We Are Entering A Precarious Cybersecurity Situation
The current state of world affairs is impossible to ignore. Perception is now reality and actions are being put into motion that are sending ripples throughout the business world. Good or bad events are being canceled, people are being isolated and businesses are beginning to operate in limited operational capacities.
Unfortunately, this is going to put an extra strain on your cybersecurity programs and protections. Your business can cut make on production, have employees work remotely, reduce your operational hours, cancel events and all the other actions to protect yourself and others.
However, the sharks will be circling. Those sharks are the same external (and internal) threats you fight back every day but just because you and those around you are taking physical pre-cautions doesn’t mean those that want to infiltrate you are doing the same. In fact, the exact opposite will happen, they will boost their efforts because the predators know their prey is weaker and less aware.
The security posture of yourself, your employees, your organization and the data you process and store needs to maintain the security protections they provide and be resilient enough to weather any storms. Right now, on the horizon, is a perfect storm that security practitioners and program owners have been thinking about but now need to act upon.
Disruption causes downstream choices that will make poor security decisions –
- Patching – With employees being remote or isolated that is outside your business’ normal operational model, this causes disruption to the business’ processes. Your routines are thrown off if you are not prepared or practice operating in more flexible manners. This means that keeping up to date on your patches and updates to your software, systems, infrastructure has a risk of being delayed or missed altogether. If you want an example of how fast a published vulnerability can be exploited see Equifax.
- Scanning – Like new patches, staying on top of your scanning activities could fall to the side. If your scanning is automatic those results still need to be reviewed and remediated accordingly.
- Remote Protections – If your employees are not normally in a Work At Home model a thrust into that could introduce significant risks you haven’t planned for. Endpoint protection on the devices, email access from remote points, VPN infrastructure, data access, and loss preventing. A breach is a breach, the powers that be won’t care why it happened.
- Staff Reductions – In some cases, businesses will need to make very difficult decisions if the current situations carry on for a long duration. Those decisions may be staff reductions. Even though when you look at the books, security folks can be justified from a numbers perspective. Each reduction in those areas will increase your risk, and that risk will increase over time, with reduced staff. Attackers will eventually get through and there won’t be anything anyone can do about it or detect that it even happened until it’s too late.
- Compliance – Compliance with policies and procedures will need to be closely monitored through disruptions you may experience. Just because you are scrambling to keep the lights on you can’t forget that security integrity is vital no matter what in those situations. In the state of large disruptions, a breach or loss of data will close your doors for good.
What can you do to prepare for possible disruptions you may experience directly or indirectly?
- Business Continuity/Disaster Recovery Plans – BCP/DR plans are policies most companies have sketched out but never have to put in place. One of the misunderstandings with these plans is they are generally designed for ‘the world is burning’ type of events and IT focused. Earthquakes, large fires, floods and other major events (mostly natural) that take your business offline completely. The current events should begin to open your eyes that your IT infrastructure can be intact, unaffected, but you can experience a business level event that is a major disruption. How do you continue the business, how do you deal with large amounts of employees unable to work for weeks at a time. The time is now to figure that out, get it written, practice it and be ready to put it in action.
- Automate – The key to successful cybersecurity, no matter the current events is automate everywhere you can and as often as you can. Remove the ‘hands on the keyboard’ tasks and move to an alert based system of result consumptions when it comes to your security activities. If it can be scripted, script it. Make it so anyone with technical skill can run it. Make it so non-IT people can do it. Here’s an example, HR should be able to fully provision and de-provision new employees including all account creations and entitlement grants. Why does IT need to do that? Enable HR and you reduce dependency on one department.
- Communications – This is applicable to your whole organization and personal life. Have a strong, robust, centralized communication platform. Don’t let dark corners exist in your organization. Central, collaborative communication is vital to make sure everyone stays connected no matter where they are but also allows you to get vital information out in a central, archived manner.
Those that conduct malicious activities are salivating right now. Phishing campaigns will explode, ransomware will increase, attacks will increase and all of it will go after the FUD of the current events. When people are fearful, uncertain, doubtful and overall scared decisions are made on emotion rather than logic.
These are the situations you have studied and trained yourself for years. One situation is here. It’s unique, it’s global, it will impact everyone at some level but your security cannot be put aside because the attackers will not show mercy.
Be aware, be safe.