With organizations adopting digital and remote working, triggered by the Pandemic, Cybersecurity has become one of the existential threats of our time. Remote working has enabled extensive use of new types of connected devices and compute platforms, from Cloud to IoT, which have exploded the cyber-attack surface. And more tools collecting more data doesn’t equate to actionable insight for the Technology Leaders, CIOs, CISOs, and the Leadership. The old way of simply scanning on-premises IT devices for vulnerabilities is no longer enough. It’s time for a new approach.
INFOCOM, India’s top business, technology and leadership conference from the house of ABP Media Group joined hands with Tenable, one of the innovative leaders in Cyber Risk solutions with specialty in Risk-based Vulnerability Management and CyberArk, a leader in Identity Security and Access Management solutions to host a special CIO CONNECT interactive discussion on the Next Frontiers of Cyber Risk. Technology Leaders from Bangladesh comprising CIOs and CISOs came together for a Virtual Roundtable Discussion on the Theme: “Cyber Risk - Lessons Learnt from Remote Working”.The objective of the interactive session was to delve deeper into Cyber Risk enhanced by remote working and to enable us with the visibility and insight on the way forward.
The Question
The Pandemic triggered digital and remote working making Cyber Security one of the top priorities for organizations. In this context, tell us briefly how your organization managed the transition to remote working during the pandemic? How did you manage employees logging into the corporate network or accessing critical resources and remain protected from cyber-attacks?
Tell us about some of the unique security best practices that you have implemented to protect your organization against cyber-attacks?
Perspectives from CIOs/CISOs/Technology Leaders from Bangladesh:
Mohammad Abu Nader Al Mokaddes, General Manager – IT, Berger Paints Bangladesh Ltd.
During the pandemic, we prioritized for smooth & instant official communication tool by ensuring Microsoft Teams for all users. Secondly, we tried to ensure VPN login for business continuation from home. For ensuring remote work for new VPN users, we automated VPN login by scripting at windows logon so that users are not required to know the manual process of connection. Though our remote users used their home Wi-Fi, they were well-protected by our Firewall and Intrusion Protection System since they were accessing all network activities through our VPN. Further, for securing Microsoft 365 application including Teams, we implemented MFA so that unrecognized devices or users cannot access into our critical resources from remote. In addition to that we used SCCM to keep up to date all the terminals connected to our network.
To protect from cyber-attack, we enabled anti-phishing options in Microsoft security center so that any attack as phishing or SPAM cannot enter into our network through e-mails. Besides, we disabled direct communication with external domain through Teams as it was another source of phishing attack during the pandemic. Since our users used home internet for browsing different web application or other sites, we enabled Microsoft ATP (Advanced Threat Protection) along with Microsoft Defender Anti-virus as special filtering and protection for endpoints. Besides, SIEM tool helped us in monitoring user’s behaviours and suspicious network activities from home to protect all user’s devices as well as organization network or critical resources. During that time, another major challenge was to make users aware about new cyber-attacks. As a part of the awareness session, we organized E-learning tools with exam and rewards option so that users are well-versed about all new cyber-threats and their responsibilities for protection.
BM Zahid Ul Haque, Senior Vice President and Head of Information Security, BRAC Bank Ltd.
Being a digital-focused bank, we had some sort of preparedness for remote work with limited scope. It was for some specific roles and specific resources with defined security controls. But when the pandemic triggered, the scale and scope got increased by multiple times. The transition was challenging to meet. Though we ensured all are connecting via secured VPN through organization-provided laptops with security controls only, having MFA, jump host, privilege session management, etc.; user train up and security awareness (e.g. properly securing home Wi-Fi, laptop sharing, etc.) was still a major challenge. Time was the additional crucial thing to manage.
With other security controls for access, we ensured all are going through Multi-Factor Authentication and Privilege access management. Users had to access through jump host with limited/specific privilege.
Remote work during the pandemic came up with unique cyber challenges, because home network/remote work environments don’t usually have the same security controls as in the office network. When users work in the office, they work behind layers of security controls. But, when people work remotely then additional security controls become essential. We had to ensure all are connecting through bank-provided secure VPN, using only bank-provided security-hardened laptops, with multi factors authentications, through secure jump host, following security monitoring, and automatic response.
Md. Tamim Wahid Al-Helal, Head - IT, BSRM Group
Due to COVID-19, Bangladesh went under complete lockdown from 26th March 2020, which was only announced a day before. However, as a proactive measure at our organization, we had already been providing VPN solutions to all our remote users since long back. We simply increased the capacity of our VPN and email server, anticipating a larger than before traffic, which allowed our users to start working from home from day one. In addition, we evaluated several video conference solutions and selected one that suited our requirements, which helped us organize our team work between different verticals. We took several initiatives to keep our VPN solution secured, connecting our users to the corporate network safely while working from home. As security and stability for business was more important than anything else, we avoided any and all radical approaches, and decided to stick with existing solutions.
To deal with increased security needs during the pandemic, we undertook several projects. To name a few, we implemented 2FA Authentication for our VPN Users, upgraded our MTA and Email filter appliance to a modern and secured one, increased monitoring of critical assets, changed our Endpoint Protection to meet the ever-growing demand of user security, enforced strong password policy for all services and provided trainings to end users about cyber security via online video conferences. We also took initiatives to upgrade our network infrastructure with enterprise level security products and solutions which will help us run all business operations smoothly. We’ve also appointed a security partner to continuously assess our internal and external assets to check for vulnerabilities, reduce the attack surface and conduct trainings for our IT team to educate them about best practices in the field of cyber security and ways to implement them.
ASM Khairuzzaman, Deputy Managing Director& COO, Central Counterparty Bangladesh Ltd (CCBL)
Presently I am working in a Greenfield Techno-Finance company under the Capital Market environment. We are currently working with three Consultant companies since Jan 2021. Normally we worked through online meetings among Consultants, Board Members & Stakeholders. For uninterrupted support we managed License Produce. Also, as we are in a position to establish structured, secured, and integrated ICT infrastructure; for which we are developing a governance structure and an infrastructure establishment process document considering all aspects of security too. Also, for manage office and enterprise level activities we are use Microsoft Office 360 Licensed Solution with all components.
We are working towards designing a “Data Centre Firewall and Security Design” with the following goals:
- Design a secured network
- Selection of a proper network security system which complieswith CIA
- Assurance of operational performance
The scope will cover:
- Requirement analysis
- Core, perimeter & server farm network security design with firewall
- DMZ network security design with Firewall / IPS etc.
- Proper Log management systems and Security information and event management (SIEM) consideration
- Network Logging and reporting
- Deep packet inspection
- Traffic policing
- Zero-day attack mitigation
- Vulnerability assessment capability
- AI based threat mitigation
- Optimizing security by sharing contextual data between security component among datacenters
Saiful Islam, SAVP& Head, IT Security & Compliance Department, Dhaka Bank Ltd.
During the pandemic situation, our organization was not fully prepared in the initial stage for this unknown crisis knocking on the door. As per government and central Bank’s order, management had taken the quick decision of Work from Home (WFH) wherein 50 % of the total employees of the organization were allowed in the office on roster basis dividing employees by group A and B for better safety and security. For ensuring remote facility arrangement, VPN technology played a vital role, although the organization had been using VPN technology facility for IT staffs only, but the number of licenses had to be increased during that time for ensuing all employees’ had remote access facility. Staff members had also been using personal and official devices for working remotely as well as e-mail, virtual conference facility and some online solutions had been enhanced for providing customers remote facility. As a result, the probability of cyber-attack space has expanded to home and remote areas. In this situation, IT & IT security experts had given more efforts in security monitoring and finding out suspected behaviour to mitigate cyber threats and risk as a proactive approach. Actually, cyber security is an endless journey but we always need to micro focus on it to mitigate cyber threats.
To minimize the risk of cyber incident and computer related fraud during the pandemic, our organization had taken various best practices within the industry such as Cyber Security user Awareness, a human tool for best preventive technique; Continuously monitoring End User Device Security; Increasing continuous Monitoring Security tools like IPS/IDS, EDR, SIEM, FIM, Terminal Server for Security Threats analysis through SOC’S expertise; Vulnerability assessment for identifying security weakness and it’s remediation on a regular basis; Privilege Access Management & Identity Management for secured authentication and Identification; Monitoring suspicious e-mail through the e-mail security gateway as well as Advance Threat Analysis (ATP) on e-mail systems for protecting phishing attacks. We are continuously doing cyber security assessment of insider and/or external sites and focusing on risk identification as well as mitigation accordingly.
Husna Zaman Al Hadi, General Manager and Head - IT, Edison Group
Many organizations struggled to thrive when COVID-19 pandemic hit the world back in early 2020 which forced employees to do home office. Remote working is now a new norm and business transformation with it. To keep the business running in a pandemic situation, here at EDISON Group, we have facilitated secure VPN technology through firewall for all employees. Using the VPN facility employees accessed internal network and resources remotely. We secured all endpoints with EDR solution so that even while workforces are working from home; their workstations stay secured. Applications and infrastructure are very much connected now-a-days. It’s important to view the whole picture and plan security accordingly. My suggestion is to use secure VPN facility with Managed Detection & Response (MDR) & Cloud-based Firewall to facilitate employees to work remotely.
While everyone is busy fighting against the pandemic, there is another unseen threat rising in the digital world; the cyberattacks. Hackers are continuously launching new attacks using innovative methods and organizations are experiencing difficulty in handling them. As financial applications data is the prime target, here at EDISON Group, we have taken series of actions to make it secure. Enhancing password policy is a good first step as employees are working remotely. We ensure use of complex password & regular change of it. Employees are the first line of defense. We make them aware of how to keep themselves safe against cyber-risk which has proved to be beneficial for us. Investing on infrastructure security visualization, applications & Email security tools helps us to minimize the risk. Implementing port-based security on firewall & separating reporting panel from internet facing applications has helped us to secure business critical data from data leakage.
Wahid Sadat Chowdhury, CIO, Energypac Power Generation Ltd. (EPGL)
During the pandemic, at Energypac, we ensured secure private VPN for remote access. As our entire landscape is hosted in Microsoft Azure, we made site to site tunneling between cloud infra and on prem- corporate network. Users were also protected with Kaspersky end point security. Our in-house network security team was vigilant all through the transition phase until the users got fully accustomed to the new normal.
With respect to cyber security measures, we have firewall for network security protection and are also using Barracuda email security system. To prevent phishing attack, we rigorously train our users to manage self-security by controlling their internet and email interactions.