The recent cyber breach of branches of the U.S. government, including the Defense and Treasury departments, should be a wake-up call for organizations in times of change.
By Pradeep Khurana
February 5, 2021
The recent cyberattack on U.S. government agencies has raised attention to increased risks during transitional periods. The recent hack, rumored to be led by a Russian spy agency, is considered one of the most significant attacks on the U.S. government this decade. It is going to take months to understand the depth and breadth of the damage done. This is a very visible example of a cyberattack during a very high-profile election and transition between President-Elect Joe Biden and outgoing President Donald Trump.
We have helped numerous companies handle transitional periods and take security steps to minimize cyber risks during these sensitive times. In the corporate world, some of these transitional periods include mergers and acquisitions, carve-outs, senior leadership changes, and system migrations. Leadership changes are oftentimes highly visible to external parties. Cybercriminals can easily identify companies going through these very public transitions.
Transitions are very high risk for several reasons. During transitions, new staff joining an enterprise need to be granted system access. With higher numbers of new team members, there is increased risk. Also, during transitions, there are often layoffs and restructurings that can lead to the departure and/or loss of focus of the IT and security teams; permissions of departing employees are often not shut off. Corporate org charts and responsibility matrices may change, making it more difficult to confirm or process IT permissions. Lastly, transitions typically lead to additional work projects for the IT and security teams that may limit their ability to focus on external security threats.
In addition, during the work-from-home conditions of COVID-19 and the recession, transitions are even harder to manage. Many companies have budget pressures and teams are stressed with additional burdens.
We have identified several key steps that will help your enterprise limit its exposure to security risks:
- Heavily engage your chief information security officer (CISO). Including senior security members early in the process can preempt later problems by ensuring that security protocols are established early in the transition.
- Plan your data separation process carefully. During divestitures of business lines, data of the company being carved out is often commingled with other sensitive data. Sensitive data leakage is a high risk. A carefully planned and monitored data separation policy is critical.
- Communicate risks to staff. Communication is critical. By recognizing the increased cyber risk during key transition times, your leaders can get the message out to staff members to increase their vigilance. Take the time to remind them how to recognize (and avoid clicking on) phishing links.
- Educate and train your staff. It is crucial to provide training about individual security best practices. This is particularly true when a firm moves between major stack platforms (e.g., from Microsoft Office to Google Cloud or from on-premises to cloud applications).
- Perform security resets. Resetting passwords and other credentials for both infrastructure and end-user applications and devices can significantly defend against future security breaches.
- Conduct security audits. This takes more effort, but it may be helpful to review and refresh security protocols regularly, particularly during times of change.
- Update security patches. During your security audit, identify security patches that will bring your systems and processes up to current standards and remove any software with known vulnerabilities.
- Evaluate security practices of suppliers and partners. Suppliers and partners often represent the most attractive entry point for hackers. Understanding and enhancing their security practices can provide meaningful safeguards.
A Final Word
If for-profit and non-profit enterprises are aware of the increased risks during times of transition, they can more effectively resist and mitigate attacks. The recent cyberattack on the U.S. government serve as a reminder of the need to constantly improve your security.
About the Author
Pradeep Khurana is managing director of ContinuServe, a global outsourcing firm, which helps corporations and private equity firms with their IT, finance, and carve-out needs.