A vast number of controls related to Cyber Security are implemented through the use of particular cyber security solutions, and many other technologies and management processes such as audits, assessments, policies & procedures, etc. All these controls have been adopted and properly monitored in order to establish the required level of Cyber Security in an organization, even during the Covid-19 pandemic. This new era has forced most organizations to defend against a vast number of new technologies trends and the cyber security threats associated with the particular technologies, mainly related to remote working and online collaboration.
Move focus on the effectives of the Cyber Security Controls
Organizations are now truly concerned, about the effectiveness of their overall cyber security program and their cyber health. This is because they have realized that a different approach needs to be adopted focusing on effectiveness and the true adoption of the cyber security controls. This becomes a necessity especially now, that employees are forced to work remotely or to use their personal devices to access the information assets of the Organization. Reliance on technology expose an Organizations to a number of emerging threats some of them related to the use and understanding of technology by the employees. The increase of Phishing attacks is a good example. Users are receiving a large number of spam and phishing emails. Considering the general sense of instability and insecurity, it becomes easier for someone to get allured into clicking on something coming from an unknown origin, in order to be informed about the latest updates in Covid-19 vaccination, assuming that the email is coming from a legitimate origin.
Threats related to cyber security, such as Phishing, are not the only ones that should be taken into consideration. This pandemic crisis introduced an increased level of automation related to the execution of the Corporate processes and everyday tasks. This means that a large number of tasks related to the daily operation of an Organization are handled by software and hardware. Long before the pandemic crisis, predictions were referring on how digital automation of processes and operational tasks will dramatically change the way Organization operate. More employees are now asked to work from their homes, as the spread of Covid-19 is increasing, and a lot of tasks are automated through the digitalization of human centric processes. Organizations should well balance between digitalization, automation and human capital. At the same time, they need to assist their employees to adopt into the new corporate environment by communicating the changes and train them.
Another important issue, concerns the fact that a lot of countries have adopted digital technologies to track Covid-19 patients, through the use of geolocation, aggregation and analysis of data related to people’s movement. Governments, claim that through the use of the specific technology, pandemic can be monitored and even contained. Nevertheless, compromise of Privacy needs to be seriously considered and the required measures needs to be taken in order to not jeopardize human rights. Unreasonable endangerment of privacy can deteriorate free expression and movement and, as a consequence, worsen the overall sense of insecurity, leading to an incalculable aftermath.
Cyber Security Controls are an enabler for Digitalization and Automation
Cyber Security controls should be put in place after thorough risk analysis, design and testing concerning all the components (systems, applications, networks) that are part of the new digital environment related to remote working. As far as the European Countries concerns, proper consent management procedures and personal data protection controls should be put in place, in accordance to the General Data Protection Regulation 2016/679. Furthermore, restricted access control and encryption where possible should be in place. Last but not least, phishing campaigns should be executed at regular intervals in order to assess the readiness and awareness of employees against the modern Social Engineering attacks.
The new global pandemic also serves as an accelerator for the fast adoption of a number of new technologies. Inevitably, the fast adoption of new technologies is associated with a number of new business-related challenges including cyber security threats. Governments and Enterprises are duty-bound to always respect the privacy of individuals and to also keep in mind that human thought and creativity cannot be replaced by any kind of technological automation. Finally, as stereotype as it may sounds, cyber security awareness of the employees, could prove to be the “vaccination” to any type of cyber illness.
Author: A. Birba, GRC & Assurance Manager