Information Security Management in the Time of a Pandemic
Future-Proof Your Risk Response
Information Security Management in the Time of a Pandemic
May 11, 2021
To adapt or to get left behind? This is one of the most prevalent questions asked to organizations today.
When the pandemic first hit global attention, it consequently tipped the scales of the traditional work setup and paved the way for digital transformation. Everything else took a back seat as industry leaders went in survival mode to re-strategize long term solutions and forecast new challenges. It’s either you adapt and respond with technology or risk significant losses and even closure.
While this new normal pushed the pace for innovation, this has also created ripe opportunities for cyber criminals. The year 2020 alone saw an alarming increase of cyber-attacks.
We saw phishing attacks and multiple unfamiliar sign-ins in a pharmaceutical. We saw a commercial bank detect unauthorized firewall policy changes and web applications attacks in its system. In fact, we even witnessed malware attacks in a highly secured insurance company.
As leaders of digitally reliant industries, this situation forces us to ask the question: How do we future-proof our organization to face tomorrow’s perils? Through the incidents shared by our partners and through the proactive detection and incident response services delivered by our Managed ICT Services (MICTS) team, we share these real-life experiences to provide a better view of the threat landscape.
A universal commercial bank detects a firewall policy change
A common security incident, as experienced by a commercial bank client, is when a user performs a change in the system’s firewall policies. The incident detection is triggered when the change occurs from a user that may or may not be included on a watchlist. The detection considers the user’s IP address, source user account, and the application and command used.
As a response to the potential risk, the user’s activity is verified if legitimate or not. An investigation may take place to account for the user’s activities before the firewall policy change occurred.
For companies in the finance sector, web application attacks are also common. These are in fact considered the single most prevalent and devastating security threat facing organizations today. Some of the most common web attacks include SQL injection, Cross-Site Scripting (XSS), and Horizontal Port Scanning among others.
For these types of attacks, the best course of action is to confirm the malicious sites and to block the IP to the firewall. Disabling unused ports and services and updating of firewall and web security policies are also recommended.
Unfamiliar sign-in and phishing in a pharmaceutical
Cyber criminals often prey on large companies with critical access to private and sensitive information. In one of MICTS’ incident reports, a pharmaceutical company detected an unusual sign-in from a location that’s not in the list of familiar locations. These “familiar” locations are previously stored locations by a user. The past sign-in history (IP, Latitude/Longitude, and ASN) are reviewed to look for these anomalous sign-ins.
As response to the trigger, the user gets contacted to confirm if the incident was a legitimate activity on their end. If it was not a legitimate activity, the user will then need to perform multi-factor authentication, to reset passwords, or to be temporarily blocked until an administrator takes action.
Like many companies, the pharmaceutical also experienced phishing attacks— a type of social engineering attack which attempts to steal user data, login credentials, and credit card numbers. The attacker masquerades as a trusted entity and dupes a victim into opening an email with a malicious link.
Insurance company encounters malware, malicious inbound, and outbound traffic
A partner insurance company recently experienced a malware attack—most of which are Trojans that download and run other malicious software to the user’s system. These Trojans can be used in a number of ways like deleting data, creating backdoors around security processes, or sending spam emails.
Through our system, we also found inbound communications coming from “Global Threat Intel” which we detected as possible port scanning or TCP connections from malicious IP address or hosts. Outbound traffic was also detected through Indicators of Compromise (IOC). These are watchlist of verified malicious threats from the internet. This can be malicious IP address, URLs, or email address. The data of IOC is gathered after a suspicious incident, security event, or unexpected callouts from the network. In both these circumstances, the ideal course of action is to block the source IP to the network and also to clean up firewall policies.
Awareness is every organization’s best defense
While technology can offer safeguards to protect our constituents from cyber predators, getting the whole organization to understand the magnitude of the threats should still be the priority.
At our MICTS team, we found out that the best way, really, is to build a mindset of responsibility to the whole organization. By helping every employee understand how big the role they play is in the protection of the organization’s assets, you empower them to become more mindful colleagues and to prevent the attack before it even happens. Security, after all, is everyone’s collective responsibility.
If your organization upholds high standards for collective responsibility and employs information security services into your corporate infrastructure—the kind that MICTS’s Security as a Service (SECaaS) can offer—then we believe that we can make the digital world a safer place.
To adapt or get left behind? With the right mindset and the right service, you can secure your digital solutions and future-proof your organization. For more information and inquiries about Trends MICTS, you may contact us at info@trends.com.ph or through our website trends.com.ph.