, helping organizations address both aspects simultaneously.

Industry Applicability: Suitable for organizations prioritizing privacy alongside security, particularly those handling sensitive personal information. Industries such as healthcare and finance benefit from this dual-focus framework.

Why Choose NIST SSDF: NIST SSDF simplifies the integration of security and privacy practices. This framework streamlines compliance efforts and protects customer data in an era of increasing data privacy regulations.

6. ISO 27001/2: ISO 27001 is a globally recognized information security management system (ISMS) standard. It applies to organizations of all sizes and industries.

Industry Applicability: ISO 27001 is versatile and can be implemented by any organization seeking a comprehensive cybersecurity framework. It is often chosen by multinational corporations and organizations seeking a universally recognized certification.

Why Choose ISO 27001: ISO 27001 is renowned for its global recognition and flexibility. It allows organizations to customize their security controls to meet their needs while adhering to international best practices.

7. SOC2: Service Organization Control (SOC) 2 focuses on controls relevant to data security, availability, processing integrity, confidentiality, and customer data privacy.

Industry Applicability: Service providers, including cloud and SaaS companies, commonly adopt SOC 2 to assure clients of their security measures.

Why Choose SOC 2: SOC 2 is crucial for service providers as it builds customer trust. It demonstrates your commitment to protecting their data, making it a competitive advantage in the market.

8. GDPR: The General Data Protection Regulation (GDPR) is a European regulation that governs personal data protection. It applies to organizations processing EU citizens’ data.

Industry Applicability: Essential for organizations handling European customer data or operating in the EU. Industries such as e-commerce, marketing, and healthcare are particularly affected.

Why Choose GDPR: GDPR compliance is not optional if you handle EU data. Non-compliance can result in hefty fines. Implementing GDPR measures also enhances data protection and customer trust.

9. FTC Safeguards Rule: The Federal Trade Commission (FTC) Safeguards Rule applies to financial institutions and requires them to implement security measures to protect consumer information.

Industry Applicability: Financial institutions must adhere to the FTC Safeguards Rule to safeguard customer data.

Why Choose FTC Safeguards Rule: Compliance is a legal obligation for financial institutions. By implementing these safeguards, you meet regulatory requirements and safeguard your customers’ financial information.

10. SEC Compliance: SEC Compliance involves adhering to the Securities and Exchange Commission’s regulations, including cybersecurity disclosure requirements.

Industry Applicability: Essential for publicly traded companies subject to SEC regulations, primarily in the finance and investment sectors.

Why Choose SEC Compliance: SEC compliance ensures transparency and accountability in financial markets. It helps protect investors and maintain the integrity of financial systems.

11. Cyber Essentials: Cyber Essentials is a UK government-backed certification scheme focusing on fundamental cybersecurity practices.

Industry Applicability: Suitable for small to medium-sized businesses seeking a cost-effective cybersecurity framework.

Why Choose Cyber Essentials: If you’re a smaller organization with limited resources, Cyber Essentials offers a practical and affordable way to establish basic cybersecurity measures and build a strong foundation.

12. CCPA: The California Consumer Privacy Act (CCPA) aims to protect the privacy of California residents and applies to organizations handling their personal information.

Industry Applicability: Necessary for businesses dealing with California residents’ data, particularly in the tech and retail sectors.

Why Choose CCPA: CCPA compliance is crucial for companies with a California customer base. It demonstrates a commitment to respecting consumer privacy and avoids costly penalties.

13. HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) Security Rule applies to healthcare organizations handling protected health information (PHI).

Industry Applicability: Mandatory for healthcare providers and entities handling PHI.

Why Choose HIPAA Security: Compliance with HIPAA is a legal requirement and essential for safeguarding sensitive patient information. Non-compliance can result in severe penalties and damage to reputation.

14. PCI-DSS: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that organizations that accept, process, store, or transmit credit card information maintain a secure environment.

Industry Applicability: PCI DSS is particularly relevant to businesses in the retail, e-commerce, hospitality, and financial sectors that handle payment card data. It is essential for any organization that accepts credit card payments.

Why Choose PCI DSS: PCI DSS compliance is not just a best practice but often a contractual requirement enforced by credit card companies. Failure to comply can result in financial penalties and the loss of the ability to process credit card payments. Implementing PCI DSS measures protects sensitive customer data and enhances trust and credibility with customers.

Why You Can’t Afford to Skip This

Imagine you’re building a house. You wouldn’t start without a blueprint, right? Similarly, a cybersecurity framework is your blueprint for building a secure digital environment. It’s not just a nice-to-have; it’s a must-have. Here’s why:

  • Risk Mitigation: Operating without a framework is like driving without a GPS—you’re more likely to end up in a bad neighborhood. A framework helps you identify and prioritize risks, guiding you safely to your destination.
  • Trust Factor: In a world where data breaches make headlines, a recognized framework is your seal of approval. It tells your clients, partners, and stakeholders that you’re serious about security.
  • Regulatory Compliance: A framework is your roadmap to compliance, helping you avoid the pitfalls of hefty fines and legal troubles. It’s like having a lawyer in your pocket, guiding you through the complex legal landscape.
  • Competitive Edge: In a saturated market, a robust cybersecurity posture can set you apart. It’s like having a five-star safety rating in a world of three-star competitors.
  • Cost-Effective Prioritization: Frameworks enable you to allocate your limited resources wisely. It’s like having a financial advisor for your cybersecurity budget, ensuring you get the most bang for your buck.
  • Unified Communication: One of the key benefits of a framework is that it provides a common language for discussing cybersecurity issues. This enhances internal communication and can also improve your interactions with suppliers and partners.

So, a cybersecurity framework isn’t just a set of guidelines; it’s your strategic asset. It’s the VIP pass that not only gets you into the cybersecurity club but also helps you navigate it like a pro. 

Ready to Level Up Your Cybersecurity Game?

By adopting a framework, you’re not just ticking off a compliance checklist; you’re making a strategic business decision. It helps you cut through the noise, focus on what matters, and shows everyone that you’re a business that takes security seriously.

So, if you’re ready to take your cybersecurity to the next level, contact us and let us be your cybersecurity wingman. We offer several services including but not limited to 24/7 SOC monitoring, incident response, compliance assessments, customized program and policy development, pen testing and vulnerability management to fit your unique needs.

Categories
General Cyber and IT Security

Public Wi-Fi: The Double-Edged Sword of Connectivity and Cybersecurity

The appeal of free public Wi-Fi is inescapable in today’s digital world. The ability to connect, work, and socialize from any location – be it a local café, an airport lounge, or a hotel lobby – is a convenience that many have come to rely on. However, this convenience is not without its risks. As the digital landscape evolves, so do the threats associated with public Wi-Fi networks. Public Wi-Fi has become a staple in our daily lives. With the surge in remote work and the digital nomad lifestyle, the need to stay connected while on the move has never been greater. Yet, a staggering 56% of individuals connect to public Wi-Fi networks without a password, as reported by Forbes Advisor. This seemingly harmless act can expose users to a myriad of cyber threats. 

Below are a few attack vectors that cyber criminals can use to access users’ digital information using public Wi-Fi.

  • Evil Twin (Rogue Access Point) – Cybercriminals often set up counterfeit Wi-Fi networks with an SSID (Service Set Identifier) resembling legitimate ones. Unsuspecting users, thinking they’re connecting to a genuine network, inadvertently expose their data to these rogue hotspots. After a user connects to an Evil Twin, all data sent over the network can be seen by the attacker.
  • Man-in-the-Middle (MITM) Attacks – In these attacks a threat actor, who is on the same public network you connect to, intercepts packets sent between your computer and the internet. Similar to eavesdropping, this allows attackers to view and manipulate data.
  • Session Hijacking and Sidejacking – This occurs when the attacker is able to steal a legitimate session ID from a user to “hijack” the user’s session. For instance, a user may log into their bank account on public Wi-Fi. Simultaneously, the attacker will capture the information in the session cookie and use it to impersonate the user after they are done with their banking activity.
  • Login Page Phishing – Some public Wi-Fi login pages may prompt users to enter information to securely login. This may be leveraged by attackers using a phishing attack to obtain credentials. For example, an attacker may redirect a user attempting to access a public Wi-Fi point to a phishing page requesting the user login through Facebook. If the user enters their Facebook credentials, they are passed to the attacker who can then use them.
  • Unencrypted Public Wi-Fi – By default most access points are set up with WPA2 encryption enabled. However, if encryption is disabled on the Wi-Fi access point, information sent over the network can be viewed by attackers connected to the network.
  • Malware Distribution – Attackers can use public Wi-Fi to prompt a user to download or install a malicious program that may log keystrokes, or enable remote access to a user’s computer.

Public Wi-Fi Best Practices

In most cases, the most secure action would be to avoid public Wi-Fi. A low-cost solution would be to connect to a personal mobile hotspot. However, if one must connect to a public hot spot here are some best practices.

  • Ensure that you are connecting to a legitimate Wi-Fi access point. Usually, this can be confirmed by asking an employee what the SSID for their Wi-Fi is.
  • When connecting to a public Wi-Fi access point, use a VPN to encrypt your data in transit over the network.
  • Disable auto-connecting to Wi-Fi networks.
  • Avoid accessing your personal financial information or work information while using un-trusted public Wi-Fi.
  • Only access HTTPS site to ensure an SSL/TLS connection with the webpage.
  • Enable anti-virus and anti-malware software on your computer.
Categories
General Cyber and IT Security

Cybersecurity Tips For International Travel

International travel presents unique challenges to securing devices and information. This is particularly true when traveling to destinations that are considered to be high cyber risk countries such as China or Russia. 

Here are some precautions to take when traveling to these countries that will improve the security of your devices and data.  

Before you travel, you should first consider your company policies and procedures. Your device may have Mobile Device Management which can allow for a remote wipe of data if your device is lost or stolen. It may also specify an application whitelist or limit the device’s use when traveling.

Your company may also have a regularly scheduled backup for data and files to a secure server. If they do not, ensure that you back up all your device information before traveling internationally.

Another important consideration is to update your anti-malware and anti-virus before leaving the country. This guarantees that your device can defend against the most recent exploits. 

Finally, make sure your hard drives and data storage devices are encrypted, and be sure to verify the local laws of the country that you are visiting. Some countries, like China, do not allow encrypted devices and your device may be seized.  

When traveling internationally it is imperative that you always maintain physical control of your devices. Thieves often target foreigners for their devices and may extract sensitive data or personal information.

Another important reminder is to never connect a device to an insecure or untrusted connection. A simple act like plugging your phone into an unknown USB charger or outlet may install malware or extract data.

Avoid connecting to public Wi-Fi networks and turn off automatic connections for Wi-Fi and Bluetooth. 

When using your device in a foreign country establish a secured Virtual Private Network or VPN connection to a server in the United States. A VPN creates an encrypted tunnel to transfer your information and data. Still, you should assume any communications made in high cyber risk countries may be monitored.  

After returning home from your international travel, it is critical to not introduce any devices back into your home or work network. Doing this may introduce malware into the network. Instead, immediately format and update your devices along with your anti-virus and anti-malware programs.

It is also good practice to change the passwords of any devices that were brought with you during your travel. If any of your credentials were compromised while traveling, changing your password when you return may prevent escalation of any cyber threats.

Finally, monitor your financial accounts when returning to ensure that no credit card or account information was compromised.  


Sources:

https://www.securit360.com/blog/hitlist-international-travel/ 
https://tech.rochester.edu/security/international-travel-guidelines/ 
https://www.fcc.gov/consumers/guides/cybersecurity-tips-international-travelers 

Categories
General Cyber and IT Security

Understanding the Modern Cyber-Threat Landscape and Its Impact on Your Business Operations

Digital transformation has played a substantial role in the evolution of the modern cyber threat landscape—especially during the COVID-19 global pandemic, which gave rise to the environment of remote work. As businesses tackle challenges associated with the fully virtualized working environment, the implementation of emerging technologies within corporate networks has helped enhance business operations to meet the growing demands of IT process virtualization and automation, data storage, data privacy and security, etc.

However, threat actors also learned to leverage the digital transformation era to achieve attack precision and scalability. In today’s modern cyber threat landscape, sophisticated cyber-attacks have dramatically increased: with ransomware attacks projected to occur every 11 seconds in 2021 and the losses associated with Business Email Compromise (BEC) averaging $80,000 per victim, it is clear that cyber threats have made their way to the top of business risks in the last couple of years.

As organizations attempt to detect and respond to signature- and behavioral-based tactics, techniques, and procedures (TTPs), newer threat actors emerge with more sophisticated and far-reaching TTPs than their peers. Therefore, understanding where your corporate security posture is aligned with the dynamic nature of the modern cyber-threat landscape is critical to determining the likelihood, probability, and impact of a security incident on your infrastructure.

In this article, we discuss the evolving complexities of the modern cyber-threat landscape, its impact on business operations, and how to align your security posture to achieve cyber-resilience. 

Most Likely Cyber Threats In 2021

As the cyber threat landscape is constantly evolving in nature, you must know how to spot new threats, and how to identify the techniques that threat actors may be using to bypass your existing cybersecurity infrastructure.

As a security professional, it is important to understand that the threat landscape in 2021 and beyond is likely to expand, with more attack vectors than ever before.  The SolarWinds attack in 2020 showed us that organizations can suffer from a breach through their software vendors in addition to their internal applications. APTs will be investing their time into new vectors of attack throughout 2021, with more of a focus on enterprise software and the growing hybrid environment, to name a few. 

The rise in persistent threats is a cause for concern, as threat actors are making their way into critical infrastructure more easily, through a combination of AI, automation, and existing techniques such as malware and phishing, to enhance the sophistication of their attacking methods. Threat actors are now more likely to use their knowledge of emerging technologies, such as attacks via IoT devices, such as smartphones and routers, and use it to expand the scale of their attack (moor backdoors, more access points).

Preparing Your Business for the Modern Threat Landscape

Responding to cyber threats within the modern landscape is a difficult task if your IT department does not actively encourage a mixture of AI-powered threat intelligence–information about cyber threats and threat actors–as well as human effort and security awareness. AI and automated threat detection and response are not sufficient on their own to fight against the adaptive intelligence of today’s threat actors. 

The first step to take is to make sure everyone on your team is aware that threat intelligence is only one stepping stone towards a resilient cybersecurity posture. The emergence of new technology in your existing infrastructure will provide threat actors with security loopholes to attack through, and it is your responsibility to understand and adapt your cyber threat response plan accordingly against the growing number of attacking vectors.

To fight attacks before they become prominent threats, it is vital to consistently implement threat prevention, detection and response countermeasures using human-based capabilities as well as automated capabilities. 

Common countermeasures for preparing for cyber attacks should include basic cyber hygiene, such as security awareness training and tabletop exercises; security policy developments for critical infrastructures; managed network detection and response procedures that are documented; MDR and EDR monitoring; and regular assessments.  Therefore, incorporating human touch and automation in the threat detection and response procedures provide more holistic insights and visibility in attack avenues. 

Combating the Probabilities and Impacts of Emerging Cyber-Threats

As your organization’s infrastructure changes, so does the need to protect your data and accounts. Emerging cyber threats are more prominent in areas of functionality that are limited in cybersecurity flexibility, where outdated security tools are still playing catch up with the software/applications themselves. This is often either at the fault of the IT department, or the software vendor themselves. Common examples include remote working setups and applications that are still yet to implement industry-standard security updates such as endpoint protection. It is estimated that 77% of organizations do not yet have a detailed incident response plan in place. 

Cyber incident response preparations

Emerging cyber threats are only going to get more prominent as the barrier to entry for threat actors becomes artificially lower. With a growing selection of open-source AI software and automated tools available to the common cybercriminal, the cost to commit cyber crimes is getting far lower. Technical knowledge is now also becoming a less-critical requirement for threat actors, as phishing and malware techniques can be learned online and thus automated using the tools they obtain.

Luckily for CTOs/CISOs, policy and plan development assessments and network/endpoint monitoring can be implemented very easily. By adopting the following 3-step approach, you can begin to enhance your cybersecurity posture much quicker:

  • Prepare and know your current and future risks by implementing basic hygiene measures, such as cybersecurity training to all. 
  • Protect/defend your infrastructure by implementing automated cybersecurity tools such as MDR/EDR, so threats are recognized and responded to proactively before any damage is caused.
  • Respond to attacks with a progressive mindset, so they cannot ever be repeated. This step involves setting more robust cybersecurity policies like MFA and restricted data access for some employees.

The only way to combat the rising probability of an attack is to have all of your employees adopt a security-first, zero-trust mindset. Your organization will be using more software, more environments and more applications than ever before in 2021, therefore security has to be at the forefront of every user’s mind at all times.

Human error is the cause of 95% of cyber attacks, so the easiest way to respond to these threats is to actively encourage caution, and a standard procedure for all employees when they are operating in the sensitive or emerging environments that may cause reputational and financial burden if breached.

Promote the benefits of regularly updating software, fully encrypting PII or PHI data, and steering away from any link, file, or email that is not associated with your organization. Although emerging threats are hard to spot, practicing a staged attack can help you assess where the weakest link is, so you can enhance your security posture as required.

Conclusion

Threats are real and so are threat actors.  Therefore, you always must stay one step ahead of them. In today’s business landscape, IT infrastructure represents a key business risk because the attack sophistication of threat actors today is capable of impacting business continuity and causing damage worth tens of millions of dollars. Financial damage is not the only downfall, as an organization’s reputation can be quickly lost as a result of a successful breach, whereby customers will quickly lose all trust in the continuity of their service.

There are a number of security applications readily available, which can be implemented in all environments, such as cloud, AI-powered systems, and remote working. Whether you choose to implement data loss prevention,  multi factor authentication (MFA) or behavior analytics into your existing cybersecurity posture, it is paramount that your threat response plan combines the human initiative too. If your security posture is limited in either the technological or human aspect, threat actors will always have the upper hand on speed and persistence.

Understanding and responding to the modern threat landscape should be one of the top priorities for the management in any organizations. It is always worth investing in an objective view and independent confirmation, to see if your infrastructure has the right protection available to mitigate the growing intelligence of modern-day threat actors. 
If you would like to receive expert advice to support all aspects of your cyber security infrastructure, visit SecurIT360 to get the most out of your security assessments, endpoint detection and response processes, as well as compliance-ready penetration testing. All aspects of cybersecurity are critical in the landscape of emerging technologies—let us manage your operations as a concerted package.

Categories
General Cyber and IT Security

Returning to the Post-COVID-19 New Normal: What to Expect for IT and Cyber Security Professionals Coming Back to the Workplace

COVID-19 is still with us, however many enterprises are reopening their doors and attempting to return to some sense of normal. It’s certainly a new normal: keeping staff safe requires a host of new processes, precautions, and even potentially new technologies and equipment.

From all perspectives, lock downs and work-from-home directives have created a significant disruption to normal enterprise operations. Looking at the situation from the point of view of technology staff, specific operational challenges shift into focus. Work equipment may have left the enterprise environment, home devices may have been used for work purposes, the delineation between work and home spaces has been blurred, or even removed completely.

There’s a lot on the plates of IT and cyber security specialists. Here are some of the most pressing issues to consider as you, your colleagues and the staff you support return to the post-COVID-19 workplace.

COVID-19 Mitigations

At the most basic level, normal workplace procedures are affected by recommendations for safety, as announced by the CDC. The most elementary of these recommendations likely apply to how cyber security professionals must conduct themselves, including:

  • Sick or symptomatic employees should stay home
  • Wear a mask
  • Limit interpersonal contact
  • Maintain appropriate spacing between staff
  • Sanitize surfaces after touching

IT and cyber security staff should be particularly aware of sanitizing devices before and after working with them. Check the CDC list for more recommendations, which vary according to the type of workplace, and follow any guidelines specified by your organization.

Relearn Cyber Security Fundamentals

Basic enterprise cyber security training for staff is often on the “we’ll get to it eventually” list, with indefinite deferral to maintain priority for operational needs. Now is an excellent time to reserve a block of time to review best practices, refresh basic training and boost awareness. Follow your cyber security training protocols and be sure to highlight the basics:

  • Password security training
  • Phishing and social engineering awareness
  • Email security
  • Updating and patching

Reestablishing the importance of awareness can go a long way toward creating resilience against the most elementary threats.

Speaking of Passwords…

Password security is often the first casualty when work and home environments are blurred together. Enterprise equipment and devices may be used by staff family or friends, or home devices could be used on enterprise networks. New employees might have been onboarded outside the usual training and processing framework, including being brought on remotely.

Passwords

A required password reset is the first step toward reasserting control over your security posture. Ensure staff adhere to company password policies when making changes. If your organization hasn’t yet implemented two-factor authentication, now is an ideal time to do so.

  • Have users reset all relevant passwords
  • Implement 2FA

Returning Equipment

Working from home has become the new normal for staff at many enterprises, which requires work equipment and devices migrating from the enterprise environment to homes. Returning work equipment to the enterprise environment creates two important IT security concerns:

Trivial equipment return. Certain items require only basic inventorying: cables, chargers, docking stations, etc. This is a tedious but necessary requirement, to ensure equipment is tracked and available if needed again, and that resources are not wasted. Damaged equipment is inevitable and needs to be replaced. Reemergence of lock down requirements may necessitate a return to large-scale work-from-home deployment: make certain you maintain the basic equipment resources required for that scenario.

USB

Returning devices. Work devices that left the enterprise environment in a secure state do not necessarily return that way. Expect that staff have been negligent in maintaining high security standards and respond accordingly. Many staff will ignore update prompts or postpone them indefinitely. Others might disable security apps as a matter of convenience. Conduct comprehensive updating and patching of all returning devices.

Additionally, staff might install software they commonly use in their home environment, or to replace resources unavailable outside the office. Certain upgraded software licenses may have been added to facilitate work-from-home efficiency, but are no longer necessary (video conferencing, remote sharing and collaboration software in particular). Scan for unregistered software to determine potential vulnerabilities and risks, and cancel unneeded licenses to manage costs.

  • Inventory and maintain adequate supply of trivial equipment
  • Update and patch OS, software, and EDR solutions
  • Scan for unregistered software
  • Inventory software licenses

New Devices in the Enterprise Environment

Returning staff introducing new devices to the enterprise environment is a significant threat to security. These will typically be personal devices – laptops and phones – that staff used for work at home out of necessity because office resources were not available, or because they were more convenient.

Work From Home

Home devices are vulnerable for all the obvious reasons: lack of updating and patching, presence of unauthorized apps, absence of enterprise-grade security solutions, poor password security, etc. Once one of these devices connects, the entire network is at risk of compromise.

USB and NAS devices are an additional threat vector that can slip through the cracks. Staff may have been using these devices regularly, or as a one-shot solution to port data or files from home to the newly reestablished enterprise environment. Enforce your existing device controls to restrict use of unauthorized storage devices.

  • Run scans to check for new, unknown and/or unapproved devices; personal laptops, phones and devices should not be allowed within the enterprise environment
  • Monitor use of USB and NAS and enforce device control protocols

Maintaining a High Readiness Posture

It’s critically important to remember that the post-COVID-19 new normal can, at any point in the future and without warning, revert to a crisis environment. Your staff could get sick and require your office to close, or general rates of infection could increase enough to cause reimplementation of a shut down. The possibility that things could again get worse still exists.

Make certain that the lessons learned, strategies implemented, and changes made are maintained to ensure readiness in the face of additional challenges. Navigating the new normal is tough enough – don’t let your guard down and be forced to start from scratch, relearning adjustments that were made in March and April.

The path forward requires an extra effort of safety and vigilance. If you can maintain focus, the new normal will become the regular normal and you can once again focus on operations, performance and your core business mission.