Facing Down Cybersecurity and Operational Challenges Caused By Coronavirus Crisis -- Security Today

Facing Down Cybersecurity and Operational Challenges Caused By Coronavirus Crisis

Businesses will have to tackle issues with supply chains and staffing in the coming months. Here’s how to make sure your organization can withstand the COVID-19 crisis.

By Tim Rawlins
Mar 23, 2020

With the current operational focus on keeping people healthy, business continuity management and operational resilience in the face of the disruption, many organizations are reviewing their capacity to manage their cybersecurity. This is a sensible precaution.

Managing to secure your organization’s activity throughout the next few months is going to be challenging. Resilience is difficult enough when you have a full complement of security staff and the full attention of the board.

With a potentially significant depletion in staff and senior executives whose attention may be understandably elsewhere, the necessary focus on cyber-related issues might be lacking. Unfortunately, just because we are busy elsewhere does not mean that the criminals and others have taken a break from their activity — there are plenty of COVID-19 phishing emails doing the rounds and the ransomware bots remain active no matter what.

So what can you do to ensure that your organization remains resilient and able to continue to deliver your business services?

You should first take stock of your current activities and focus on defending your key assets as best you can. Agile and dynamic organizations are going to be well-placed to come out of this situation in the best possible way, so instill that thinking in yourself and your stakeholders.

Areas to focus attention include:

Supply chains are a constant worry to most cybersecurity teams. It’s so very difficult to accurately assess the effectiveness of another organization’s security, which is why it is often left to third parties to make those risk assessments for you. However, with travel restrictions in place, some assessment bodies have suspended the requirement to have onsite security assessments. So look at your supply chain cybersecurity requirements and see if you can suspend the on-the-ground inspection requirements until the situation improves.

You could ask your suppliers what they might do to maintain their security in the meantime and encourage them to make incremental improvements in other areas to compensate - increasing logging, improving their patching, ensuring multi-factor authentication and enhancing their own Security Operations Centre's activities would all help. And do some scenario planning with them so that they understand what you expect of them in the short term to deal with the situation as it is today and if it gets much worse. This might be particularly key if you rely on multiple small businesses that are naturally less resilient and heavily dependent on key staff and processes. You might also need to look at paying your own invoices up front or at least on very short terms to help maintain liquidity for the small firms that might very quickly otherwise run into cash flow problems.

Recruitment of new staff may become a significant issue in the short term; this could put operational activity at risk if you are unable to provide the support, testing, advice and guidance to ensure the security considerations are managed appropriately. Some firms have suspended compulsory redundancies thereby reducing availability, while other people are hunkering down and not moving while the situation is uncertain. All of these mean that new team members you had hoped to recruit may not be available, so think about how you might make up the numbers you need with virtual, remote, part time and contract staff. As an example, we currently provide data protection officers, information security managers, chief information security officers, and board advisers to organizations around the world. As these activities can be done remotely they could provide continuity of activity until you are in a position to restart recruitment.

In-house security operations centers are going to be facing the challenges of staff absences. While you might be planning transference of operations to a secondary location within your organization or planning to move to a back-up site, as many of the banks in the U.K. have done, you need to test that you have both the capacity and capability to do so. And remember that a potential infection might invalidate your using a commercial back-up site so check the small print in your contract.

Continuation of corporate governance is something that many organizations would rather not think about but should absolutely review in light of the situation. Simple operational decisions like not allowing the Board to gather in person for their monthly meetings or restricting contact between operational sites might help ensure that the governance of the organization can survive the difficulties. Many executives will be designated as legally responsible, have banking authorization, corporate signatory powers etc. and be deputies for each other. But with travel restrictions and sickness absence do you have sufficient liquidity yourselves and will you be able to maintain and approve investments, sign off budgets and pay invoices? How will you cope if senior executives and officers, particularly those with legal responsibilities and financial obligations, are taken ill and are unable to fulfill those requirements?

Having authorized deputies and alternates might ensure that the organization is able to maintain operations despite the pressures faced. Gatherings such as shareholder meetings might also need to be organized in alternative ways while remaining legally quorate; something for your legal advisers and corporate governance experts to be thinking about sooner rather than later.

This difficult situation may last for several months and with the current spread of the virus in different countries it seems likely that the impact will affect local operations at different times. Wherever you are in your planning assumptions, having a trusted adviser with global reach and the experience to deliver security services at all levels, is well worth considering.

This post was originally published on NCC Group's blog.

i-PRO Certified as a 2025 Great Place to Work Around the World
11/20/2025
Allied Universal Named to Forbes List of America’s Best Companies
11/19/2025
Motorola Solutions Acquires Blue Eye
11/19/2025
SIA Names Jonathan Aguila as 2025 Insightful Practitioner Award Honoree
11/13/2025
Allied Universal Receives Top 50 Learning and Development Team Award
11/13/2025
PSA Network Joins the Foundation for Advancing Security Talent (FAST) as an Exclusive Member
11/12/2025
IPTECHVIEW Launches AI Orchestrator Cloud Video Management Platform
11/12/2025
barox Appoints Industry Veteran Reinhard Florin as Vice President of North America Sales
11/06/2025

Featured

From Surveillance to Intelligence

Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now
Cost: Reactive vs. Proactive Security

Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now
- Facility Security
Achieving Clear Audio

In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now
- Facility Security
Beyond Apps: Access Control for Today’s Residents

The modern resident lives in an app-saturated world. From banking to grocery delivery, fitness tracking to ridesharing, nearly every service demands another download. But when it comes to accessing the place you live, most people do not want to clutter their phone with yet another app, especially if its only purpose is to open a door. Read Now
- Access Control
Survey: 48 Percent of Worshippers Feel Less Safe Attending In-Person Services

Almost half (48%) of those who attend religious services say they feel less safe attending in-person due to rising acts of violence at places of worship. In fact, 39% report these safety concerns have led them to change how often they attend in-person services, according to new research from Verkada conducted online by The Harris Poll among 1,123 U.S. adults who attend a religious service or event at least once a month. Read Now
- Facility Security

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.
Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”
QCS7230 System-on-Chip (SoC)

The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.