On 21 October 2020, Jelena Zelenovic, Senior Unit Head Op. Risk at EIB, shared her knowledge about Cybersecurity and risk mitigation during and after COVID-19, during a conference jointly organised by ABBL and EIB. Here are the key take-aways and best-practices.
COVID-19: key take-aways
- As of 2nd Quarter 2020, financial Institutions were the second most targeted industry, with 18% of cyber-attacks.
- Cyber threats multiplied and diversified in nature, with increasing phishing traps and malicious websites, particularly COVID-19 dedicated websites.
- COVID-19 forced Chief Information Security Officers (CISO) to chase innovation and accelerate their actions: catching up with ad-hoc risk assessments, looking for new tools and better ways to communicate virtually, sharing information with peers from other organisations and even looking for cyber-insurance.
3 steps to design cybersecurity risk mitigation
- Be on the lookout: exchange with your peers and review risk factors within your organisation, with effective security technologies such as endpoint detection and remote browsing.
- Develop adequate countermeasures for identified risks within your organisation
- Train your staff: they are the first line of defence and should be trained and aware of cybersecurity. Cybersecurity awareness takes time, as it is hard for users to change their habits and act in a more secure manner.
Strategies to defend against an Advanced Persistent Threat (ATP)
Basic information security hygiene is the prerequisite for preventing any cybersecurity attack including the most sophisticated like APT. APTs are all designed with one objective: undetected access to sensitive information. Best practices to keep in mind:
- Application whitelisting
- Patch applications (web browsers, PDF viewers, Flash…)
- Restricting administrative privileges to operating systems and applications
- Patch operating system vulnerabilities
This event took place in the context of the Cybersecurity week in Luxembourg, organised in the frame of the European Cybersecurity Month (ECSM).