Cloud Security: Watch out for the Pandemic-spawned Viruses!
It has been over a month that the world continues to witness untold human tragedy and massive lockdowns due to the Coronavirus pandemic. Even as people and global economies wait to get back to what could be a new normal, one technology has been at the forefront, enabling millions of people to work remotely. Even before the pandemic hit, Cloud technology was fostering connectivity between businesses and their consumers worldwide. But now, its utility is even more pronounced. The numbers don’t lie: Cloud IT infrastructure spending grew by 12.4% in the fourth quarter of 2019, around the time COVID-19 made its presence felt, according to a report by IDC.
The Threats Are Real
However, the steep rise in its usage also results in heightened exposure to cyber security threats for the consumers of Cloud technology. According to a survey conducted by Fugue, 84% of cloud engineers are worried about new security vulnerabilities stemming from the sudden cloud adoption amid COVID-19.
The pandemic has, unfortunately, provided happy hunting grounds for cyber attackers. In Germany, a food delivery company was compromised by a distributed denial of service (DDoS) attack. In the US, several phishing emails were sent to workers after the government passed a relief bill. In the Czech Republic, cyber-attacks halted emergency surgeries and diverted critical patients to hospital already busy with COVID-19 cases. This is just a glimpse of the attacks happening across the globe, as reported by Gartner.
That’s not all. Here is a snapshot of the cyber threats arising from COVID-19 in the first quarter of 2020, according to a study conducted by Trend Micro Research, who found pandemic-related emails with malicious attachments way back in February 2020.
Blueprint for Proactive Security Measures
So how do enterprises take on the forces at work that seek to destroy precious and critical assets, even in this time of worldwide crises? Here are a few tips according to McKinsey & Company:
- It all begins with educating your employees about the risks. Instead of asking users what not to do (which mostly gets filtered out), IT teams can encourage them to use office-approved devices and explain the benefits of using security tools and methods such as encrypted messaging; educating them about what suspicious communication or links look like, among other practices. IT teams can also identify high-risk user groups and monitor any behavior that can provide early insights into potential security breaches.
- Expand your monitoring reach: The surge in work from home mandates has resulted in an expanded surface for attackers to exploit. Basic protection mechanisms such as intrusion prevention systems may not be able to safeguard users who are not connected to a VPN and working remotely. In such a scenario, organizations should opt for endpoint security solutions or update their security information and event management (SIEM) systems.
- Establish incident response protocols: Ensure your emergency response teams know how to respond when security is breached. Build your protocol such that unavailability of the decision makers or usual escalation pathways doesn’t hamper response.
- Build best practices around procurement: If a security tool/program is the best fit for you, let its acquisition not be mired in red tape.
- Ensure third parties are security norms compliant: Ensure that your off-site vendors and contractors are abiding by the latest regulatory compliances related to cyber security. For instance, you can ask them if they have had any security drills lately, get to know about their security hygiene, and then take a call if your association with them should continue, pause, or stop accordingly.
- Eyes on the future: Go for cloud providers that continually roll out updates without you having to work on the maintenance part at your end. Examples that come to mind first are Amazon and Microsoft. For added security, you can implement the updates first in a test environment so that your IT teams can fully inspect any potential risk that these updates may expose your ecosystem to.
Cloud technology provides immense opportunities to scale up and respond to opportunities that the business world presents, but security must not be relegated to a knee-jerk response.
To know more about how endpoint security and automation can help deal with disruptive events like the COVID-19 pandemic, download this insightful eBrief.