Cyber resilience during (and after) COVID-19
Cyber resilience is the ability to continuously deliver results, despite disruptions to the flow of digital information. Think of it as digital fitness —the ability to absorb punches and get back on your feet, no matter what threatens. Every day, cyber resilience is challenged, and not just by cyber criminals and security threats. COVID-19 represents a “perfect storm” of increased cyber security risks, but also increased legal and regulatory risk as well.
COVID-19 has driven the world even more deeply online. The virus forced the various hubs of our life – offices, schools, restaurants, shops, churches, parks, etc. – to close. People were forced to reboot these systems online via a massive shift to platforms for entertainment, shopping, business and education. These digital tools have already proven indispensable in the face of massive systemic failure and disruption.
However, fast-tracked digital transformations must be designed to manage the current situation, and also to prepare for a changed world.
Unfortunately, hackers and cyber criminals thrive during times of disruption. Governments and regulatory bodies will look to enforce existing regulations, and create new ones, as organisations become more digital. In addition, the current crisis will have legal ramifications as organisations and individuals deal with the consequences of such a huge, global change.
As organisations embrace digital tools, remote work and new models for communication and collaboration, they must also prepare for new threats to their cyber resilience.
- Increased security threats
The mass experiment in work-from-home creates new risks. Home networks and working environments are often less secure than enterprise networks. In addition, rather than slow their activity, cyber criminals are instead escalating, even attacking critical infrastructure and services like healthcare organisations and supply chains.
Criminals are launching new domains referencing COVID-19 every day. Phishing campaigns using pandemic buzz words or imitating legitimate COVID-19 organisations are increasing. Organisations need to be aware of new threats, and employees need help to recognise and avoid trouble, but the danger isn’t just external.
Privileged insiders with credentialed accounts and access to sensitive information are a potential risk vector for the modern business. Insiders can intentionally or inadvertently leak sensitive intellectual property, employee information, private customer data, sensitive financial records, engineering plans, etc. that could deal a damaging blow to organisations.
- Increased potential for fraud & violations
Systemic disruption and the rush to adapt to new business imperatives, like remote work, create increased risks for fraud, insider trading, misconduct and regulatory violations. Regulators looking to enforce protections from GDPR, CCPA and other laws will be scrutinising the actions and processes of businesses for the next several years.
- Expected rise in lawsuits
COVID-19 has already brought a wave of litigation. As of May 1, the Washington Post was tracking almost 800 active lawsuits. Organisations need to be prepared to deal with an increased pace of litigation from customer & employee complaints, termination or furlough related issues, and privacy concerns.
As previously noted, cyber resilience is an organisation’s ability to avoid business disruption, limit malicious activity, and recover quickly from any of these issues. While no one can eliminate risk, we can work to control it and ensure systems can tolerate and rebound from any disruption.
The goal of flattening the curve with COVID-19 was not to eliminate all cases, but to limit the number of infections to a level that did not overwhelm healthcare systems. Organisations’ strategies for cyber resilience should be similar – limit risks and ensure the system can handle any outbreaks. The key elements to flattening the cyber risk curve are:
- The ability to conduct continuous monitoring and investigations
Uninterrupted monitoring of each individual endpoint for indicators of threat behaviour or suspicious activity can alert security teams or manages services providers (MSPs) of a security issue quickly. Once detected, organisations need the ability to thoroughly investigate, without causing business disruption, and the ability to take action immediately to remediate active threats.
- Tools to facilitate legal and regulatory response and compliance
For any large enterprise, legal issues are more a matter of if than when. Regulatory compliance is also an ongoing fact of life. Organisations need tools to ensure they can locate, collect, store, process and preserve information in a defensible manner. Rushing launches of contact tracking apps opens up potential suits and unintended consequences for GDPR.
- A willingness to ask for help
Finally, organisations also need to be willing to ask for help. Managed services options for cyber security support – from assessment, monitoring, training, incident response, and forensic investigations – are widely used as a force multiplier for cyber security teams. For regulatory and compliance teams taxed with an increased burden, managed services offers a way to increase efficiency and reduce risks and costs. Managed services are especially important for the SMB market, that simply can’t support full-time security, legal and compliance teams to manage these issues.
COVID-19 Changed the world, but digital tools enabled organisations and people to stay connected, productive, and functioning as we faced an unprecedented disaster. Life with, and after COVID, will be even more digitally native. The need for comprehensive strategies to ensure cyber resilience will be even more acute.
Author: Anthony Di Bello, VP of strategic development at OpenText