COVID-19: Hardening Security Operations
Security operations teams are managing an increasing number of attacks stemming from today’s unprecedented coronavirus pandemic. There has been a sharp increase in social engineering attacks using COVID-19 themes to deliver various malware packages. Sudden work from home (WFH) models are increasing attack surfaces, creating new vulnerabilities attackers can target.
Hardening your security operations is more important now than ever before. It is imperative to be aware of the current threat landscape and to take the critical technical steps needed to harden security operations—and prepare the teams responsible for maintaining them.
Educating employees through a programmatic security awareness training and understanding all of the components of your attack surface are key. Security teams can then prioritize and execute short-term and long-term objectives to reduce risk. Once we return to our ‘new normal’ state, proactive steps like assessing your past response plans will help evolve response planning and threat modelling to harden security operations.
Immediate Action Steps to Take
- Secure all connections — VPN, 2FA, jump boxes, etc.
- Secure an at home workspace vs. working from public areas
- Ensure proper bandwidth
- Provide corporate reimbursement for employees’ internet and phone usage
- Work from provisioned devices to ensure device management
- Utilise team chats and video conferencing for collaboration with security controls
- Remove blacklisted IPs and retrain monitoring tools for new user behaviours
- Invest in a vulnerability management program
- Patch! Patch! Patch! — This reduces the attack surface area
- Focus on remediation management — Not just the number of CVEs, but also the number of affected hosts
Incident Response Planning (IRP)
- Establish retainers for additional incident response capacity
- IRP review against the new normal
- Validate existing IRP through virtual tabletop exercises
- Be aware of threats by reviewing all warnings and notifications
- Verify the source of the alert or warning before taking action. Don't fall victim to a phishing event
- Don't spread rumours. Focus on confirmed facts
- Create WFH threat modelling
- Utilise risk tolerance reduction modelling
- Expect to see more complex and targeted attacks since attackers have time to weaponize
In times of need or crisis, it can be challenging to know who to turn to for help and support. Inspira Enterprise is here to provide our valued clients with the expertise, staffing and technology needed to ensure business continuity.