COVID-19 requires adaptation to your security apparatus.
During COVID-19, Security teams face insurmountable odds when it comes to managing the risk under normal SecOps do to the vast unknown and ever evolving nature of this pandemic. We have seen a massive spike in criminal behavior using the fears and uncertainty surrounding the pandemic. COVID-19 has been seen as a global economic killer and organizations are finding themselves with a foreboding question… How do we adapt to the new norm?
If GSC could offer some practical advice, we would recommend looking at the following areas and see our solutions for the challenges faced under this ominous pandemic.
Remote Operations. How much can really be done?
Many security companies have come to realize and adopt the new age of security which a dynamic and technical based function and been able to adopt relatively easily and safely thus far. But what about those in regions of the world that have not, and continue to rely on archaic security practices and manpower?
The answer is not pleasant. Many companies, due to this pandemic, suffer from economic decline and now see the implementation of modern security methods as a fatal expense. This is also true for those that are using modern methods and see that the human element as a fatal expense. The truth is you cannot survive without both working in harmony.
An example of this is the Security Operations Center or (SOC); some organizations combine security with HSE and call it the Emergency Operations Center or (EOC). Due to the critical nature of this site, it is not easy to remotely operate this site effectively. Physical access should be granted to select and limited personnel in order to keep occupancy low as well as maintain proper functionality. Many staff can remotely work and rely on the limited staff on site to manage any physical trouble shooting and monitoring.
Shift scheduling is critical to protect employees’ health; letters of authority with a clean bill of health (weekly or at your discretion) may be required. This will indicate those cleared to enter the site and limit the risk or cross-contamination of the site.
The use of contact tracing methods is also required because it allows professionals to quickly and effectively back track and help prevent the spread of the virus of infected personnel.
Enable the team to work securely
Security forces must be maintaining best practices at the office or worksite and aid with information training for employees to self-assess and improve the physical security in their homes. For those that share a dwelling with others should take required precautions to limit the risk of information leakage by following some simple steps. Book an appointment with our consultants today for more information on SCIF improvements.
If the employees are unable to maintain a secure remote working environment then your security would need to design plans, guidelines, and procedures to assist them. Some basic helpful items would be things like a company laptop with VPN access, privacy screens, headsets and acceptable use policies and procedures around sharing sensitive information only in writing rather than having it announced on calls. Privacy enforcement through
For a limited time, it may be possible also to rent short-let spaces to provide a safe and secure working environment. However, providers are coming under pressure to limit their operations.
Recreate their workstations
The team is used to working with several monitors and with a specific keyboard. These pieces of hardware are not just preferences; they enable operators, analysts, and engineers to work quickly, efficiently, and accurately.
It is not possible to generate the same productivity working from home with just a laptop. If employees need additional monitors, cables, and keyboards, be prepared to fund their needs. The expenditure will increase productivity and may offer longer-term flexibility in working practices. This can be equipment from their existing workstation or a new.
Widescreen monitors with split-screen options are excellent for enabling multi-tasking across multiple systems and tools. All equipment provided should have a tracking option available to prevent intentional theft. Book an appointment with our consultants today for more information.
Communication is key
The ability to collaborate in a distributed environment may be a challenge for analysts who are used to face to face problem solving. They will need the ability to communicate securely during this period, with the ability to share pictures, screenshots, and videos. Access to a company phone or a personal phone with a mobile device management solution is essential.
It may help to consider a fallback communication mechanism if an incident compromises the organization's network. Cloud-based video conferencing and collaboration platforms may offer a quick solution but be aware of the security challenges these may present the team.
Protect the SOC infrastructure
Keep the systems used by the SOC well secured from the broader enterprise network. It's worth checking that the firewalls are appropriately configured to protect these systems from any compromise of the enterprise network.
Provisioning an alternative VPN access to critical SOC systems should also be considered, to allow fallback mechanisms if the infrastructure is compromised.
Adapt resourcing models
Be aware of the heightened risk of analysts and engineers becoming ill during the pandemic period, as well as the impact on them as they look after children and others who rely on them.
Implement a good resourcing tool that allows employees to flag capacity challenges. Also, examine the length of shifts and the impact it will have on employee well-being, and consider scheduling in time for employees to “switch off” from their work environments.
Lastly, consider building additional redundancy into your shift patterns, further overlapping shifts, or placing additional people on call to allow for overage at short notice.
Pay attention to local conditions
Many SOC teams have members based in different regions with distinct local policies relating to COVID-19. Pay attention to guidance and restrictions at the national, regional, and city-wide level where employees are based, and make sure shift ROTA reflects team member’s conditions. Some may only be able to visit shops in specific time windows, collect medication or leave the house at all.
Gear your tools to the threat landscape
The new threat landscape under COVID-19 consists of a variety of consumer and employee targeted phishing campaigns, as well as a higher frequency of enterprise-level cyber-attacks. These include ransomware, crypto-mining operations, and privilege escalation attacks.
SIEM tooling may be configured to mark levels of activity suspicious under normal circumstances. Be prepared for those levels to change. Joiners, movers, and leavers processes may be more frequent due to the high turnover of staff.
Review SIEM systems and make sure they reflect the new threat landscape and consider how to automate detection and remediation processes to handle a higher frequency of attacks and reduced staffing. You may have limited visibility of BYOD and other home working solutions, implementing workarounds. So consider a feasable work around for this possability.
Assume the long game
Restrictions relating to COVID-19 may recur if countries experience further spikes in infection rates or if another pandemic arises. The lessons learned during this time are valuable — document the changes made; keep relevant hardware, software, and incident response playbooks; and be prepared to deploy this working model again should the need arise.
Aspects of this new way of working may even become the new norm. Feel free to Book an appointment with our consultants today for more information on our services and recieve our COVID-19: Safe Work Resumption Plan custumized to your orginizational needs at a discounted price.