Chief Information Officer’s (CIO) tasks have become exceedingly difficult on the back of the ongoing pandemic. This is due to the increase in cyber security threats caused by cybercriminals, who are proficient in capitalizing on a crisis situation. Statistics suggest that during the initial stages of the pandemic, ransomware attacks had spiked by a phenomenal 72%. As of today, the numbers have further increased up to a staggering 105%. According to the Microsoft Digital Defense report, the percentage of attacks aimed at IT firms, non-government organizations, government organizations and international organizations is over 60%.
All these statistics illustrate how pivotal CIO’s role has become during the past few months. These challenges are daunting. The increasingly sophisticated adaptations enacted by cybercriminals can drive any IT professional to their wits end.
In this post we shed light on the 3 questions that should be on the minds of every CIO. Through this, a CIO can potentially assess his organization's security position and determine if its vulnerability.
1. Are end users and clients sufficiently trained and aware?
Almost all cyber-attacks deployed during the Covid-19 pandemic crisis were disguised as global medical relief, humanitarian organizations, US fast food chains and vaccine research institutions. These findings reveal that threat actors pray on fears and the notion developed in human minds to mine information surrounding a crisis situation. They exploit these behavioral patterns to gain malicious access to end user’s and client’s devices predominantly by means of email phishing.
Many cyber security strategies fail to employ holistic approach and turn a blind eye towards vulnerabilities that may be associated with human errors. Instead, most service providers focus only on technical aspects. However, the fact remains, that human errors are the main contributors that avails access to threat actors into an enterprise computer operating systems and networks. A simple infected attachment download can lead to a multi-million-dollar loss. For instance, Emsisoft reported that, 16 days of down time and ransom demands had summed up to incur an estimated loss of $9.2 billion, by 24,770 companies this year.
The most effective solution to these challenges is primarily building awareness. Educating clients and end users regarding vices used by threat actors and improving cyber hygiene by following best practices is a viable method which will help lower risks and monitory damages.
2. Are personal devices secure enough for remote work?
The pandemic altered the enterprise work force to remote workers overnight. Most devices used by remote workers are unmanaged and are highly vulnerable to third party vendors typically through Internet of Things (IoT). Additionally, remote working has caused CIO’s to lose sight on end user devices. The usual practices used to secure computer operations, like software or device patching and upgrades, are no longer available. Thus, making it even more challenging to ensure the safety of company data and assets.
These circumstances work together to open broader avenues for cyber criminals in credential harvesting expeditions, especially Distributed Denial of Service (DDoS) attacks.
Many companies are deploying Virtual Private Network (VPN) and zero trust methods to address the security assoociated with remote workers. VPN creates a secure “tunnel” transmission from the sender are encrypted and at the receiving end the transmission is decrypted. Zero trust ogives access to company information to an end user after a comprehensive verification of user’s credentials and device ID and hygiene. These two adaptations help to secure information irrespective of the user’s or client’s location.
3. What is the most effective way to practice cyber security?
Sufferig a ransomware attack amidst post pandemic employment and economic crisis can push an enterprise toward bankruptcy. CIO are stationed at the forefront against these attacks. Therefore, finding a solution to this question is the best weapon that could be used against them. Even though VPN and zero trust models serve as good solutions, developing a relationship with quality Managed Service Provider (MSP) is an effective resource to combat cyber security attacks. An MSP, such as CSG Technologies, provides holistic IT solutions in respects of infrastructure, cloud computing and migration, cyber security and business continuity plans. Furthermore, they can be additional resources that can be deployed immediately during a time of crisis.
Good MSP services are conducted by regular management, monitoring and maintenance activities. This approach will help avoid potential cyber threats. In addition, MSPs assist with antivirus, spam filtering, firewalls and employee awareness and ensure best practices are employed n IT operations. Finally, partnering with an MSP is recognized by insurance and legal professionals as taking responsible preventative measures against cyber-attacks.
If you and your firm would like to learn more, please contact us today! And place your cyber security strategy in our expert hands without further delay.