The president of the United States testing positive for COVID-19 reminds us that there is no guarantee any individual will remain virus-free. That's true in Washington, and it's equally true for those managing and running the cybersecurity of our organizations.
Fortunately, the possibility that the president could become ill was understood. The Presidential Suite at Walter Reed National Military Medical Center is no spur-of-the-moment facility. It was set up for such a need. Aside from the full medical staff and facilities of Walter Reed, it has communication facilities provided by the White House Communications Agency and security vetted by the Secret Service. In short, the government recognized the need, created a plan, and took the necessary steps to provide the infrastructure that would be needed to execute that plan.
The news about the president's medical condition is a reminder that we need to consider not only what we do to protect our systems in these disruptive times but also whether we've sufficiently planned for resilience in our cybersecurity operations and teams.
Given the history of cyberattacks, ranging from large-scale data thefts and insider problems to the current rash of ransomware attacks and business email compromises, corporate and government managers understand that continuous cybersecurity — 24 hours a day, seven days a week — is vital. But going from that understanding to having actual operational resilience requires planning and work to make it effective. While companies have increasingly turned to using automated monitoring systems to help them surveil their networks and systems, the results and alerts generated by those systems must be reviewed by qualified security specialists and turned into actionable intelligence and decisions.
Most companies run very lean when it comes to cybersecurity staffing, and experienced network monitoring specialists are in short supply in both the public and private sectors. As threats evolve, those monitoring our networks must continuously update their knowledge to be prepared for both current threats and whatever is coming next. Add to this the stresses related to changes required by the coronavirus pandemic (such as remote working and increased reliance on cloud services) and the cyber-risks have grown — sometimes faster than the ability of the company to adjust cybersecurity to match the new challenges.
Another problem that all companies face is that while we frequently read about cybersecurity incidents involving large breaches, successful significant attacks against any particular organization are actually infrequent. As a result, organizations typically have little practical experience to go on. They're at the bottom of the learning curve when they need to be at the top. After they recognize an event, companies — often with the assistance of their cyber-insurance carriers — bring in specialized legal expertise and cyber-forensic investigators with significant experience. That's great, but it's after the fact.
The real issue is how we manage our cybersecurity to prevent serious incidents. With COVID-19, it doesn't matter how you get infected, but once you have the virus, you can get very sick very quickly and become unable to do your job. If that job is monitoring the cybersecurity health of your company, are there qualified replacements trained and ready to step in?
Every organization should take the news from Washington as an opportunity to ask the "what-if" question and to carry out a cybersecurity resiliency risk assessment. We have to recognize that cybercriminals are taking advantage of security weaknesses, and we must do our best to avoid disruptions.
Start by understanding who in your organization is available and qualified to monitor your networks (and network monitoring systems) around the clock. Determine if there are additional experienced personnel available to step in if needed, and if they're ready to do so. Based on the risk assessment, management should give serious consideration to working with an outside analysis and response organization as their primary or backup source of network monitoring and incident response.
Do You Need Help?
Many companies have chosen to outsource or augment their network and systems monitoring with organizations that bring a team of qualified analysts who can triage security alerts, hunt for threats, and respond as needed on behalf of (or alongside) internal teams. Because they work across many companies, these organizations have substantial experience in dealing with the range of current and emerging threats and bring analytic and intelligence capabilities that only the largest companies could afford. These outside organizations provide best-of-class monitoring and analytics that provide a combination of automated analysis and human oversight, and they can provide service if and when an in-house information security team becomes disabled or needs to quarantine or isolate.
There's no need to panic, but neither is there time to ignore the issue. A single cybersecurity failure can result in a successful ransomware attack or data breach that could be enormously expensive and cause tremendous reputational damage. Taking some simple steps to avoid these problems by assessing the resiliency of your cybersecurity program is well worth it.