Securing IT in Covid-19 era

What it takes to secure IT in the Covid-19 era

by | Apr 29, 2020 | Covid-19, IT Security, Technology

CISOs are challenged with transforming security frameworks on the fly to counter the new threat vectors.
Share to lead the transformation

Prashant Shroff (name changed), the CISO of a leading consulting firm had many sleepless nights last week owing to the ongoing cyber threats that have rapidly increased amidst the recent coronavirus outbreak. If the IT threat landscape was already huge and complex, to secure IT in the Covid-19 era has amounted to hitherto unthinkable challenges for him.

In the wake of the pandemic-induced lockdown, Shroff was tasked with the responsibilities of further securing the complex IT infrastructure of his organization at a time when 95% of the workforce was working from home. The business continuity had to be maintained. He had to also prepare a dependable and secure exit strategy in advance for the scenario when lockdown was, first partially and then fully, resumed in due course of time.

The mettle of the CISOs has been tested like never earlier. Like Shroff, CISOs across multiple sectors and industries are facing several challenges to ensure the line of work continuity while reducing the threat of data breach. The obvious apprehension is that the existing security policies may not withstand the new challenges that have suddenly developed. Security has become even more vital for organizations to enable remote workers operate efficiently.

Based on multiple informal interactions with CISOs, we have identified five key gap/focus areas for CISOs in the post-COVID era.

  1. Employee trainings: While in many cases business operations have been suspended, mission-critical assets are faced with the risk of being exposed and getting compromised. Security practitioners did not get enough time to train their large workforce on the best practices for accessing the remote applications securely. Understandably, given the announcement of sudden lockdown around the world, not many organizations had enough time for such a large-scale work-from-home (WFH) transformation. This could impact the businesses when normal operations are resumed. In the post Covid environment, organizations are expected to design best practice tools, resources, and applications that better support remote working and provide essential practical trainings to employees for malware and phishing preventions.
  2. Modernize VPNs: For a CISO, the second biggest challenge would be to modernize their organization’s virtual private networks and ensure that these are designed for extended usage, and that the networks were further equipped to support any large-scale WFH scenarios. The practical and effective strategy that works to address this challenge is ‘zero-trust’ network security approach—a contemporary lens that treats everyone who access organizational network as suspicious and distrustful. (See: Covid-19: Reimagining work with a zero-trust lens). There is also a significant interest in implementing high-end secure DNS servers for online protection. Yet, like theirs C-suite peers, CSOs will be under pressure to create this new security approach, priorities, and workflows with a lesser budget, in view of an imminent economic downturn.
  3. Unverified software and endpoint security: When offices start reopening, organizations may witness scenarios of employees downloading unverified software and instruments to facilitate their work, without obtaining approvals from the IT team. Also, at times, there may be no option but to allow WFH users to install and use applications that may not be fool-proof. Working from home for such a long time may have also relaxed the use of company-approved laptops for purposes such as entertainment and accessing various utility websites. This could be putting IT assets at high risk or even throwing compliance to the wind. CISOs need to ensure that their endpoint detection and response solutions (EDR) are able to record and detect all suspicious system behaviours and block malicious activity when employees are back to their offices later.
  4. Risk from unknown and new devices: In the post-Covid phase, CISOs will need to run a marathon scanning of all the new and unknown devices that employees may have used for work during the Covid-19 emergency. Many of the employees’ personal devices may have been sanctioned for work by organizations in view of the lockdown situation for ensuring business continuity. When these devices would later be connected to the corporate network for data transfer or other such purposes, they will present a grave security risk. CISOs and their teams will need to be careful that these devices were updated with latest security patches and operating systems before reconnecting with the network.
  5. Remote onboarding and offboarding: This is an interesting yet delicate area for the CISO to reflect upon. Many global organizations and SMEs continue to hire and witness employees exits during the ongoing pandemic. In order to ensure business continuity, IT departments have approved both employee onboarding and offboarding remotely. For new hires, approving access to all the tools and systems remotely needs a well-equipped security strategy. It should focus on the best ways to provide authorization to the network and other infrastructure, thus enabling employees to use their personal or approved devices for network access. It also requires establishing and maintaining a powerful remote domain controller set-up to ensure the safety of corporate network.

On the other hand, employees who are exiting from an organization may have been asked to hold the office approved assets with themselves until there is a further travel advisory. In such cases, organizations need to have a mechanism to remotely turn off access to every system to which the employee may have access. CISOs are expected to enable the best identity and access software and policies that could timely prohibit any access even when an employee holds a company approved IT asset for many days after his exit.

After the pandemic is over, it may be difficult to fully reset to the past. However, if not applying these security measures immediately after the Covid-19 situation, organizations may face the risk of the threat vectors impacting the otherwise secure IT landscapes.

MORE FROM BETTER WORLD

Climate Change: Javadekar takes charge

Climate Change: Javadekar takes charge

Prakash Javadekar today assumed charge as the Union Minister of Environment, Forest and Climate Change here today. He was greeted at the office at Paryavaran Bhawan by Environment Secretary Shri C K Mishra and other senior officials of the ministry. Babul Supriyo also assumed charge as Minister of State.

Briefing the media after assuming the charge, the Union Minister said it is like a home coming for him as he already served in the ministry for two years in the first term of NDA government. He stressed that we will strongly reinforce that this ministry is seen as a facilitator and not merely as a regulator. “Economic growth and environment protection should go simultaneously, and we need to work with an increased impetus towards that”, said Javadekar.

After assuming the charge, the Minister also held a meeting with the senior officers of the Ministry where he was briefed on the key initiatives and policy issues of the Ministry.

Infosys Foundation Opens Aarohan Awards 2019

Infosys Foundation Opens Aarohan Awards 2019

social-impact

The awards would recognize solutions that could positively impact the underprivileged in India. (Representative image)

Infosys Foundation, the philanthropic and CSR arm of Infosys, has announced the launch of the second edition of the Aarohan Social Innovation Awards. The award is aimed at accelerating innovation in the social sector. The Aarohan Social Innovation Awards 2019 seek to recognize and reward individuals, teams or NGOs developing unique solutions that have the potential to positively impact the underprivileged in India, at scale.

Speaking at the launch of the second edition of the awards, Infosys Foundation Chairperson Sudha Murty said, “The Aarohan Social Innovation Awards 2018 was a huge success. Infosys Foundation witnessed a very good response from social innovators across the country and eventually, 12 leading innovators were recognised and awarded. The overwhelming response we got last year, has reaffirmed my belief that there are innumerable innovators across India who are looking up to this platform to give wings to their passion by scaling their innovation and impacting millions of lives. With the second edition of the awards, we hope to discover these hidden social innovators across the country and help them scale the power of their social innovations”

The awards will accept submissions across six categories, namely, Healthcare, Rural Development, Destitute Care, Women’s Safety & Empowerment, Education & Sports, and Sustainability.

The submission process for the second edition of these awards commences on July 15, 2019 and will continue till September 30, 2019. Participants can submit entries describing their work in the form of videos that can be uploaded on the Aarohan Social Innovation Awards website. The entries must be of a fully functioning prototype, not just a concept, idea or mock up. Additionally, the project must not be an established commercial venture.

Aarohan Social Innovation Awards will also offer winners an opportunity for residential technical mentorship at the IIT Hyderabad campus for up to 12 weeks to help them further develop and scale their solutions.

A panel of distinguished judges will evaluate and select the winners whose submissions will be assessed on five broad criteria – application to a social problem or need, innovative use of technology, originality of ideas, ease of use and the quality of presentation. The jury will comprise Prof. Trilochan Sastry, former Dean, IIM Bangalore; Padma Shree Arvind Gupta, an Indian toy inventor and science expert; Prof. Anil Gupta, visiting faculty member, IIM Ahmedabad, a globally renowned scholar of grassroots innovations and founder of the Honey Bee Network; Prof. GVV Sharma, Faculty member of the Department of Electrical Engineering and Coordinator, Teaching Learning Centre, IIT Hyderabad; Sumit Virmani, Senior Vice President and Global Head – Marketing, Infosys, and Infosys Foundation Chairperson, renowned author and philanthropist Sudha Murty.

0 Comments