It is well known that cybercriminals often take advantage of major global events and under current COVID19 pandemic conditions, the risk to digital assets is even greater. This is where cybersecurity operations centers (SOCs) come in and those defending the digital landscape are working harder than ever trying to contain and remediate the increased number of cyber threats.
The continuing economic fluctuations also lead to more instances of cybercrime, with a corresponding tightening of security budgets.
In the race between security specialists and threats, it is hard enough keeping up with advisories, warnings of potential problems, and new philosophies of safe IT, let alone mixing in the rapidly changing technological and economic implications of the connected environment.
Spending in many IT sectors might be slowing down, but security-related IT spending has been and should continue to be in focus and in line with the risk posture of an organization.
The upshot is that "security is no longer embedded within IT." "Security and risk professionals are faced with a rapidly changing technology landscape and business environment. To achieve success in the role today, they need to be open to new ideas and embrace change."
Following are some of the trends observed by Coforge
- Spurt in cyberattacks on personal computers since 'work from home' began
- Security breaches have increased by 11% since Jan 2020
- 34% of data breaches are involving internal actors due to remote working
- 10 fold increase in phishing levels
- 94% of malware is being delivered by email
- Most malicious domains, about 60%, are associated with COVID-19
- Organizations experiencing difficulties in remediating security incidents
Coforge is committed to helping customers in times like this. Coforge's advanced SOC services help level-up the security of customers. Coforge's services can help perform security remediation for emerging security threats or can enable 24x7 security monitoring of the critical infrastructure through advanced SOC platform - SIMP.
The increased use of the internet for remote business applications, online data sharing, and collaboration presents more opportunities for theft and data loss. We can carry much more data now, and people are storing customer information on mobile devices or throwing data onto a memory stick. How hard should it be to encrypt all data carrying devices?
Insider Threat/ Organized Crime/ High-Tech Crime
The insider threat from employees being ignorant about security has long been an issue for CSOs.
The novel coronavirus is challenging organizations on all fronts. CIO's are at the center of an organization's strategy to mitigate the risk and to keep the business running. As the threat of coronavirus continues to spread, businesses are sending employees home to work remotely, but with the social distancing comes a new threat – a cyber-related one.
Hackers appear to be targeting the most vulnerable i.e. the employees working remotely. As companies across the globe come to grips with this new normal, hackers are tweaking their attacks – sending phishing emails that claim to be about the coronavirus or purport to be from a trusted health agency – to leverage the fear of the global pandemic.
While the threat of insider-caused organizational harm is on the rise, most companies do not have a formal program to manage this risk. While there may be existing procedures in place to monitor corporate networks for intrusions and the collection of various logs for threat analysis, there are very few controls designed to monitor and respond effectively to insider behavior.
Coforge provided PAT services to help level up customer’s security and prepare their end-users.
Coforge's PAT services help improve remote employee security and awareness during the COVID-19 pandemic, in return improve the organization's security posture. Coforge's services under this program helps you to educate your staff and make considerations for the following:
- Phish your users: Fully automated simulated phishing attacks with verticalized & customized templates.
- Train your users: On-demand, interactive, engaging training with common traps, live hacking demos, and new scenario-based Danger Zone exercises.
- Live results: Centralized reporting to show stats and graphs for both training and phishing.
- O365 Security: Secure O365 to reduce phishing emails and content.
Security Monitoring, Compliance, and Regulations
Security monitoring, logging & reporting practices, and requirements transcend regulation & compliance regimes. They are the primary vehicle of assurance for management, auditors, and regulators that control objectives are being met—or, if not fully met, then progressively improved.
From Sarbanes-Oxley (SOX) to Gramm-Leach-Bliley (GLB), the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA), the PCI Data Security Standard (PCI DSS), Basel II compliances and the recent GDPR, the need for measurable assurance is built into most major regulations that are no longer just ‘good to have’ but ‘mandatory’ for business survival.
The shrinking levels of business demand and staff, force many organizations to move to a variable cost basis for services, through outsourcing. The market for managed security services is more mature than it used to be. With increasing levels of outsourcing, managing the security of outsourced operations is becoming a growing challenge in itself.
Coforge’s Cybersecurity Practice
At Coforge, cybersecurity practice considers cybersecurity trends and is engaged with the external organizations and forums to develop strategies to counter these threats to help our customers worldwide. The charter of the practice is to create solutions to strengthen the IT security of the organization and meet the specific requirements of its customers.
Logging, Monitoring, and Reporting
Coforge takes event logging seriously and uses a centralized solution to provide a record of events related to IT systems and processes. Coforge optimizes each recorded event to provide information such as what occurred when it occurred, and who or what caused it. Logs are both inputs and outputs of monitoring, providing the data record through which cyber intelligence and security operations teams can examine IT systems and processes. Logs monitoring enables us to look for state changes, exceptions, and other significant events.
Logs provide a record that forms the foundation of Coforge's effective monitoring services, which provides the fodder for customer confidence in outsourcing IT services to Coforge.
Reporting indicates the status of IT controls designed to meet compliance goals. For reporting of IT, security Coforge uses an intermeshed approach with both monitoring and logging.
Benefits of Logging, Monitoring, and Reporting
Logging, monitoring, and reporting processes provide baselines, test results, and even insight that help us shape IT and business management across the enterprise. Logging, monitoring, and reporting are the key elements of our IT governance that meet the needs of all enterprise stakeholders and provide the tools to resolve a broad range of IT problems thus delivering an exceptional customer experience.
They provide the data and diagnostic tools that allow managers to identify and respond to significant events and process exceptions in order to reduce business risk from IT.
- Coforge's integrated logging offers value beyond compliance that includes support of overall IT functions including performance management, change management, security management, and project planning.
- Coforge’s security monitoring services provide real-time views of IT control performance and support overall IT functions including performance management, change management, training, security management, and project planning.
- On-demand reporting is the currency of compliance for auditors. Coforge believes that without reliable, accurate, consistent, and verifiable reporting, there can be no compliance assurance. Coforge's comprehensive reporting systems also help IT managers to evaluate system and employee performance over time and provides input for balanced scorecards and other managerial mechanisms.
Conventionally, troubleshooting of IT operations and process failures were performed through log monitoring. Coforge's consistent log monitoring also provides an early warning system for system problems, revealing network instability and changes before they affect IT systems.
Key operational areas
Coforge's realize that traditional infrastructure management tools only focus on systems and infrastructure, not the applications and services that customers experience. This limited, bottom-up view makes it impossible to gain visibility into the status of business applications, or understand the business impact of outages and events.
Fully managed service levels and compliances mandate
IT service management teams at Coforge ensure the committed service levels are delivered to the customers or internal business.
Some of the improvements brought in this area include the following:
- Visibility into how applications and infrastructure impact business services and customer experience
- Centralized approach to problem resolution
- Effective communication with end users/customers about how service levels are managed
Fully managed application performance and business availability
Application support teams are responsible for the availability and performance of the applications and the resolution of problems.
Some of the improvements brought in this area include the following:
- Isolating application problems to the specific tier and application component
- Clear priorities on application availability and performance based on business requirements automated in the monitoring system
- Identifying and addressing negative trends before users are affected
- Reduction in cross-division constraints that prevent visibility between IT operations and performance teams
Benefits of Coforge threat management program
The threat management program at Coforge delivers real and immediate benefits as below:
- Increased customer confidence
- Reduced risk of compromise
- Early threat detection
- Lower remediation cost
- Increased investor confidence
- Protection of reputation
- More efficient decision-making