A New Perspective On Cybersecurity And The ‘What-Ifs’
This is truly an unprecedented and surreal time in history. A global event impacting every person, every business, every government, every country. Our interconnected world has made this possible where we can all bask in the glory of success but now feel the negatives from situations on the other side of the world, like a ripple on a lake.
Very quickly many businesses put into action policies, procedures, processes and plans that most never would have expected to be actually used. From time to time small pieces of disruption happen in every business with technology but not every business at the same time. These last few months put everyone back on their heels and those that prepared are faring better than those that did not. Regardless of your preparation you still had to go forward with it… and figure out how to better plan for the future when this event passes.
At a high level here are the plans businesses and individuals had to put in action:
- Business Continuity Plans (BCP) and in some respect Disaster Recovery (DR) Plans
- Remote Workforce / Management
- Remote IT
- Workforce Disruptions and Reductions
- New Security Challenges
Many of the items in the BCP and DR plans cover events that are considered most ‘realized’. Short-lived, a few days maybe a week, weather events like a Blizzard, Tornado, Hurricane, and Floods. There will be incidents of IT failures, hard drive dying, backups failing, upgrades going sideways that cause hiccups where a plan to recover might need to be put in place. There are rare occasions a single company faces a catastrophic BCP/DR event. Generally speaking, we have all discussed all the ‘What-If’ scenarios, we wrote some down and had an idea of what would need to happen if they ever came to fruition. From the janitor bumping a fire sprinkler in the ceiling to a fire in the break room to aliens (maybe not). When the ‘What-Ifs’ We are playing the odds. The chances of one occurring were very small yet the impact of those events would be great.
Fast forward to today and every business (and household) is now in some major mode of disruption. Once we get through this, and we will, cybersecurity risk and threat analysis will look much different. The realizations and taking ‘What-If’ scenarios more seriously will be in front of everyone’s mind.
The current ‘Social Distancing’ is to protect the world’s health infrastructure from being overwhelmed at once. This is also a major test on what can be accomplished by pushing our interconnected world to the max. No longer are person-to-person interactions necessary to remain successful to keep a business moving forward. There are exceptions of course for manufacturing, shipping, etc… it’s the long-held mindset from managers that physical presence is required. We are now seeing that this is not necessarily true.
Telecommuting will be embraced going forward. Businesses should realize that their workforce can really be anywhere. Job seekers will be looking for that as a competitive edge for choosing their next position over another. All the while cybersecurity professionals will expand their protections outward to accommodate the rush of distributed systems that will be deployed to cloud services but also the distributed employees and users that could be anywhere outside the central networks.
Since this major event has taken place, the lessons learned, the improvements that will be made will make it easier for a business, state or federal government to issue it again.
This ‘What-If’ scenario was already realized once, you have to plan and assume that it will happen again. Every plan going forward will need to change to prepare for that.
Be aware, be safe.