Was Your Group Prepared for COVID-19?
Posted by: Ron Brown
It’s Never Too Late for a Cyber/Business Resiliency Plan
The global COVID-19 pandemic thus far has brought countries to their knees and caused irreparable damage in terms of loss of life, jobs, revenues and hundreds of thousands of businesses closing their doors permanently – not to mention increased volume of cyber threats looking to take advantage of this situation. The cyber-attack aftermath is compounding the problems for all organizations. Having a well-thought out Cyber/Business Resiliency Plan now may mean the difference between being around in 2021 and open for business or succumbing to the times and being just another casualty of the 2020 economic downturn.
Preferably, a Cyber/Business Resiliency Plan should be designed and implemented before catastrophe strikes. If you do not have a plan already, now is the perfect time to create one. Not only will it help to weather the adverse impact of COVID-19 today, but it will also assist in keeping a business intact and operational no matter what devastating events may be on the horizon. With the right strategies and preparation, organizations may be able to withstand significant events or threats no matter how devastating or severe.
Outlook and Risk Scenarios
When gauging just how much of an impact and aftermath a major health threat like COVID-19 will have on your business, you first want to determine what the risk outlook will be. Back in March, I outlined three risk scenarios the virus could result in, which seem to be playing out as predicted.
They were:
- Benign – Limited transmission, new cases decline in April,
- Serious – Cases and deaths rise, but peak by July ,and
- Severe – New cases rise through end of 2020, broad-based economic dislocations occur
We are presently experiencing the “Serious” risk scenario and only time will tell if we will move on to the “Severe” phase.
Major Impacts
The effects of COVID-19 have been extensive and global. They have impacted our everyday lives as well as so many aspects of our work and business environment. The ensuing cyber-attacks has made the response and recovery even more difficult.
The impacts will be around for a while but, again, it is still not too late to prepare!
What to Do Now to Help You Prepare for COVID-19 And for The Future
There are five key areas which must be addressed holistically and included in a Cyber/Business Resiliency Plan. They include:
- Risk Management – identify critical products, services and business functions where threats and vulnerabilities have the greatest impacts.
- Business Continuity – continuity of critical business functions required to maintain an acceptable level of operation during an incident.
- Crisis Management – ensures command and control during an operational disruption and includes incident identification, evaluation, escalation, declaration, plan activation and deactivation. Communication internally and externally is a key component of this plan. Incident Response activities are also initiated.
- Disaster Recovery – the restoration of business system software, hardware, IT infrastructure services and data during an incident.
- Emergency Response – facilitates and organizes employer and employee actions during workplace emergencies. These involve life safety procedures to protect the well- being of personnel/visitors.
Other Areas to Consider When Building Your Plan
Developing the kind of blueprint which will offer the most value may include most or all of the following items, depending on your own unique circumstances. But, a customized, well-developed Cyber/Business Resiliency Plan, accompanied by relevant strategies will be well worth the time, resources and effort you put into it, if it serves as your organization’s survival plan. Areas to consider are:
- Planning
- Policy Revisions as Needed
- Technology
- Workforce
- Raw Materials
- Transportation Services
- Communications
- Customers
- Remote Access Surge
- Cloud Applications
- Security Monitoring
- Endpoints
- Network
- Cloud Applications Usage and Auditing
- Security Awareness
- Fraudulent Scams
How GuidePoint Security Can Help
We can provide invaluable assistance with many of the most critical aspects that go into building a Cyber/Business Resiliency Plan as well as other factors that are part of business survival.
Security has never been more important than during a crisis such as the present pandemic. Cybercriminals are often the first to act in these instances because they realize with such catastrophes, come all kinds of new vulnerabilities and opportunities which are ripe for exploitation.
We can help minimize those opportunities through a variety of services and solutions, including:
- Cyber/Business Resiliency Strategy and Execution
- Third-Party Supply Chain Risk Management
- Policy Reviews and Updates
- Social Engineering: Phishing Simulation Testing
- Penetration Testing: Adversary Emulation, Remote Access Attack Surface, and
- Incident Response Support
Other areas within our Technology and Architecture Consulting Services include:
- Security Architecture Review and Engineering: Work From Home Architecture
- Remote Access Solutions, Infrastructure and Scaling
- End Point Security Solutions: Personal and Corporate Owned Devices
- Mobile Device Management
- Data Security: Device Control, Data Loss Prevention and Cloud Security
- Identity and Access Management: Multifactor Authentication, Single-Sign On, Identity Governance
- Managed Security Services: 100 remote SOC that can be rapidly deployed and help clients achieve 24×7 monitoring
To learn more on how GuidePoint Security can assist you during the COVID-19 pandemic or any other area you can visit us here.
About Guidepoint Security
GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk. Learn more atwww.guidepointsecurity.com.
Contributing Authors
Ron Brown is the Director of Security Solutions at GuidePoint Security. Ron is an Information Security and Operational risk management executive who has spent over 25 years leading teams and helping clients build protection services, processes and technology to discover and mitigate IT Cyber risks. Email Ron at [email protected] or message him on LinkedIn: https://www.linkedin.com/in/ronwbrown/.
Ron Brown
Director - Cybersecurity Solutions,
GuidePoint Security
Ron leads security solutions for the information assurance consulting organization; which includes application security, cloud security, incident response and forensics, governance, risk and compliance, penetration testing and social engineering. Ron’s primary focus is working with clients to provide support in understanding GuidePoint’s information assurance services. Ron has over 25 years of experience in cyber. He has spent half of his career working in advisory and consulting, and the other half leading internal organizations to build and lead cyber-resilient organizations.
Ron has extensive experience in multiple cyber disciplines across commercial industry sectors and government. Prior to joining GuidePoint, Ron held executive leadership roles with Accenture, PWC, IBM and several technology services organizations. Ron served as the CISO for Freddie Mac prior to his consulting career. His accomplishments have included building and leading cybersecurity organizations, technology transformation, vendor management, CISO programs and business resiliency.
He is a frequent speaker at industry conferences including, IANS, ISSA, ISACA and DRI on a wide array of information security and business resiliency topics. Ron earned a bachelor’s degree from the Robert H. Smith School of Business at the University of Maryland and his MBA from Averett University. He also holds CISM, CISSP and CBCP certifications.