now browsing by tag


Coronavirus Raises New Business Continuity, …

Source: National Cyber Security – Produced By Gregory Evans

What happens when understaffed security teams at home and abroad are sequestered in physical quarantine zones?

(image by Romolo Tavani, via Adobe Stock)

(image by Romolo Tavani, via Adobe Stock)

Cyberattackers are barraging businesses with phishing lures touting fake info about the Coronavirus. And although the lures may be fake, the security and business continuity threats that some IT departments are preparing for are quite real. One big question: If workers are sequestered in physical quarantine zones, will IT and SecOps be able to continue? 

Initially, businesses may dismiss this risk until the virus reaches their regions. However, the risk is more prevalent as the IT supply chain becomes more global and organizations rely on overseas IT services — from help desks to 24/7 SOC-as-a-service. The concern is not just that workers themselves may get infected by the virus; the concern is that employees, contractors, and service providers’ workers who are not infected could nevertheless be quarantined for being in physical proximity to the infected individual. 

“If you’ve got 200 workers working in one place and one of them presents themselves with the illness, it’s pretty likely the government is going to quarantine everybody,” says Edward Minyard, senior consultant at IP Architects, who was an Accenture consultant working with Mexico City on pandemic prevention during the H1N1 virus spread in 2019. “And the current [quarantine] protocol is for 14 days. So that can have a material impact on folks’ planning.

“If you’ve got a large outsourced facility, for example, for your security management, or any facilty with a large number of people in it, you probably don’t want to bring 100 people together and put them in a small room unless you yourself have some evidence that they have not been affected. … And the second part of the challenge is they may not be able to get there. Or even want to go there.”

Minyard says his American clients are beginning to consider the secondary impact they may feel if the virus further expands in, for example, India, a source of so many IT services. (Although India shares its norther border with China, it has thus far experienced only three confirmed cases of the virus, according to the World Health Organization, all of which are in Kerala, a western coastal state that does not border China.)

Nevertheless, Indian businesses have reported disruptions because of the stoppages in shipments from China, where over 45,000 confirmed infections and over 1,000 deaths have been reported, and many millions are in quarantine. All the way over in Barcelona, Mobile World Congress — the world’s biggest trade show for the mobile phone industry — was canceled just one week before it was set to start. 

Ths same challenges also apply to telecoms, electric companies, “and all the others that maintain the networks that are supposed to be supporting the rest of us,” Minyard says.

“From the perspective of business continuity and continuity of operations, this is a real thing,” he says. “This is not speculation. This is going on, and we don’t know how bad it’s going to be. Should you have all your eggs in one basket … I’d be thinking of a different plan.” 

IT security departments, already short-staffed, could be stressed even further than most other teams. And that’s something about the coronavirus that cyberattackers will surely capitalize on — just as they have already.  

Phishing Extravaganza 
Cybersecurity companies have been spilling over with detections and reports of phishing messages that use coronavirus-related lures. The messages include malicious links and attachments and download a variety of malware, from Emotet to wipers to remote access Trojans (RATs).  

The World Health Organization issued a warning about such scams.

Trustwave reported an Office 365 credential-stealing attack, which used a lure appearing to be from the Centers for Disease Control and Prevention (complete with CDC logo and legitimate display address) and the subject header “New case confirmed in your city.”  

Proofpoint discovered a credential-stealer that capitalized on panic with a lure claiming that a secret cure existed and that the government was using the disease as a government bioweapon.

Proofpoint, as well as Cisco Talos, reported messages purporting to provide tips for virus protection; these appeared to be sent not only by official government organizations, but by businesses’ upper management. These messages were used to steal credentials, drop malware like Emotet and — in lures specifically targeting the manufacturing and shipping industries — the Nanocore RAT. 

Related Content:


Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad … View Full Bio

More Insights

Click here for the Source link

The post Coronavirus Raises New Business Continuity, … appeared first on National Cyber Security.

View full post on National Cyber Security

Integrating #cyber security with #business #continuity

Cyber security is a top concern for nearly all companies. While addressing cyber security is clearly a technology-centric issue, recent incidents show it is no longer only a technology issue.

The integration of technology into all areas of credit union operations means that all functions will be impacted in the event of a cyber security response. Similarly, an event impacting business continuity may also have security implications. Today’s level of integration makes it nearly impossible to delineate between cyber and business continuity problems.

The time has come for credit unions to think outside the box and integrate these two important functions. Integrated cyber incident and business continuity programs can deliver benefits that go well beyond dollars and cents.

Consider the below steps to ensure integration is both smooth and effective:

Integrate management teams and resources. Many organizations still consider cyber security incident response and business continuity efforts to be separate functions, primarily because the two disciplines have long been thought of as separate and distinct, each intended to ensure an efficient and appropriate reaction to a unique event. Significant efficiencies and benefits can be realized if the relevant resources and processes are integrated, even if the practices have performed well as individual disciplines in the past. Creating a single process not only optimizes process flow and facilitates training, but it also forms a cohesive function, the goals of which are protecting the organization’s reputation and ensuring continuity of operations.

Align policies, procedures and training. Similar management teams and supporting activities exist in both specialties. Combining these teams and processes will yield a more cohesive, streamlined process that is capable of bringing more assets to bear when an event occurs, regardless of the incident type — which is increasingly important as security and continuity-impacting incidents become themselves more and more frequently integrated. For example, it is not uncommon for cyber criminals to attempt to leverage a physical incident to cover phishing or social engineering attacks. Timely involvement of all business-area leadership is crucial, as any sort of incident could raise immediate issues that require decision-making.

Leverage common touch points between business functions. A comprehensive response plan typically includes many “touch points” between IT and business functions. These touch points are usually coordinated through a response team that has common resources for communication, including periodic situation updates, designated response options and identified  potential business impacts. A common framework may help mitigate the impact of negative events.

Coordinate crisis communications. The key to effective resolution is clear, concise communications, regardless of whether a business-impacting event is cyber or physical in nature. If an event requires communication with members of the public, it is essential to identify and follow regulations specifying how and when impacted individuals must be notified. Establishing clear communication protocols and procedures in advance ensures a credit union’s crisis management team will have the information it needs to develop and distribute authorized communications quickly, effectively and cohesively when the time comes. This preparation will pay off in ensuring an organized response to public concerns and inquiries, and will also make it easier to monitor external activity.

Optimize after action reporting. The root cause of an event is not always obvious, and unless identified through a complete and careful analysis, the event could recur. What actually happened, and why? Once the cause of an incident has been identified and remediated, the credit union should update its incident response program documentation to integrate the lessons learned. Regularly updating an integrated plan reduces the potential for mistakes and eliminates duplication of effort.

Risks related to cyber security should be handled similarly to any other business risk. Whatever the specifics of the incident, a single framework and management reporting structure should be in place to identify and control the incident’s potential impacts. Different subject matter experts may be brought in and out to assist, depending on the nature of the specific problem, but leveraging a common framework, training and reporting structure will facilitate the response and help to reduce negative impact to the business.

Start small when it comes to developing an integrated process. Pay attention to the details, taking it one element at the time. In the end, you will learn a great deal about your business and end up with a process that will support your credit union’s needs well into the future.

View full post on National Cyber Security Ventures

Security and business continuity are top concerns when moving to cloud


Source: National Cyber Security – Produced By Gregory Evans

Security and business continuity are top concerns when moving to cloud

Sixty-two percent of organisations leave data protection and availability of in-cloud data to third-party cloud providers.
New research from CTERA Networks has revealed that the protection of cloud-based servers and applications hasn’t fully evolved to meet enterprise requirements for business

The post Security and business continuity are top concerns when moving to cloud appeared first on National Cyber Security.

View full post on National Cyber Security