Business Security

How can better infosec contribute to improved business continuity and make for a more cyber-resilient organization?

Jaya Baloo, 27 April 2020

Learn more about the role infosec plays in keeping businesses running smoothly and resiliently in the face of this global health crisis.

In these times of the COVID-19 crisis, businesses must go back to the basics. And that means understanding how to provide the best-in-class customer service, taking care of their employees, and being resilient to this disaster. These all revolve around making sure that your business continuity is up to snuff. While it is possible that you may not experience any disruption, you might as well plan ahead.

In the old, pre-coronavirus, days, business continuity usually meant doing disaster recovery drills and setting up duplicate data centers that could come online in case the main data center was unavailable for a period of time. Those days are behind us now. Not to be alarmist, but we are living in different times, and we have to think of continuity in a new light. The notion of having a “headquarters” staff working “on your network” takes on different meaning.

In my blog post on 17 March 2020, I outlined what my own journey was like toward supporting this new working environment. But building a resilient business is a lot more than just figuring out how to set up a VPN and produce a few web conferences. 

At the core of continuity is ensuring that your processes and applications and data are intact, no matter what happens to your Internet connectivity or your servers. Do you even have a current list of your business-critical applications? Probably not. Just look at any of the number of ransomware victims over the past year: how many of them couldn’t get their systems restored because they forgot to do backups of one or two forgotten systems? We are operating on a larger scale and that means solving potentially more complex problems.

As I mentioned in my blog post on 21 October 2019, last year we discovered a network intrusion we called Abiss that began in May and wasn’t recognized for several months. Granted, this was a very sophisticated attack designed to elude our tracking systems. While no customer or sensitive data was compromised, it motivated me to examine all of our monitoring systems and resulted in redesigning them to improve our response times for future intrusions. But there are several other things we are doing to become more proactive and boost our resilience to provide better continuity.

These include:

  • Make sure your network and your employees’ can support remote working. I am noticing that a lot of companies have not sized their connectivity for remote working to encompass their whole workforce. The resulting stress on their network inhibits remote working. Just as challenging if it fails, do your employees have sufficient bandwidth to do their work. 
  • Make sure your team is ready to work remotely. I am also seeing a lot of end user challenges. People do not have the right software, they don’t know how to access the applications they use, and they are not familiar with remote working protocols for VPN use, authentication, and application access. 
  • Improve phishing awareness education and training.  One phished email can bring down an entire network, and all it takes is a few milliseconds to misjudge the email and malware has found its way to one of your endpoints. We have put together our own awareness training, and we do it often. This is because we know our own environment best and we can easily create very believable emails that can serve as a teachable moment for our staff. 
  • Teach your staff to think like hackers. The more your own staff can understand how a hacker thinks and tries to worm their way into your network, the more resilient you will be. 
  • Gamify learning. We have to make learning about cybersecurity fun rather than a chore. This means your staff will be more motivated to widen their knowledge and understanding of the issues. Not everyone is a cybersecurity specialist, nor wants to play one on TV. I also try to give our people tests sparingly -- such as only when they have completed our training courses to see if the knowledge has stuck with them.
  • Build a functional security operations center (SOC), not just a stage set. A SOC should support your people, not have ten thousand screens that are pretty to look at but that really say nothing. The utility of a SOC is to be able to provide subtle clues that something is wrong with your infrastructure. As an example, you may still have firewall rules that allow for malware to enter your network. Whether you have your own SOC or outsource it, its capabilities should match what is going on across your network. And critically, your SOC needs to also be remotely enabled as well. 

Improving your business resilience is a journey, not a destination. If you take these above steps, you can improve your cybersecurity and help ensure your business will not only survive but thrive in the future.