Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:00 PM
Alan Brill
Alan Brill
Connect Directly
E-Mail vvv

Are You One COVID-19 Test Away From a Cybersecurity Disaster?

One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.

The president of the United States testing positive for COVID-19 reminds us that there is no guarantee any individual will remain virus-free. That's true in Washington, and it's equally true for those managing and running the cybersecurity of our organizations.

Fortunately, the possibility that the president could become ill was understood. The Presidential Suite at Walter Reed National Military Medical Center is no spur-of-the-moment facility. It was set up for such a need. Aside from the full medical staff and facilities of Walter Reed, it has communication facilities provided by the White House Communications Agency and security vetted by the Secret Service. In short, the government recognized the need, created a plan, and took the necessary steps to provide the infrastructure that would be needed to execute that plan.

Related Content:

The New War Room: Cybersecurity in the Modern Era

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: Expert Tips to Keep WordPress Safe

The news about the president's medical condition is a reminder that we need to consider not only what we do to protect our systems in these disruptive times but also whether we've sufficiently planned for resilience in our cybersecurity operations and teams.

Given the history of cyberattacks, ranging from large-scale data thefts and insider problems to the current rash of ransomware attacks and business email compromises, corporate and government managers understand that continuous cybersecurity — 24 hours a day, seven days a week — is vital. But going from that understanding to having actual operational resilience requires planning and work to make it effective. While companies have increasingly turned to using automated monitoring systems to help them surveil their networks and systems, the results and alerts generated by those systems must be reviewed by qualified security specialists and turned into actionable intelligence and decisions.

Most companies run very lean when it comes to cybersecurity staffing, and experienced network monitoring specialists are in short supply in both the public and private sectors. As threats evolve, those monitoring our networks must continuously update their knowledge to be prepared for both current threats and whatever is coming next. Add to this the stresses related to changes required by the coronavirus pandemic (such as remote working and increased reliance on cloud services) and the cyber-risks have grown — sometimes faster than the ability of the company to adjust cybersecurity to match the new challenges.

Another problem that all companies face is that while we frequently read about cybersecurity incidents involving large breaches, successful significant attacks against any particular organization are actually infrequent. As a result, organizations typically have little practical experience to go on. They're at the bottom of the learning curve when they need to be at the top. After they recognize an event, companies — often with the assistance of their cyber-insurance carriers — bring in specialized legal expertise and cyber-forensic investigators with significant experience. That's great, but it's after the fact.

The real issue is how we manage our cybersecurity to prevent serious incidents. With COVID-19, it doesn't matter how you get infected, but once you have the virus, you can get very sick very quickly and become unable to do your job. If that job is monitoring the cybersecurity health of your company, are there qualified replacements trained and ready to step in?

Every organization should take the news from Washington as an opportunity to ask the "what-if" question and to carry out a cybersecurity resiliency risk assessment. We have to recognize that cybercriminals are taking advantage of security weaknesses, and we must do our best to avoid disruptions.

Start by understanding who in your organization is available and qualified to monitor your networks (and network monitoring systems) around the clock. Determine if there are additional experienced personnel available to step in if needed, and if they're ready to do so. Based on the risk assessment, management should give serious consideration to working with an outside analysis and response organization as their primary or backup source of network monitoring and incident response.

Do You Need Help? 
Many companies have chosen to outsource or augment their network and systems monitoring with organizations that bring a team of qualified analysts who can triage security alerts, hunt for threats, and respond as needed on behalf of (or alongside) internal teams. Because they work across many companies, these organizations have substantial experience in dealing with the range of current and emerging threats and bring analytic and intelligence capabilities that only the largest companies could afford. These outside organizations provide best-of-class monitoring and analytics that provide a combination of automated analysis and human oversight, and they can provide service if and when an in-house information security team becomes disabled or needs to quarantine or isolate.

There's no need to panic, but neither is there time to ignore the issue. A single cybersecurity failure can result in a successful ransomware attack or data breach that could be enormously expensive and cause tremendous reputational damage. Taking some simple steps to avoid these problems by assessing the resiliency of your cybersecurity program is well worth it.

Alan Brill is a Senior Managing Director in the Cyber Risk practice of Kroll, a Division of Duff & Phelps, and is a Fellow of the Duff & Phelps Institute. He is also an Adjunct Professor at Texas A&M University School of Law. Alan has worked on numerous high-profile ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Alex White
Alex White,
User Rank: Author
10/27/2020 | 12:06:22 PM
Many Great Points
This article brings up some really points that all companies and CTOs must consider. In the middle of a pandemic, we must of course expect that our employees may get sick -- and we must be prepared in the event that they do so that no gaps occur in their absence while they focus (rightly) on getting well again.
Alan Brill
Alan Brill,
User Rank: Author
10/22/2020 | 1:02:43 PM
Some additional thoughts...
While in the op-ed, I focused on issues relating to the more limited in-house technology resources that may be available during the pandemic, please don't think the issue is limited to the technology team. Others can be problematic as well. 

If decision-making managers have limited availability or are harder to reach, getting decisions made that may be very time-sensitive may be difficult. Deciding whether to treat a ransomware case as a breach -- which is often the truth of the incident as data theft now can preceed the encryption -- which implicates the need to notify those affected as well as government agencies could be delayed if, for example, legal counsel was harder to reach or to brief. Having the ability to get contracts in  place with vendors (of forensics, investigations or notification may be critical, and some may have requirements relating to issues like establishing attorney-client privilege. 

The idea I wanted to get across is that during the pandemic, the changes in how we work can affect the ability to carry out an incident response plan. People working from home. People working with more limited resources, the inability to just "run in and talk to" whoever can affect how an organization responds to a challenge. 

As a result, I'd recommend that you re-visit your incident response plan to ensure that it still works as intended in the fact of the Covid pandemic. If it does, fine, but if not, you should be considering either temporary or longer-term changes to make sure the plan will be effective when it is needed.
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-06
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel i...
PUBLISHED: 2021-05-06
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbi...
PUBLISHED: 2021-05-06
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
PUBLISHED: 2021-05-06
The administrator application on ASUS GT-AC2900 devices before allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_chec...
PUBLISHED: 2021-05-06
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.