2020 has brought huge changes to the cybersecurity risk landscape. The effects of the COVID-19 pandemic are still there and the opportunities for new cyber-attacks in different areas are more real than ever.
Knowing your attitude towards cyber security best practices and then effective remediation are two steps in enhancing security between organizations. Before making your first assessment, however, it is important to know where your target audience is hackers and understand the danger that arises with changes in the current landscape. Focusing your efforts will help you update your strategy management for cyber attacks for 2020 and beyond.
Cyber security risk in the supply chain
Supply chain attacks increased by 78% in 2019 according to Symantec and this exponential growth is not expected to slow down by 2020. Supply chain cybersecurity is a stable business for many businesses.
Organizations without specialist suppliers or third party risk groups often find it difficult to assess their supply chain security. The complexity created by increased digitization, business development and third-party partnerships increases the need for protection sensitive information, included finance, personal and strategic information such as intellectual property.
COVID-19 imposed travel bans which limited the number of rating agencies and service providers that could conduct on-site assessments, creating a gap in supply chain security program activities. Some companies approach this issue by asking vendors for reports on how they have changed their cyber risk management strategy to address these issues. changes. If possible, vendor risk management teams are encouraged to monitor the risk response in the vendor's cyberspace not only through risk assessments but also through security, policy and process controls through a single reporting system, such as an integrated risk management solution.
Especially for organizations that work with many small businesses, which are at the highest risk of attacks on cyberspace, knowing where security gaps are in the supply chain is vital.
Cyber security risk in being human
In times of crisis and uncertainty, cyber security teams need to be vigilant and take precautionary measures to ensure that employees throughout their business are not caught in the act. Awareness and education as well as the priority of employees' mental health should be a priority of companies.
Cybercriminals try to exploit you through your weaknesses - either you have not activated 2FA or you are careless and click on a link in a seemingly innocent email. Both are examples of opportunities for cyberbullying that result from human error. Implementing a virtual awareness and training program or conducting weekly security training detailing the most common cyber attacks and how to detect them on a daily basis may be what organizations need to do to properly inform their employees.
Especially in areas like hospitals and health care, prioritization of awareness and training is essential. The DDoS attacks in the fields of Health and Human Services was only the beginning. It is also worth noting that while many of these cyberattacks are designed to manifest themselves quickly and cause rapid upheaval, some of the more sophisticated state hackers will take advantage of organizations that are busy maintaining day-to-day operations and switching to remote work following a more long-term approach to creating disturbances.
The human error occurs in different ways and the data show that it is not only awareness and education that can make a difference. The other area we need to focus on - mental health - may not be discussed as much, but at unprecedented times like the ones we experienced in 2020, it is more important than ever to support the need for rest. employees us. Positive morale and the mental flexibility and alertness that comes from a healthy soul are largely the responsibility of managers and the employer.
Building a healthy and balanced culture in times of uncertainty could help avoid opportunities for Criminals in cyberspace.
Cybersecurity risk in corporate governance
The interconnected risks fueled by the 2020 events require greater oversight by teams information security and cybersecurity and the board. A clear area of cyber security risk in 2020 will come from the weakness of corporate governance functions that will not have the same level of efficiency as when they were done up close.
If board members become ill or unable to perform their duties, there must be a plan. The organizational leadership must be convinced that the business will be able to maintain operations regardless of cyber security incidents. Executive meetings must be organized in virtual or hybrid ways, while maintaining their ability to work in teams and react quickly and accurately in times of crisis, especially if a cyber security incident occurs.
Creating clear contingency plans and maintaining cybersecurity through an integrated risk management approach is recommended for leadership regardless of business scale.