Chip Wolford
Nick PuetzAs part of our ongoing Enterprise Resilience Webinar Series, our recent webinar Minimize Threats, Modify Security and Optimize Safety is now available for on demand viewing.
During this session, our five panelists spent an hour reviewing how organizations dealing with the impact of the COVID-19 crisis can address cybersecurity threats to their remote workforces, how to grapple with technology, capacity and policy challenges and what the potential lasting impacts of this pandemic may be on corporate security programs.
Here are just some of the highlights:
Immediate Impact of COVID-19
- Active phishing websites have increased by 350 percent, to 522,000 since the pandemic began. This has impacted both organizations and individuals, who have been hacked or have fallen for phony pleas for medical supplies, donations and other scams. Implementing systematic controls is more crucial now than ever to help avoid falling victim; companies must have phishing and spam filters in place
- Over 70 percent of the webinar audience said they are managing COVID-19’s impact on their IT teams’ ability to support and enable the business; six percent said they are stretched beyond capacity
- Fixes to any technology shortcomings could range from complex security solutions to a “back to basics” approach
- Furloughs and job losses increase insider threat concerns
Quick to Pivot “Characteristics”
Organizations that feel they’ve done well in coping with the crisis so far, have been quick to pivot to remote working (where possible) while retaining cyber control. What are common characteristics these organizations? Among other things, they already supported remote workforces, leveraged cloud-based technologies, doubled down on traditional remote capabilities, went back to the basics and actively educated employees about security concerns.
A crisis like COVID-19 calls for a quick review of policy exceptions, where immediate changes may need to be made. A few policies that organizations should re-evaluate include:
- Remote work policy
- Data loss prevention and endpoint-related security policies
- Vulnerability management and patching management polices
- Business continuity and disaster recovery program
- Incident response policy, procedures and plans
- Cloud security strategies
When “Normalcy” Returns
Once the crisis passes, an organization should focus on reviewing all existing security policies, creating new policies where needed and reviewing (or putting in place) the risk management program.
It is likely that the impact of this pandemic will have a long-term, permanent impact on businesses, who will likely ramp up their ecommerce and mobile presence, more fully develop their direct-to-customer capacity and strengthen the supply chain. All of these changes will impact risk management practices.
Finally, organizations should expect an explosion of new technology and the retirement of old technology once the COVID-19 pandemic is behind us.
To hear the full discussion and much more, the Minimize Threats, Modify Security and Optimize Safety webinar is available on demand. You may also want to download Protiviti’s Work From Home Cybersecurity Practices.
Uriah Robins
Pierce Chakraborty
Jeffrey McDonald
Mike Ortlieb
