Covid 19 caused several organisations to quickly change their Digital strategy and automated most of their manual processes to allow their customers access the services online, which also led to the automation of internal organisation processes as several employees were or are Teleworking. When the pandemic started the focus by most organisation was functionality (Developing systems to ensure that the organisation continues functioning as per normal operations to avoid losing revues). There was less focus on the security of systems been developed as this would have caused a delay on the rolling out of the systems.
Organisations had less time to consider most of the security features like the flaws in the software been used to develop the systems, firewall policies, encryption and patches. What they did not realize was that by automating most of their processes they were increasing their attacking surface to the cyber-criminals as it was now easier for the cyber-criminal to penetrate their environment. The organisation Hack value also increased as most of the transactions were now done online which made them attractive to the cyber-criminals to either steal the funds or attack the organisation using a ransomware which would led to paying large sums of money.
What CISO’s and CIO’s need to do now.
Processes have been automated allowing customers to access organisation services like making payments, raising queries without physically visiting the offices. Your organisation has managed to have Telecommuting employees for the past months since the pandemic started and no major security breach has been reported. This would be the right time to start assessing the security posture of your systems and the entire Organisational ICT infrastructure.
This is the right time for CISO’s and CIO’s to conduct vulnerability assessments and pen tests on their ICT environments. CISO’s and CIO’s also need to note that cyber-criminals are no longer spending much effort in trying to penetrate firewalls, but they have shifted their focus in taking advantage of systems flaws as most developers and systems admins do not change the default settings. Cyber-criminals are now hacking humans through social engineering especially now that most systems are online
CISO’s and CIO’s should take User security awareness serious now than ever before, there has never been a more critical time in the history of IT and cyberthreats for organisations to consider security awareness sessions than now. It is been noted that the opportunity for cybercriminals to succeed in compromising machines of employees has greatly increased.
Security in an organisation and its cyber defense is majorly dependent on the weakest link and in the People-Process-Technology triad, the weakest link are the People of an organization. Security reports indicate that the biggest threat to endpoint security is negligence among employees to adhere to defined security practices.
NOTE: “It’s not if you are going to be hacked, it’s when you are going to be hacked as cyber-criminals have more time than your IT security team who are busy with policies, access controls and other IT Security functions. The more you automate the more you become an interesting target to the cyber-criminals.”