Mitigating Cybersecurity Risks During a Crisis

Written by Hanoz Umrigar | Mar 25, 2020 2:11:17 PM

IT / OT Infrastructure, Digital Information and IoT devices

With the spread of COVID-19, new challenges and opportunities will arise for keeping your business safe from cybersecurity threats. As the government and businesses work on mitigating the impact of the ongoing outbreak, social distancing measures are leading to an increase in remote working across all sectors. The immediate challenge is “how can I protect my digital assets from a cyber-attack?” Some key vulnerabilities to a cyberattack are Information Technology / Operational Technology (IT / OT) infrastructure, digital information and Internet of Things (IoT) devices.

IT / OT Infrastructure Concerns

The immediate risk to an organization during these times is its IT / OT infrastructure. “A Clark School study at the University of Maryland is one of the first to quantify the near-constant rate of hacker attacks of computers with Internet access— every 39 seconds on average”1. Additionally, 43% of the cyber-attack targets were small to mid-size businesses1. This happens, in great part, due to the system not having the capacity to support the increase in information flow (when the system is being overwhelmed), which gives a hacker an opportunity to strike.

To mitigate this risk, NIST has developed NISTIR 8183 Cybersecurity Framework Manufacturing Profile. This document provides Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The Framework is used by many manufacturers as a roadmap for reducing cybersecurity risk as it aligns with manufacturing sector goals and industry best practices. The manufacturing framework is meant to enhance but not to replace current cybersecurity standards and industry guidelines that the manufacturer is embracing.

IT Security Concerns

As the COVID-19 pandemic has increased our need to work remotely; this has increased the challenges an internal networking / cybersecurity team must manage. To make matters worse, some organizations have multiple IoT devices which increase the risk of getting hacked – the attack surface is greater with more devices connected and communicating.

With these cybersecurity concerns, a few elementary cybersecurity considerations might be:

  • Is the Wi-Fi connection secure?
  • Are all IoT devices updated with the appropriate updates, anti-virus, firewall, etc., security tools?
  • If you are a small business owner, how well is your information protected?
  • Do all employees receive adequate instruction regarding system security policies / procedures?

To tackle these challenges for small business owners, NIST has developed an interagency report:NISTIR 7621 Rev.1 Small Business Information Security: The Fundamentals, as a reference / guideline regarding cybersecurity for small business and presented in non-technical language.

Also, if your organization is using multiple IoT devices then follow the guidelines of NISTIR 8228 Consideration for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The purpose of this guideline is to help organization better understand / manage the cybersecurity and privacy risks associated with their individual IoT devices throughout the devices’ lifecycles.

In conclusion, your organization does not have to face these cybersecurity threats by yourself, especially in these uncertain times. IMEC is ready to help you Plan – Implement – Excel when it comes to your cyber and system security needs, and stands poised with the National Manufacturing Extension Partnership (MEP) Network and security partners to bring awareness and practical solutions to meet your cybersecurity and system security needs.