SEC URIT Y F E AT URE
By Daniella Traino, Managing Director, Pinecone Technology Strategies and Tony Vizza, Director of Cyber Security Advocacy, APAC, (ISC)2
The COVID-19 pandemic has seen many countries around the world, including Australia, experience stress and confusion at unprecedented levels, both at the organisational and human levels. While health authorities have implemented containment strategies to flatten the curve of potentially devastating health effects, cyber security incident responders have been able to relate from a threat management perspective, as organisations have raced to implement new ways of doing business to support their people, their customers and their partners. Business continuity has seen a massive uptick in remote working in order for the organisation to continue to function. For many, digital technologies are no longer an option but a key success factor in transitioning their workforce, managing changes in customer demand and simply surviving. The economic impact of COVID-19 is yet to be fully understood, but organisations are already adjusting their workforce for the immediate changes in demand for goods and services. Organisations are rewriting their strategic plans to prepare for revenue declines, tight cost management and the ultimate question - how do we remain viable in this new world? The latter question raises other organisational and human challenges: should Australia’s Prime Minister Scott Morrison be on point with his prediction that restrictions are highly likely to remain in place for at least 6 months, with international travel bans lasting even longer. This scale-up of technologies, policies and
Business continuity has seen a massive uptick in remote working in order for the organisation to continue to function.
the new reality of ‘remote working’ has seen many organisations unprepared and facing several challenges. These include limited technology consumables (for example, due to an overseasbased supply chain), use of personal devices for business and information handling, software licensing and deployment and configuration of remote services (including VPN and multi-factor authentication).
WHAT DOES THE THREAT ENVIRONMENT LOOK LIKE? While these challenges cannot be underestimated, it should be noted that cyber criminals and other malicious actors never waste a crisis situation to gain access to sensitive information, systems and funds. These miscreants are keenly aware of our challenges, seeing opportunities for further exploitation. Globally, cyber security intelligence has warned that these malicious actors are attempting to take advantage of the uncertainty and flexible working arrangements that many organisations are implementing. Remote working tools such as Zoom Video Conferencing and Microsoft Teams, are but a few recent examples of malicious actors identifying vulnerabilities in our digital tools to undermine our security and privacy. Worldwide, social engineering (phishing) attacks and scams and malicious software
CYBER CONSID IN A COVID-19 18 SEC UR IT Y IN S IDE R | JU NE 2020