Just like Hollywood movies, in few days, the world has completely changed from a connected network to a distanced entity (at least in personal space terms). Most of the world’s population is in self-quarantine. Organizations and individuals are being forced to adapt rapidly and embrace new practices such as online services and remote working.
This huge dependency on the internet and online services around the world, has created vulnerabilities and more opportunities for cyber criminals. In this digital era, the world is facing as much of a threat from cybercriminals as it is facing physical danger from the pandemic.
Increased security risk from remote working/learning
With many employees working from home and students learning virtually, Internet and virtual private network (VPN) servers have now become a lifeline to companies/schools, and their security and availability will be a major focus going forward. To try to achieve this, there is a possibility that an organization’s unpreparedness will lead to security misconfiguration in VPNs thereby exposing sensitive information on the internet and exposing unpatched services to the internet.
In addition to this, the dependency on BYOD (Bring Your Own Device) to perform business work could also pose a great amount of risk to organizations. Organizations should ensure VPN services are safe and reliable as there promises to be a lot more scrutiny against these services. Furthermore, employees should be advised against using personal computers for official purposes
Questions to be asked:
Poor cyber-attack detection and response
Many organizations have not implemented a functions of security monitoring, detection and response and rely this job to IT team or they have these functions but with no high skilled resources to deal with hard situation which making detection of malicious activities difficult and responding to these activities even more complicated. Updating patches on systems may also be a challenge if security teams are not operational. Organizations should evaluate the security defenses in place and explore the use of co-sourcing with external consultants especially for areas where key man risks have been identified.
Questions to be asked:
Business Continuity Plans (BCP) to feature global pandemics
Many organizations have business continuity plans, but it is obvious the impact of a global crises like COVID-19 was not considered in many BCPs. With the widespread impact of the COVID-19, organizations need to re-visit their Business continuity program and incident response plans specially to feature such pandemics that affect many countries and critical elements of supply chains at the same time. A revised risk assessment should be conducted on critical processes to identify the various options in ensuring these processes can still be maintained at an acceptable level and an effective fail over is achievable.
Questions to be asked:
Finally, The COVID-19 pandemic has caused a huge tenseness on the global economy with some experts predicting the aftereffects of the pandemic. Organizations Post COVID-19 pandemic strategy might include downsizing by cutting off business lines considered as non-critical which may include cyber security operations. This short-term plan might however increase the impacts on the pandemic in the long haul as this will further increase the impact of attacks on the organization.
Organizations are advised to update at their BCPs and remote working policies/practices whilst prioritizing cyber security.