Enterprise Bulletin Q1 2020

Perfect Environment for Security & Operational Risk

Prior to the Coronavirus (COVID-19) pandemic of 2020, the concept of business continuance/ disaster recovery was an academic consideration for many people, organizations and even nations for that matter. For many in the Information Technology field, the typical disaster scenario was not more than a technology or process failure. We know the hallmarks of these disasters typically resulted in a single or multiple system failing and creating business impact and unavailability of technology systems. Often times the continuance strategies intersected within formation / cyber security policies to work hand in hand as the costliest failures of technology or process were related to security considerations.

Coronavirus has within a couple of weeks expanded the requirement for IT to be not only an active partner during business continuance and disaster management scenarios but to in fact be a leader. Like the medical, law enforcement and food supply chain sectors – information technology is an essential service and industry. Consider the weeks leading up to March 26, 2020 when most of the world’s knowledge workers went from being office-based workers to remote workers within the span of ninety hours.

This mass migration of knowledge workers will create an array of significant risks from multiple dimensions including, but not limited to, technical security risks in the form of malicious computer code (i.e. malware, virus, etc.), social engineering attacks for workers at home and now not shielded by standard corporate security, data integrity concerns, network penetration, IT applications / systems capacity and usability / performance of these systems delivered across a patchwork of telecommunication providers and mediums.

Compounding the uncertainty effect for these organization is the business situation which is rebalancing business activity and fortune overnight from one industry to the next (consider the migration of discretionary funds from travel/hospitality to online retail and entertainment in March alone). The following sections outline recent observations and occurrences in the Coronavirus business landscape.

Run, Protect & Fix the House – At the Same Time!

Without a doubt, the Coronavirus pandemic will increase the prevalence of incidents and crimes in cyber security, especially those targeted at large enterprise. Additionally, the migration of knowledge workers from office locations to home with systems will increase the surface area of potential information security attacks with corporate endpoints, as many of these workers will resort to using personal devices to accomplish corporate work items which introduces an even more serious opening that can be hard, if not impossible, to fully monitor and manage. The need for systematic and standardized hardening of these IT systems, also known as patching or patch management will be paramount to contend with current and future threats that will be the specific conditions ushered in by the Coronavirus.

“Their focus might not be on the proactive patching and maintenance of the networks as well . . .”

– Debbie Gordon, Cloud Range Cyber LLC (regarding IT /Information Security Teams during the Coronavirus pandemic)

Specific focus should be on systems hosting / supporting mission critical business applications, and critical network systems infrastructure (especially those that are single points of failure for the enterprise).

Another prevalent occurrence is the rapid relaxation of corporate security policies mandating specific work locations. These policies had been put in place to limit locations where people can access critical systems, therefore enabling greater site level security control. This is quite common for offshore work locations, where clients mandate that consultant workers execute functions from corporate office locations with high levels of physical and logical security. To accommodate the work from home migration required by the Coronavirus outbreak, many of these policies were relaxed or temporarily suspended to account for the new reality.

“Cyber criminals are taking advantage of the increasing amount of time that people spend online due to new measures taken by member states to stop the spread of the virus–while they also benefit from the health crisis itself.”

– Debbie Gordon, Cloud Range Cyber LLC (regarding IT /Information Security Teams during the Coronavirus pandemic)

Information security team would be well advised to update these policies to now account for sustained remote work scenarios for critical roles.

The IT Command Center–Essential Service

Per recent guidance from the Department of Homeland Security as it pertains to Information Technology essential services during a crisis, the concept of the Command Center /Network Operations Center was first on the list. During a crisis, the command center should be a capable partner as organizations contend with the rapid change and risk that Coronavirus is introducing. Digital networked systems have been one of the strongest weapons in this pandemic, allowing much of global commerce, government activities, health care services and general business operations to continue despite abandonment of the physical domain except for the home space. The IT command center is the lifeline for these knowledge workers providing 24/7 observation of key systems leveraging both technology, people and processes that were designed to be fail safe during crisis mode.

The command center can also be a key capability to deal with the rebalance of IT computing that Coronavirus has introduced. With skyrocketing capacity of remote users, reliance on collaboration software, additional volume and strain on existing networks, and the even more deliberate need to have well performing business applications – the role of the command center to act as the central nervous system for technology assets will be invaluable for every stakeholder and their customers.

Specific focus for enterprise clients is to ensure that the command center is unfettered in its mission as a central point of contact and consolidation for IT systems related issues. Adding additional telemetric views, responsibilities and processes to the command center that require regular execution and validation is a possibility for most organizations. Other areas of value to be driven from a 24/7 command center can include communication plan execution and escalations (internal and external to IT). The techniques of most command centers are steeped in best practice regiments typically from reputable frameworks including ITIL and ISO. The standardization that can be driven from these frameworks during business crisis can be the difference between minor incident versus financial and systems catastrophe.