cybersecurity map

Facing Down Cybersecurity and Operational Challenges Caused By Coronavirus Crisis

Businesses will have to tackle issues with supply chains and staffing in the coming months. Here’s how to make sure your organization can withstand the COVID-19 crisis.

With the current operational focus on keeping people healthy, business continuity management and operational resilience in the face of the disruption, many organizations are reviewing their capacity to manage their cybersecurity. This is a sensible precaution.

Managing to secure your organization’s activity throughout the next few months is going to be challenging. Resilience is difficult enough when you have a full complement of security staff and the full attention of the board.

With a potentially significant depletion in staff and senior executives whose attention may be understandably elsewhere, the necessary focus on cyber-related issues might be lacking. Unfortunately, just because we are busy elsewhere does not mean that the criminals and others have taken a break from their activity — there are plenty of COVID-19 phishing emails doing the rounds and the ransomware bots remain active no matter what.

So what can you do to ensure that your organization remains resilient and able to continue to deliver your business services?

You should first take stock of your current activities and focus on defending your key assets as best you can. Agile and dynamic organizations are going to be well-placed to come out of this situation in the best possible way, so instill that thinking in yourself and your stakeholders.

Areas to focus attention include:

Supply chains are a constant worry to most cybersecurity teams. It’s so very difficult to accurately assess the effectiveness of another organization’s security, which is why it is often left to third parties to make those risk assessments for you. However, with travel restrictions in place, some assessment bodies have suspended the requirement to have onsite security assessments. So look at your supply chain cybersecurity requirements and see if you can suspend the on-the-ground inspection requirements until the situation improves.

You could ask your suppliers what they might do to maintain their security in the meantime and encourage them to make incremental improvements in other areas to compensate - increasing logging, improving their patching, ensuring multi-factor authentication and enhancing their own Security Operations Centre's activities would all help. And do some scenario planning with them so that they understand what you expect of them in the short term to deal with the situation as it is today and if it gets much worse. This might be particularly key if you rely on multiple small businesses that are naturally less resilient and heavily dependent on key staff and processes. You might also need to look at paying your own invoices up front or at least on very short terms to help maintain liquidity for the small firms that might very quickly otherwise run into cash flow problems.

Recruitment of new staff may become a significant issue in the short term; this could put operational activity at risk if you are unable to provide the support, testing, advice and guidance to ensure the security considerations are managed appropriately. Some firms have suspended compulsory redundancies thereby reducing availability, while other people are hunkering down and not moving while the situation is uncertain. All of these mean that new team members you had hoped to recruit may not be available, so think about how you might make up the numbers you need with virtual, remote, part time and contract staff. As an example, we currently provide data protection officers, information security managers, chief information security officers, and board advisers to organizations around the world. As these activities can be done remotely they could provide continuity of activity until you are in a position to restart recruitment.

In-house security operations centers are going to be facing the challenges of staff absences. While you might be planning transference of operations to a secondary location within your organization or planning to move to a back-up site, as many of the banks in the U.K. have done, you need to test that you have both the capacity and capability to do so. And remember that a potential infection might invalidate your using a commercial back-up site so check the small print in your contract. 

Continuation of corporate governance is something that many organizations would rather not think about but should absolutely review in light of the situation. Simple operational decisions like not allowing the Board to gather in person for their monthly meetings or restricting contact between operational sites might help ensure that the governance of the organization can survive the difficulties. Many executives will be designated as legally responsible, have banking authorization, corporate signatory powers etc. and be deputies for each other. But with travel restrictions and sickness absence do you have sufficient liquidity yourselves and will you be able to maintain and approve investments, sign off budgets and pay invoices? How will you cope if senior executives and officers, particularly those with legal responsibilities and financial obligations, are taken ill and are unable to fulfill those requirements?

Having authorized deputies and alternates might ensure that the organization is able to maintain operations despite the pressures faced. Gatherings such as shareholder meetings might also need to be organized in alternative ways while remaining legally quorate; something for your legal advisers and corporate governance experts to be thinking about sooner rather than later.

This difficult situation may last for several months and with the current spread of the virus in different countries it seems likely that the impact will affect local operations at different times. Wherever you are in your planning assumptions, having a trusted adviser with global reach and the experience to deliver security services at all levels, is well worth considering.

This post was originally published on NCC Group's blog

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • The Power of a Layered Approach to Safety

    In a perfect world, every school would have an unlimited budget to help secure their schools. In reality, schools must prioritize what budget they have while navigating the complexities surrounding school security and lockdown. Read Now

  • How a Security System Can Enhance Arena Safety and the Fan Experience

    Ensuring guests have both a memorable experience and a safe one is no small feat for your physical security team. Stadiums, ballparks, arenas, and other large event venues are increasingly leveraging new technologies to transform the fan experience and maintain a high level of security. The goal is to preserve the integrity and excitement of the event while enhancing security and remaining “behind the scenes.” Read Now

  • Protecting Data is Critical

    To say that the Internet of Things (IoT) has become a part of everyday life would be a dramatic understatement. At this point, you would be hard-pressed to find an electronic device that is not connected to the internet. Read Now

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3