When COVID-19 happened, Ramon Karingal, Chief InfoSec and Risk Advocate for Asia Pacific and Japan of RSA Security, noted that there were three common tech issues most of their customers encountered.
First, there’s the shortage of corporate technology equipment to provide for most of their employees who are now working from home. “Some organizations had to allow the use of personal devices to access their corporate network. Setup and connectivity issues were also encountered by some of our customers, especially making sure they have a secured way of accessing the corporate network,” Karingal said.
Second, “some organizations reported having technology infrastructure capacity issues, e.g. compute, storage and network capacity to support their customer-facing online applications. Organizations resorted to migrating some of their internal and non-sensitive applications to public cloud like AWS or Azure.”
And third, “our RSA Anti-Fraud Command center has reported a rise in pandemic-specific scams through the form of phishing, smishing, brand abuse and the like. A lot of the fraudsters are taking advantage of the panic and confusion surrounding COVID-19.”
These issues weren’t really surprising.
“The COVID-19 pandemic has a far-wider impact that potentially affects almost every household globally when compared to other instances that also wreaked havoc to tech use of companies/people (like Y2K and the Thai flooding that affected businesses all over Asia). COVID-19 pandemic perhaps could be the only instance where every country in the world had to issue stay-home orders to all citizens, except for those performing essential services, like doctors, nurses, policemen, firemen, etc.,” Karingal said.
Also, “the duration of the current COVID-19 pandemic is more prolonged compared to other incidents/disaster. It’s been more than a semester since the COVID-19 outbreak in most countries; and, there is still no indication where this pandemic will end.”
Finally, “post-COVID-19, things are not going back to normal unlike other instances/disasters. There will be a different and new normal way how companies/people will make use technology post COVID-19.”
NAVIGATING HARD TIMES
For Karingal, there are some security-related tips for companies/businesses as they move forward for them to successfully navigate or face similar pandemics like COVID-19.
First, “provide employees with the capability to securely access the corporate network when working either in the office and/or remotely from location outside the office,” he said.
Second, “provide continuous education and reminders to employees on cybersecurity aware and safety, especially on phishing and identity thefts.”
And third, “improve organization capability to detect and respond to any cybersecurity-related incidents by either building inhouse cybersecurity capabilities or subscribing to managed services.”
RSA Security, in fact, has offerings that eye to specifically deal unforeseen instances like COVID-19. These include:
- SecurID Suite – risk-based MFA identity access management. This should be part of the minimum security controls organizations should adopt while providing remote access
- NetWitness Platform – Cyber security solutions for the Security Operations Center which includes our Evolved SIEM, EDR, EUBA and SOAR technologies
- Archer Integrated Risk Management – to help automate and simplify organizations’ Governance, Risk and Compliance processes
- Fraud & Risk Intelligence Suite – to help organizations mitigate fraud risk and protect their brand and customer transactions
The RSA brand is being carried by VST ECS Phils., Inc, the largest ICT distribution company in the country.
Knowing that something like Covid-19 may happen again, what is the best lesson that companies/businesses can learn from this experience?
“Organizations should learn from their experience in dealing with the unexpected disruptions that they may have encountered arose during COVID-19 – workforce, business operations, supply chain and security. Challenges like enabling most of your employees to work from home with the necessary secure access and authentication technologies and controls in place. Third parties like partners, vendors, contractors and supply chains your organization engages should also be considered in terms of their capability to provide the required support to your organization in delivering services to your customers,” Karingal said.
He added that during disruptions, other risks organizations are dealing with don’t stop. In fact, they may even escalate as bad actors try to take advantage through cyberattacks or fraud. Regulatory compliance can receive less attention as teams change their focus to current business impacts.
“Disruptions demand everyone’s attention, and if they extend over a long period of time, the risk of not achieving business objectives can create strategic risk,” Karingal said. “It is critical to ensure your risk management program enables you to continue to identify new risks, evaluate and measure critical risks, take appropriate steps to manage the risks within acceptable tolerance levels, and advise executives on decisions they need to make.”