In October 2004, the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) launched the first annual Cybersecurity Awareness Month. Seventeen years later, their mission — to raise awareness about the importance of cybersecurity — is more critical than ever.
In the first three months of 2020 alone, cyber fraud jumped 20% as cybercriminals seized on the vulnerabilities created by the COVID-19 pandemic.
We sat down with OnSolve’s new Vice President of Global Security Solutions Matt Bradley to get his perspective on the pandemic’s impact on cybersecurity. The two main takeaways from our conversation: An incident management plan is a must, and a critical event management platform plays a key role in heightening awareness and mitigating risks.
“Do Your Part. #BeCyberSmart.” That’s the theme of this year’s Cybersecurity Awareness Month. As Bradley explains, it’s never been more relevant — or more crucial to take proactive steps to enhance cybersecurity at your organization.
1. Prior to COVID-19, how was the world of digital threats and cybersecurity evolving?
Digital threats were increasing even pre-COVID, so cybersecurity is top of mind for all chief security and risk officers, or anyone who deals with business continuity. You can’t go a day without hearing about another breach, ransomware, fraud or something else that affects a company — and how it impacts their brand, reputation, stock price and financials.
2. How has the global pandemic complicated cybersecurity for organizations?
The major impact is the increase in the number of people working from home. The number of connected devices in locations that an organization does not control has just expanded. So now you’re talking about securing a laptop that’s connected to WIFI in someone’s home or in whatever place they choose to work from. And while that was a risk to companies before, it was usually a risk limited to a subset of their employees. Now it’s all of them.
3. COVID-19 has transitioned so many new aspects of our lives online. We work from home, go to school online, shop more online. How has this new digital reality changed the cybersecurity threats organizations face? Are the types of threats changing?
While the types of threats may still be the same, the creativity of the threats has evolved. If we were to define the types of threats, we still see the use of phishing attacks and social engineering. But they’re not calling anymore, because people aren’t sitting at their desks. Email threats have increased, and thieves are getting more creative using COVID-19 as a way to scare people into giving them information. It’s everything you warned about before, but now you have to go back and say, ‘This is another scam.’ So it just increases the workload. In fact, I received a very credible email that appeared to be from my IT department welcoming me as a new employee and asking me to click a link. It seemed fishy to me so I didn’t click, but many new employees might have clicked on it.
4. What can organizations do to protect themselves from cyber threats, both from a corporate culture and technology standpoint?
The most important thing is to have a plan. When the pandemic hit, companies sent people home with laptops but no plan. And due to business continuity requirements, you just had to have people work. It’s not that they didn’t set up their laptops in a secure manner. It’s that they didn’t train people. And they didn’t have a policy about taking your laptop on the road, to your lake house, on vacation.
So now they have to go back and look at all those laptops, people and places where they’re working and set up new rules. And then you have to follow up to make sure people are complying with the rules. And that all goes back to the implementation of your security plan.
5. How much of an impact does training have?
Training is critical. People take it for granted that because you were using a desktop at work, you’ve been trained. I mean, it’s not like it’s the first time you were given an email address. But think about your mentality at home versus your mentality at work. It’s different when you’re sitting at your desk at work and an email comes in that looks weird versus when you just rolled in from dropping off your kid at soccer practice and you sat down to catch up on emails because you took an hour out of the middle of your day. And let’s say you see an email that says ‘Urgent’ and it’s from your boss’s boss who needs you to click on a link to download something from SharePoint. You’re going to click on the link. You’ll let your guard down, because you’re not in work mode.
6. What role does a critical event management platform like OnSolve’s play in helping an organization protect against and respond to cyber threats?
The most important thing anybody needs when understanding cyber threats is information about what the threat is. A critical event management platform with risk intelligence would tell you that. Imagine you’re the CISO of a large corporation who’s getting bulletins from everywhere and needs somebody to piece it all together versus having to look at 15 blogs or emails from a hundred different organizations. By the time you’ve sifted through all of the data, you’re too late to act upon and communicate a potential cyber threat to your global employee base.
A critical event management platform would bring relevant data about a threat together with how it is impacting your people, assets or operations, and deliver it quickly so you can assess, act and communicate the threat from one place. Specifically, it would draw on three capabilities:
It would also let you separate the communications, so you can keep track of who’s received what. And it would record every action taken based on your communications, so you have an audit trail. That’s a very important part of prevention, because nobody is going to check if you’ve done it right until something goes wrong.
7. If there’s one thing you would pinpoint as absolutely vital for organizations to do to protect themselves from cybersecurity threats now, what would it be?
Planning–because you can’t do it in the moment. And speed of response, especially in a cyber threat, is vitally important. Speed of intelligence is important too, but there are situations where you may find out about a threat because something has already happened in your organization. You then need to know the severity, how you’re going to respond and what needs to be communicated. Because while you’re trying to figure out what you should do, this thing could be propagating on your network. So, again, having the plan that says, ‘This happened, okay, this is what we do.’ And if I can speed up that response, I can mitigate the damage.
And who can we look to in terms of organizations with a good plan in place? According to Bradley, the success story is every day you’re not in the news. Success is how an organization manages something that happens from a crisis or brand reputation standpoint. And if it’s not happening to you, you’re probably managing it well.
Visit our CEM Resource Center to learn how you can protect people, infrastructure and assets and create better outcomes with modern critical event management (CEM) technology.