We have entered a new decade and it won’t be wrong to state the new decade has brought with itself several new ways of managing and operating a business. Most of the organizations are operating remotely to steer through the new normal and maintain business continuity. These new remote working models have created multiple endpoints in data chains, providing cyber attackers not one, but multiple access points to an IT infrastructure’s nucleus – data. It is not surprising to note that, as per The Ministry of Electronics and Information Technology (MeITY), till August 2020, almost 7 lakh cyber-attacks were faced by Indian citizens, commercial and legal entities.
Hackers and cyber-criminals are always on the look for new methods of entry, one of which is below the PC operating system. Low-level attacks often take advantage of weak system configurations and firmware vulnerabilities. While many of these attacks may not be as sensational as ransomware, they can be even more devastating.
Considering these threats and that organizations’ security parameter is expanding beyond the traditional four walls into their employees’ homes, here are five fundamentals one should keep in mind from a cybersecurity perspective:
· Protect devices above and below the operating system (OS) – In addition to having modern solutions in place to prevent unknown threats and respond quickly and efficiently to attacks across the endpoint, network and cloud, you must also choose devices that have protection and detection capabilities below the OS at the PC BIOS level, where we’re seeing a significant rise of attacks. The PC BIOS lives deep inside the PC and controls core functions like booting the PC. Often when the PC BIOS is compromised, the attacker remains hidden while the PC has credentialed access to the network and data.
· Ensure the physical security of a device and its data – The physical protection of a device is just as important as the cybersecurity deployed on and within the device. If you are using public spaces to work, remember to use a privacy shield so your data is protected from prying eyes. Also, enabling chassis intrusion detection tools will notify the user and send an alert to the system administrator if any physical tampering of the device takes place.
· Move to a password-plus strategy – Enhance passwords with biometrics, implement multifactor authentication and utilize digital certificates for stronger protection. Cost and complexity barriers are breaking down, making biometrics like fingerprint and facial recognition, easier to adopt. Also consider using password managers to create strong, complex and unique passwords which are then stored in a secure repository.
· Train employees routinely on smart security practices –This is especially important with many working from a home environment. Implement a security training program and include regular tests like sending test phishing emails to keep employees skills sharpened. And don’t forget, security training is equally important for security practitioners and IT managers as it is for any other employee.
· Make room for usability and protection to co-exist. Even if you have the best security tools, if they’re hard to use or hinder productivity, they will be ignored or defeated by your employees, leaving your organization at risk. Successful security solutions must be easy to deploy, easy to maintain and easy to use.
We know that the threat landscape is constantly evolving, so flexibility is key. Organizations should assess the tools they have, invest in the future and remember to adapt with the threat landscape. By focusing on foundational elements, like the five above, you can ensure your organization is off to a strong start today and in the future.