There has been a sharp rise in cyber-attacks ever since the coronavirus (COVID-19) pandemic and global business have been suffering from it more than ever before. With the spread of COVID-19, increased demands for information technology (IT) support services are occurring across nearly all industries, as worldwide employees, students, university faculty, and others are being asked or required to work or study remotely from their homes to reduce the spread of the virus.
|As a result, nation-state cyber-attack groups and criminal cyber-attack groups are taking maximum advantage to target cyber vulnerabilities in select industries, especially those most impacted by the current crisis. Realizing that 40% or more of cyber vulnerabilities are directly linked to employee behavior, per Gartner’s latest studies, it is vital that organizations focus more on their employees via cybersecurity awareness, education, training, and use of simulations to create a stronger human firewall to protect their vital digital assets. After all, according to IBM Security’s latest findings, the average cost of a cyber data breach is now $8.2 million.
|To reduce the probability of a cyber-attack or a significant data breach and mitigate the negative financial and impacts that typically follow, we offer the following cybersecurity recommendations which are applicable to all industries:
1) Ensure resilience – Implement and periodically test an enterprise-wide business continuity plan (BCP) and disaster recovery plan (DRP).
2) Conduct MDR 24/7/365 – Using advanced security information event management (SIEM) software, data visualization tools, automation, and artificial intelligence (AI) capabilities, continually monitor, detect and respond to all cyber incidents including: email system, network, software applications, and all information system endpoints.
3) Build a culture of cybersecurity – Promote and support all employees practicing effective cybersecurity policies, processes, and procedures via a comprehensive cybersecurity awareness, education, and training program including spear-phishing campaigns and cyber data breach table-top exercises.
4) Conduct regular advanced cyber diagnostic assessments – Regularly conduct assessments such as: Email Cyber-Attack assessment, Network & Endpoint Cyber-Attack assessment, Vulnerability Scanning assessment, Penetration Testing assessment and Spear Phishing assessment.
5) Establish a rapid cyber-attack incident response plan – Develop and periodically test an enterprise-wide well-coordinated information system incident response plan to quickly identify, contain, eradicate and recover from cyber-attacks.