ESI ThoughtLabs, a U.S.-based research firm, is collecting perspectives on the pandemic’s effects on cyber security to include in its research study, “Driving Cybersecurity Performance.” Check Point’s Eddie Doyle was among a handful of security thought leaders invited to respond to ESI’s probing questions. Below is an excerpt from “COVID-19 and the Cybersecurity Challenges Organizations Currently Face”:
ESI: The Covid-19 pandemic is placing greater reliance on digital systems and testing the effectiveness and resilience of corporate cyber security programs. How are companies’ digital approaches changing to cope with the pandemic and what has been the impact on cyber security vulnerabilities, risks, and strategies?
Edwin Doyle, Global Security Strategist for Check Point Research, Check Point Software Technologies: The main vulnerability exists in the technology gap between enterprise corporation locations and the home office. Enterprises have had two decades to build and define a corporate cyber strategy which for the most part works quite well. But all those corporate employees are now working from home during this pandemic. Did the company have an incident response plan which would account for this? Were they able to quickly supply the effective cyber security technologies needed for taking the business’s valuable data to employee’s homes? I doubt it. Hackers doubt it too, and the race is on to see who can either exploit these vulnerabilities or secure them first.
Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4: Having most employees go remote is obviously straining already tight IT resources, both personnel and available remote access. Social engineers and phishers are also in a feeding frenzy, taking advantage of the Covid-19 situation, as evidenced by a huge uptick in Covid-19-themed phishing attack. Covid-19-themed phishing strategies are likely to be more successful because of the built-in stressor events and peoples lack of familiarity with these phishing themes.
ESI: How will the coronavirus likely change your clients’ companies’ global business strategy and digital transformation plans and those of your own company? How will it affect the future of work, ecommerce, supply chains, etc.? What might be the longer-term implications for cyber security?
Jamie Singer, Senior Vice President, Crisis & Risk Management, U.S. Data Security & Privacy, Edelman: It will be imperative for organizations to conduct deeper risk sensing on issues related to remote work capabilities, VPN capacity, and employees increasingly using insecure WiFi – all while the hacking community is salivating at opportunities to exploit these vulnerabilities. As a result, how companies approach communications readiness for the dual risk of cyber issues in the Covid-19 environment will also need to evolve – for example, how to communicate in the wake of a cyber threat that creates operational disruption for organizations supplying critical supplies for the Covid-19 relief effort, how to communicate about a ransomware attack that impacts a hospital’s ability to treat a surge in Covid-19 patients, and how to meet stakeholders’ increasing expectations for direct and transparent communications from their employers and the brands with which they interact.
Edwin Doyle, Global Security Strategist for Check Point Research, Check Point Software Technologies: I’ll place a very strong bet on the fact that most disaster recovery plans from the cyber team did not include supply chain! The role of the CISO needs to mature into a direct report to the CEO. In cooperation with the general counsel, reporting to the business would provide the cyber team with a more holistic overview of the business risks; hence, supply chain would be included in the dialogue and strategy.
For more details on this story, click here.