The COVID-19 pandemic has had, and continues to have, a huge impact on people’s lives, families and communities.
The immediate effect on organisations has changed the ways employees work and has introduced new cyber risks. We know that companies are facing significant operational and financial challenges, requiring organisations and employees to rethink ways of working.
We are seeing an increase in both the likelihood and impact of cyber-attacks and, as organisations move to quickly implement remote-working systems, cyber-security good practices are falling short.
We are also seeing the nature of threats changing, as attackers exploit the uncertainty and vulnerability that has followed this rapid IT and organisational change.
As lockdown is relaxed, a new normality is expected to emerge and many organisations will choose to maintain a much larger remote workforce.
In order to ensure the maintenance of an organisations’ security posture, Cognisys recommend reviewing the cyber-security measures implemented and associated with their newly mobile and geographically-distant employees.
Furthermore, it’s vital that all critical security functions continue, such as patching security vulnerabilities - including for all remotely connected laptops, security monitoring, identity management and backing up of key systems.
All internet-facing systems and services should be audited and documented. Access should be regulated and controlled by additional layers of authentication and the entire perimeter should be secured as much as possible.
Finally, staff should be on the lookout for opportunistic threats in the form of COVID-related phishing attempts.
Whilst the overall amount of phishing attacks remains steady, the nature of attacks is increasingly focussed on exploiting areas of uncertainty surrounding information and guidance on the pandemic.
Finance teams in particular should be on their guard, especially if they are remote, fragmented or in new working environments. Any unusual payment requests from senior individuals should be validated through a separate trusted communication method.
Cognisys is fully committed to the security of its clients systems and the health and wellbeing of staff and customers alike.
We are continuing to provide all remote penetration testing as normal and many of the on-site tests can be carried out through the use of our SmartScan boxes. Once these are delivered, our technical team can interact in many ways as if they are physically on-site, thereby removing any physical risk of Coronavirus infection.
M365 and O365 tenant security reviews have continued following the regular process and we are still seeing a high incidence of data exfiltration and financial fraud, due chiefly to the absence of Multi-Factor Authentication and further insecure implementation.
To ensure safety and success, it is vital that security awareness is prioritised in all organisations. Cognisys are cyber-security experts, who exist to improve your organisation’s security posture.
Stay safe – physically, mentally and cyber securely.