By Candy Alexander, CISSP, CISM, NeuEon Cyber Risk Leadership Practice Lead & CISO
Historically, businesses have used cybersecurity practices primarily to secure infrastructure and data and as a means to achieve compliance for key initiatives, for example, the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Cybersecurity Maturity Model Certification (CMMC) for U.S. Department of Defense and Federal Contractors. Today, however, it’s clear that cybersecurity leaders must ramp up their cyber defenses against new and emerging threats in this rapidly changing world.
The COVID-19 pandemic has proven this point. With large numbers of employees transitioning to work from home, many workers now operate outside the protected company perimeter, often with uncontrolled, unmanaged end-points. Hackers have taken advantage. Many businesses simply weren’t prepared and have had to scramble to address the enhanced risk of attacks targeted at this newly-remote workforce.
We couldn’t predict the impact COVID-19 would have on our business operations. We also don’t know what might come next. To stay ahead of the curve, cybersecurity leaders must shift their cyber defense efforts from a reactive stance to one that is more proactive. At the same time, however, they can’t lose sight of the need for sound risk management and compliance practices, which (like the pandemic) can have serious impacts to our businesses if not done well.
It’s about achieving a balance. And we’re sharing a list of what we think are the most valuable resources you can tap into to help you find it.
Increasing Focus on Cyber Defense
Several organizations have created forward-looking resources to help cybersecurity leaders understand how to ramp up their cyber defense capabilities. While some are aimed at helping mitigate risk driven by the pandemic, they also provide valuable information for businesses to be better able to effectively defend against unknown future risks.
- The Center for Internet Security (CIS) has created a Resource Guide for Cybersecurity During the COVID-19 Pandemic which provides information about common cyber-attacks and resources for enhancing cyber defense for both organizations and their employees. It also provides a number of cyber defense controls in its 20 Critical Security Controls.
- The Cybersecurity & Infrastructure Security Agency (CISA) provides a list of resources to enhance security and manage the new and changing risks driven by COVID-19. It includes links to tools and alerts as well as guidance for teleworkers to securely connect to private networks and cloud environments, all of which will be applicable post-COVID-19.
- The U.K.’s National Cyber Security Centre provides several useful resources with guidance for cyber defense strategies to address suspicious messages and emails, phishing, mitigating malware and ransomware attacks, working from home, and end user device security.
- The National Cyber Security Alliance (NCSA) has created a website, Stay Safe Online, with a COVID-19 security library to help employees understand more about how to defend themselves from cyber-attacks.
Sustaining Focus on Risk Management and Compliance
Cybersecurity maturity varies from organization to organization, but whether you’re just getting started or in a more advanced stage, these foundational resources can provide valuable guidance. We encourage you to increase focus on cyber defense but not at the risk of other important cybersecurity practices.
- Understand the current state of the cybersecurity industry by visiting the websites of the Information Systems Security Association (ISSA) and ISACA, both of which conduct annual cybersecurity surveys.
- Learn from the foundational cybersecurity information and news provided by CISA and the National Institute of Standards and Technology (NIST).
- Evaluate and improve your cybersecurity maturity by implementing the NIST’s Cybersecurity Framework and the CIS’s 20 Critical Security Controls.
- If yours is a small business, check out the U.S. Small Business Administration’s Guide for Staying Safe from Cybersecurity Threats.
- Companies of all sizes should sign up to receive alerts from CISA’s National Cyber Awareness System and The MITRE Corporation’s Common Vulnerabilities and Exposures List.
We hope you find these resources helpful. We’d also like to offer a complimentary download of our recent whitepaper, The COVID-19 Pandemic’s Impact on Cyber Risk, which can help you understand the necessary shift in today’s cyber risk model and provides six basic steps you can take to ensure your defensive readiness.
If you’d like to know more about how we’ve worked with companies to advance cybersecurity practices, please contact us for more information. And please, stay safe!