Dogs barking. Kids getting set up for online learning. Conference bridge crashing. Spouse or roommate is on the phone next to you. It’s 8 am and you haven’t had your coffee yet. Sound familiar? This is the new reality we are living in under COVID-19.
For seasoned remote workers and new ones to this lifestyle alike, everyone is affected by the current pandemic – especially the security community. Remote work has always been a cause for concern from a security perspective and has dramatically increased with this new movement to 100% remote. These are policies that can take months to cultivate – and they’re having to be done in days and weeks.
We’re all in this together.
Everyone is in crisis mode because of this, and the only way we will get through it is by coming together and sharing our knowledge to keep our community safe, both on and offline.
We have brought together some quotes with recommendations from our customers and colleagues we think could be helpful in both the long and short term. We would love if you would share your thoughts, experiences and ideas with us as well! Let us know if you would like to participate.
Quotes from the Community
“The threat is clearly changing. Phishing lures are pivoting towards Corona-related topics, and the click rate is high which is increasing the incident workload for my team. As a majority of my company is working remotely now, I’m finding it harder to turn off my “work-mode” because I have significantly less control over my systems now. As a security person you never really turn it off, but I’m afraid of getting that call that we’ve been compromised in a real way. I would expect to see further increases in cyber activity as bad actors look to take advantage of the global chaos.“
Head of SOC
“While we are fairly mature, a lot of organizations are having to think on their feet at the moment, because they didn’t have well tested business continuity and remote access processes in place. As we all know, quick workarounds introduce vulnerabilities, and with the increase of remote work I’m sure they’re increasing as well. This isn’t specific to our employees either, this includes our third party vendors too. Increasing the attack surface on all accounts makes every security professional’s job even more demanding than it already is.”
CISO, Major Law Firm
“There’s definitely an increased risk on endpoint. At home, web browsing is more likely to go unmonitored and bypass corporate security controls. That aside, the majority of access needs are in the cloud and so the risk here hasn’t fundamentally changed. I’m mainly concerned about my supply chain. We’ve seen comments around essentials being scraped up – this is happening in the commercial side too. My business, which includes my job, relies on supply chain being active.”
CISO, Engineering Company
“The biggest challenge is in bringing business continuity planning to reality. Underlying assumptions have been ripped up – for example, we never expected more than 50% of staff to work from home at any one time. Now we are approaching 100% home working, things like capacity and licencing are the priority. I’d be concerned about firms that have to rush these through changes, potentially cutting corners and leaving areas that can be exploited. I’m also seeing an impact in the productivity of our employees. In the office I can stop by someone’s desk for a few minutes, now we are having to have 30+ minute meetings in some cases to allow for technical difficulties, or at-home distractions/emergencies.
CIO, Telecom Provider
“As for assistance here for Covid-19 business continuity, I think we are in a good spot- although changes are coming rapidly. There are tons of companies simply reacting at this time and they have to be overlooking the security nature of this situation. I also feel post-crisis or once we get past this Covid-19 pandemic, the market will be ripe for discussions with companies that will be eager to improve and learn from these experiences.”
IT Manager, Utility
“We’ve been pretty preoccupied with the current virus crisis, so we have been juggling priorities and trying to ensure the continuity of our infrastructure.”
CTO, Insurance
“We are responding to this pending COVID-19 situation, preparing the org for an all out BCP [Business Continuity Planning] initiative.” Something that hasn’t been updated in a really long time. So you can imagine the chaos as we work to update, test, and train to the plan the best we can before things get too bad.
Information Security Manager, Government
Security is a critical part of any business continuity plan, and we’re seeing that now more than ever.
Have any additional comments or tips that you think would be helpful for the community? Please contact us so you can be a part of our next installment.
