Joseph Assaf Turner
Managing Cybersecurity in Times of Crisis
It seems that only a few weeks ago we all had plans, we had our routine, and then – COVID-19 The rising uncertainty has stopped many long- and medium-term processes, some even short-term. It seems that many companies are busy with short-term operations and basic survival. But even at this high level of uncertainty, there are at least two known constants: 1. Cyberthreats are increasing even now Despite the global markets slowing down, cyberattacks only increase as the coronavirus crisis continues. Bad actors are exploiting the mass confusion and fear, the changes in corporate processes and of course – the massive move to teleworking. Attackers are individual hackers, hacker crime organizations and even state-sponsored hacker groups. 2. The business environment will never be the same as it was before the crisis. In addition to the millions laid off and companies that are not going to make it past this crisis, the market will keep going, in part at least, trending towards teleworking and subsequently outsourcing the IT and cybersecurity services (MSPs and MSSPs). The privilege of holding off on the move towards teleworking will no longer be affordable and this trend will only increase in volume as companies (mostly MSBs) are forced to become more efficient. In addition to preparing for the day after the crisis as everyone else in the company is doing, those in charge of cybersecurity are tasked with protecting the company from existing cyberthreats and preparing for new ones already. Companies that will align their cybersecurity to the changing business world will be more protected during the crisis and will have significant operational and security advantages in the time after the crisis. So how do you do both? How do you protect the network from existing cyberthreats and prepare for operation in the new business environment the day after the crisis? (with limited time, resources and manpower) Following are processes helping companies around the world to face current and new cyberthreats for now and the post-crisis environment: 1. Fundamental Cybersecurity Approach: with the move to teleworking, the network layout has effectively changed and with it, the cybersecurity approach should change accordingly. Cybersecurity planning should be topology- and technology-agnostic. In the wake of the crisis, the company may move its infrastructure (or part of it) to the cloud. Part of the workforce may start teleworking permanently and other basic changes may follow. Planning should include basic cybersecurity concepts such as network segmentation, logging and monitoring, data classification and leakage-prevention, strict user-privilege control etc. When the approach uses basic concepts that are topology- and technology-agnostic, switching from one technology to another, new geo-locations and other alignments to the new business environment can be done more quickly and easily. This is also true for communicating the company’s cybersecurity policy to its vendors and suppliers. 2. Employee Awareness: While the statement that “workers are the weakest link” is commonly stated throughout meetings, reports, and hearings, more and more companies today are adopting the ‘human firewall’ approach. This approach works on increasing employee awareness of cyberthreats and the ways to face them, ultimately turning employees to partners in the fight to reduce cyber-risk. This process is even more critical as employees telework and are far from the watching eyes of supervisors and peers at the office. 3. Host and Network-Based Defense: the realization the endpoints can repeatedly enter and leave the local area network or even emerge without help from the IT department (such is the case of an employee working from their home computer for instance) and access sensitive network points to the fact that protection should be available to offline endpoints as well as throughout the LAN. We can no longer rely solely on network elements isolate an endpoint in case of infection as not all endpoints as under the control and/or supervision of these network elements. Host-based agents should be deployed on all endpoints to better protect network resources and sensitive information. 4. Creative Solutions: Not all mitigation solutions require significant budgets and procurement. When working against the company threat landscape, we can create internal processes to mitigate cyber-risk with similar effectiveness and much lower spending. This approach is crucial to cybersecurity, especially in times of great uncertainty and scarce resources. 5. Management Involvement: Especially today, when companies are struggling to survive, lack of coordination between business and cybersecurity programs is unacceptable. Furthermore, management will be making some difficult and unprecedented decisions that cybersecurity will have to enable. CEOs and CISOs will have to work more closely to create this kind of cooperation.