Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/22/2020
10:00 AM
Ran Shahor
Ran Shahor
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Long-Term Effects of COVID-19 on the Cybersecurity Industry

The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility.

Experts have written much in the last couple of months about COVID-19 and its impact on cybersecurity. From ensuring colleagues can work from home securely to defending geopolitically fueled cyber exchanges, dealing with COVID-19 has dominated the consciousness of the cybersecurity industry. 

All of this is important to deal with but is largely reactionary — that is, the issue is in front of us today. But what about the long-term view? Is it time to think about what COVID-19 means for cyber in the years to come?

I believe the answer is "yes" — but not in the way you might expect. In my mind, the long-term view of cybersecurity can be boiled down into a single word:  flexibility.

The Big Picture: Cyber Defense Is One Piece of the Puzzle
Let's take a step back from cyber and look at the world around us. COVID-19 is changing the way in which we do business and the way in which we live our lives. It is affecting the way we interact with the environment and with each other. For example, in our day-to-day lives, we have seen cash transactions disappear while online deliveries are booming. Even when shops open, they are set to be little more than window dressing, while restaurants have become well-appointed delivery kitchens. Transportation may never be the same again. Entertainment and sports are now consumed digitally almost exclusively.

From a business perspective, this means some industries are struggling and may even disappear, while entire new sectors are being created from scratch. Offices are closing, in some cases permanently, while IT departments scramble to transition their centralized key assets to a more accessible cloud delivery model. Communication and teamwork now require a completely new set of skills and technologies. In terms of the workforce, record levels of government intervention and furlough schemes have shifted the fabric of society beneath our feet.

A Unique Opportunity
For those of us in cybersecurity, this maelstrom of change presents a unique opportunity to tear up the "security-as-a-blocker" stigma, and instead become enablers. The world has been hit with an evolutionary event — and if we think about businesses it is no longer survival of the fittest, but survival of those who can adapt the fastest — and also the most securely.

When a company is facing existential decisions over its business model to adapt to a post-COVID world, cybersecurity should not — indeed cannot —afford to get in the way. Instead, we need to ensure we can operate in an agile way, and adapt to whatever the world and its new ways of life entail. In practical terms this may mean several changes — for example, forging stronger relationships across the organization. This will help us to better understand what may be a rapidly changing business as a result of COVID-19, and to make sense of the critical assets and risks that underpin it. On the technical front, as another example, adopting a DevSecOps approach can introduce security at an earlier stage of the application development life cycle. Again, this serves to bring security closer to the business objectives. 

Cybersecurity as a Business Enabler
But this isn't just about taking the opportunity to reposition cyber away from being a "blocker." There is also an important message here to deliver to our organizations about cybersecurity as an active enabler. Yes, it's true — those businesses that adapt to a post-COVID world may thrive… for a short time. However, those that can adapt securely will be well positioned for sustainable competitive advantage, leading to long-term success.

To achieve this, there are practical steps that cyber teams can take now. COVID-19 represents an opportunity to reach out across the organization, such as setting one-on-one time with stakeholders in different business functions, outside the usual risk reporting lines. Ask about their world and how it is changing, and what they expect the major trends and business moves to look like post-COVID. While building relationships is always beneficial, this should also be an opportunity to ensure that cybersecurity can contribute from the outset.

Next, security teams should be ready to add flexibility into their assessments. The rapid pace of change brought about by COVID-19 will introduce vulnerabilities into the business logic, the technology, and the people that work within the organization. We can't stop the business while we fix everything — so we must be ready to adapt.

In summary, while the long-term COVID-19 outlook and what it means for the world is unpredictable, this, in fact, leads to clear security advice that we can all start with today: Be more flexible.

Related Content:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 

Ran Shahor is the CEO and co-founder of HolistiCyber. He is a Brigadier General (Ret.) who founded the leading-edge cybersecurity program of the Israeli Defense Forces Intelligence branch. After 27 years of service, Ran had multiple leadership roles in the private sector. ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AmosSh
100%
0%
AmosSh,
User Rank: Apprentice
6/24/2020 | 6:49:42 PM
A great read
I'm used to everybody being so concentrated at barely keeping the head above the water and living the here and now without thinking about the future.
It's great seeing someone putting the effort to think about the longer-term issues.
It's always valuable, and especially so in such trying times.
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
6/24/2020 | 12:06:32 PM
Re: Insightful Covid 19 Cyber security post
Quite smart of your COO. I think in times like this what is most appropriately needed is direction from the top. Many private organizations as well as sections of government have failed in this regard. To define a path forward. Otherwise the masses are just marching in the dark.
cooperradecki
50%
50%
cooperradecki,
User Rank: Apprentice
6/24/2020 | 4:47:57 AM
Re: Pending Review
I hope so
RanShahor
100%
0%
RanShahor,
User Rank: Author
6/23/2020 | 4:48:41 PM
Re: Insightful Covid 19 Cyber security post
Thanks for your comment.

I would be glad to have this dialogue .

I could be reached at: [email protected]

Best Regards
jfranklincobaltiron
100%
0%
jfranklincobaltiron,
User Rank: Apprentice
6/22/2020 | 2:53:41 PM
Insightful Covid 19 Cyber security post
Great post with a lot of good insight for practical Covid 19 steps. I think using this time to schedule one on one meetings is especially important. With c-suite execs having events postponed and travel plans stopped, there's never been a better time to review your available security plans.

Our COO also did an interview discussing practical steps for COVID 19 and IT practices and the impact that it has had on the IT environmnet. I would be interested in your feedback and perspective.


Niriti
100%
0%
Niriti,
User Rank: Apprentice
6/22/2020 | 12:54:07 PM
Evident change in organizational culture
As the dust of the first COVID wave has settled  and countries are opening up and trying to get to a mode of "new normal  " we see  top managemnt driving  change to the organizatioanl culture .

Driving cultrual change  requires trainig - this includes with no doubt Cyber defense trainig to people and teams that ahd nothin to do with this is the past  

Operational aspects that were not heard of or pushed aside for years happened within days . Hopefully the same openess and flexibility mode happens with the right cyber defense plan . From  my  perosnal experice I see that some do and some dont. It will be intersting to see waht industires will catch up faster than others 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5421
PUBLISHED: 2020-09-19
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
CVE-2020-8225
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2020-8237
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
CVE-2020-8245
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
CVE-2020-8246
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...