COVID19 and Cyber Risk
The current circumstance of COVID-19 can increase organizations vulnerability to cyber-attacks, phishing attempts and fraud. All organizations required to exercise caution in that respect to continue functioning normally and efficiently. As many organizations moved to remote working arrangements they are required to make sure they are improving the resilience against cyber-attacks associated with COVID-19 without disrupting productivity.
We are listing below some of important controls to be implemented to improve resilience against cyber-attacks:
- Employees awareness:
Since human is the most vulnerable asset in any organization, we highly recommend raising employees’ cyber awareness against phishing emails, fraud and cyber-attack. Employees must be instructed to exercise caution around COVID19 related phishing emails, vishing calls, SMSs, social media content, etc. and must be trained in how to detect these attacks and report any suspicious cyber activity to the right party in the organization.
- Multi Factor Authentication (MFA):
Using MFA in accessing critical organizations assets or corporate network remotely. Using MFA forms an additional challenge for threat actors, reducing the likelihood of gaining unauthorised access to an account.
- Prevent software installation:
Prevent users from installing and executing unknown software to reduce the likelihood of malware infection from email or websites and ensure thorough security risk assessments are conducted for any new technology being introduced for remote operations.
- Access Review:
New access granted or amended access level must be monitored during such circumstance to detect any unauthorised access.
- Logs Monitoring:
Intensify monitoring capabilities, by retaining detailed logs and ensuring that reporting, alerting and access to logs are available for a specific time depending on the organization size.
- Data Loss Prevention (DLP):
Ensure Data Loss Prevention capabilities exist to prevent data breaches across all organization’s channels. If a preventive control is not available, disable the file sharing and Copy/Paste functions.
By Guest Author : Hala Elghawi
Who is Hala ?
Hala has more than 13 years of experience in banking industry and she is passionate in Risk management, Controls, Information Security, Technology, Business Continuity Management, and IT Governance. She hold a Master’s degree in Quality Management, and the BSc in Management Information Systems, and I am certified in PMP (Project Management Professional), ISO 27001 Lead Implementer, COBIT Foundation & COBIT Implementation in addition to having a diploma in Risk Management.
More Articles :
UAE is a major draw for cybercriminals, research shows
Home networks in the UAE remain a major draw for cybercriminals looking to pivot to corporate systems, devices, and networks, new research has shown.
According to Trend Micro’s 2020 annual cybersecurity report, cybercriminals are increasingly targeting home networks since they aren’t as protected as office networks. This trend, experts say, has accelerated due the increased numbers of professionals working for home and using their home networks to remain connected to their peers in the office.
“Last year brought unprecedented challenges when it came to cybersecurity, as organisations across all industries adapted to forced digital transformation that was caused by the Covid-19 pandemic,” said Majd Sinan, country manager, Trend Micro UAE. “This year has set new benchmarks and it is imperative to look at threat postures from a holistic perspective to be able to combat with modern day attacks.”
In its efforts to ensure secured digital transformation journeys of organisations in the UAE, Trend Micro has been working closely with public and private sectors to create digital security awareness. Trend Micro’s report revealed that the company had blocked 62.6 billion threats last year, 91 per cent of which were email-borne. The findings also cited an average of 119,000 cyber threats detected per minute in 2020 as home workers and infrastructure came under new pressure from attacks.
In the UAE, Trend Micro solutions detected and blocked over 19 million email threats, prevented 10 million malicious URL Victim attacks, and nearly 119,000 URL hosts. In addition, 2.7 million malware attacks were identified and stopped, while over 1,600 online related banking malware threats were blocked. In addition, Trend Micro’s Smart Home Network (SHN) solutions blocked more than 25 million SHN inbound and outbound attacks combined, preventing 13 million events where hackers targeted home devices in a bid to obtain sensitive information, intercept communications, or launch external attacks.
Similarly, both Mimecast and Help AG recorded a spike in cybersecurity threats in 2020. Mimecast’s latest ‘The State of Email Security’ report revealed that 86 per cent of respondents indicated that their companies had experienced a business disruption, financial loss or other setback in 2020 due to a lack of cyber preparedness. Respondents identified ransomware as the chief culprit behind these disruptions. When it comes to the UAE, 78 per cent indicated that they had been impacted by ransomware in 2020, a massive increase from 66 per cent of companies reporting such disruption last year. Companies impacted by ransomware lost an average of six working days to system downtime, with 29 per cent of the companies in the UAE saying downtime lasted one week or more.
More worryingly, only 23 per cent of businesses in the UAE said that they have a cyber resilience strategy in place, compared to the global 44 per cent. In addition, 22 per cent said that they have no email security system in place, compared to the 13 percent globally; and that ongoing cyber awareness training is only provided by one out of five companies. Looking ahead, 75 per cent of survey respondents in the UAE believe that their business will be harmed by email attacks this year; while 50 per cent said that employee naiveté about cybersecurity is one of their greatest vulnerabilities.
Help AG’s ‘State of the Market Report 2021’ revealed that over 10 million Distributed Denial of Service (DDoS) attacks were recorded globally in 2020, including a 183 per cent increase in the UAE alone, while ransomware attacks are on the rise, with the government, private, oil and gas, telecom and healthcare sectors particularly affected. The attacks are also increasing in scale, with the largest one observed in the UAE measured at 254.3 Gbps. This increase has made DDoS attacks by far the most prolific form of cybersecurity threats faced by organisations today.
Experts at Help AG also said that 2020 was the year of VPN attacks, which is unsurprising considering the move to a new normal that came with a distributed workforce globally. There was a major incident or new vulnerability identified in almost every single month of the year, highlighting the increasing need for Zero Trust Network Access (ZTNA) to become an industry standard for cybersecurity.
“Cybersecurity is not a one-man show,” said Nicolai Solling, chief technology officer at Help AG. “It takes collaboration amongst all responsible actors in the government and private sectors to improve the region’s digital security landscape.”