User Behaviour Risk for Cyber Activity During Pandemic
By : Welly Manurung | Thursday, July 30 2020 - 16:45 IWST
Welly Manurung (MM-Tech - President University)
INDUSTRY.co.id - As we see on this pandemic what COVID-19 has created is effectively a huge monitoring challenge. Business and Industry need to ensure that remote users are who they say they are, and that their behavior is consistent with what would be expected. This is difficult when users may be logging in not only from company-issued computers or notebooks but also their smartphones, tablets and other connected devices. Usual BYOD (bring your own device) protocols that allow remote access only from one device may need to have been relaxed. In addition, staff are most likely not following their usual work patterns (logging on at circa 8am, logging out at circa 5pm) but may be working in bursts across different hours due to child care and other duties. So, how do monitoring systems spot ‘unusual’ patterns of activity and flag it for further investigation?
The User remote connection challenge
However, it’s not only customers that industry are having to work hard to protect: there is an increased risk with staff as well. It is perhaps one of the unintended consequences of the mass migration to working from home that fraudsters have been handed a new and very tempting field of play. Employees could be more vulnerable to phishing emails and other scams. The threat is what we call the ‘hostile home network’: in a household, multiple family members could be logging in on the same network and clicking on links and content of many different kinds, potentially exposing devices to malware that could then enter the firm’s enterprise if the right endpoint controls are not in place.
There has also been a huge rise in the use of video conferencing facilities. But some of these have been shown to have sub-optimal security standards, with suspected instances of uninvited parties eavesdropping or even hijacking the conversations. Corporate of course have sophisticated and established connectivity and IT systems and already enable many staff to work remotely when needed. But the huge jump in the number of staff at all levels of the organization needing remote access has created an initial challenge even for them. Some staff may have lacked the hardware or software needed to access the bank’s Virtual Private Network (VPN), leading to IT teams loosening some controls in the short term.
Merchant surveillance interrupted
Another important area is trader surveillance. Regulatory rules require that traders’ calls are recorded and monitored. But traders have been working from home and calls have gone unrecorded. Some e-commerce have begun bringing traders back to the office, but others are still working from home. Regulators have allowed some short-term leeway here, given the importance of keeping liquidity flowing in the marketplace, but it is a situation that can’t go on forever. In the meantime, marketplace are sure to be scrutinizing trades very carefully for signs of anything unusual. All of these issues only underline the key importance of strong information security, cyber and anti-fraud controls. It is an area that will continue to be a major focus as we move into the post-COVID recovery.
Future directions for Cyber security
Looking forward, we see two key trends arising out of this experience. Firstly, with levels of remote working likely to remain higher than they were pre-COVID-19, corporate may need to ‘reset’ some of their protocols and policies around access management, finding ways to increase flexibility without compromising security. They are also likely to look for more secure video conferencing services.
Secondly, we anticipate an increase in industrial moving parts of their IT operations to public cloud environments. Most of corporate use their own private clouds at present. But in a lockdown and other emergency situations, these can be challenging to maintain. If a security patch needs to be rolled out across a system, for example, private cloud requires a team member be physically on site. But with public cloud, patch management and other security features can automatically run remotely. For this move to happen, public cloud operators will need to meet the very specific and stringent extra security requirements that corporate are likely to have. But we expect the will to be there on both sides to make it work. It may be phased and gradual, but is likely to be a trend over the coming years.
Alongside all the other pressing issues of supporting customers and providing liquidity, cyber security will remain a top priority for business and industry for the future.