CIOReview
| | SEPTEMBER 20218CIOReviewIN MY OPINIONBy Marc Ashworth, Chief Information Security Officer, First BankMarc Ashworth, Senior Vice President and Chief Information Security Officer at First Bank, is a respected professional with over 25 years of experience in cyber and physical security, IT/security architecture, business and departmental strategy, budgeting, project management, author and a public speaker. He is a board member of St. Louis Chapter of InfraGard, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy. Possessing security certifications in CISSP, CISM, CRISC, and Security+, Ashworth currently oversees First Bank's Information Security Department and the Network Services Department.The COVID-19 pandemic has brought many challenges to all sizes of organizations around the world. During this time many companies have moved to a remote work force overnight. For many employees it may become permanent. IT staff scrambled to ramp up capacity and support for remote workers. Management is needing to learn how to manage and support remote staff. Sales teams are adjusting to video calls versus face to face meetings. All of these changes have to be monitored by corporate security teams. This has not gone unnoticed by criminals and nation state cyber teams.The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have released alerts over the past 6 months warning organizations of dramatic increase in cyber-attacks and fraud. Some industries have seen a minimum of 400% increase in online attacks and over 300% increase in phishing emails. Many security teams are already understaffed and feeling the pressure of protecting corporate assets. The increased number of remote workers bring additional threats and risks that need to be managed by already stressed out security teams.The risks to the increased online attacks can be reduced by a good vulnerability management program and patch management program. Consider categorizing systems based off of risk levels where the system is internet exposed and DMZ systems are a tier 1 system. Tier 1 systems should be patched quickly NO `SILVER BULLET' ANSWER FOR CYBERSECURITY, BUT RISK MITIGATION IS POSSIBLE Marc Ashworthand configurations reviewed for misconfigurations. Service level agreements (SLAs) should be put in place for patching of these systems. Regular third party penetration tests should be done at a minimum annually if not more frequently. Consider an automated penetration test solution especially if there are frequent changes to the tier 1 systems or firewall configurations.A good patch management program along with the proper oversight of the program is critical to mitigating vulnerabilities. It is a time consuming process to patch all of the routers, firewalls, servers and PCs. Many companies probably do not have test systems to verify
< Page 7 | Page 9 >