Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/22/2020
10:00 AM
Ran Shahor
Ran Shahor
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Long-Term Effects of COVID-19 on the Cybersecurity Industry

The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility.

Experts have written much in the last couple of months about COVID-19 and its impact on cybersecurity. From ensuring colleagues can work from home securely to defending geopolitically fueled cyber exchanges, dealing with COVID-19 has dominated the consciousness of the cybersecurity industry. 

All of this is important to deal with but is largely reactionary — that is, the issue is in front of us today. But what about the long-term view? Is it time to think about what COVID-19 means for cyber in the years to come?

I believe the answer is "yes" — but not in the way you might expect. In my mind, the long-term view of cybersecurity can be boiled down into a single word:  flexibility.

The Big Picture: Cyber Defense Is One Piece of the Puzzle
Let's take a step back from cyber and look at the world around us. COVID-19 is changing the way in which we do business and the way in which we live our lives. It is affecting the way we interact with the environment and with each other. For example, in our day-to-day lives, we have seen cash transactions disappear while online deliveries are booming. Even when shops open, they are set to be little more than window dressing, while restaurants have become well-appointed delivery kitchens. Transportation may never be the same again. Entertainment and sports are now consumed digitally almost exclusively.

From a business perspective, this means some industries are struggling and may even disappear, while entire new sectors are being created from scratch. Offices are closing, in some cases permanently, while IT departments scramble to transition their centralized key assets to a more accessible cloud delivery model. Communication and teamwork now require a completely new set of skills and technologies. In terms of the workforce, record levels of government intervention and furlough schemes have shifted the fabric of society beneath our feet.

A Unique Opportunity
For those of us in cybersecurity, this maelstrom of change presents a unique opportunity to tear up the "security-as-a-blocker" stigma, and instead become enablers. The world has been hit with an evolutionary event — and if we think about businesses it is no longer survival of the fittest, but survival of those who can adapt the fastest — and also the most securely.

When a company is facing existential decisions over its business model to adapt to a post-COVID world, cybersecurity should not — indeed cannot —afford to get in the way. Instead, we need to ensure we can operate in an agile way, and adapt to whatever the world and its new ways of life entail. In practical terms this may mean several changes — for example, forging stronger relationships across the organization. This will help us to better understand what may be a rapidly changing business as a result of COVID-19, and to make sense of the critical assets and risks that underpin it. On the technical front, as another example, adopting a DevSecOps approach can introduce security at an earlier stage of the application development life cycle. Again, this serves to bring security closer to the business objectives. 

Cybersecurity as a Business Enabler
But this isn't just about taking the opportunity to reposition cyber away from being a "blocker." There is also an important message here to deliver to our organizations about cybersecurity as an active enabler. Yes, it's true — those businesses that adapt to a post-COVID world may thrive… for a short time. However, those that can adapt securely will be well positioned for sustainable competitive advantage, leading to long-term success.

To achieve this, there are practical steps that cyber teams can take now. COVID-19 represents an opportunity to reach out across the organization, such as setting one-on-one time with stakeholders in different business functions, outside the usual risk reporting lines. Ask about their world and how it is changing, and what they expect the major trends and business moves to look like post-COVID. While building relationships is always beneficial, this should also be an opportunity to ensure that cybersecurity can contribute from the outset.

Next, security teams should be ready to add flexibility into their assessments. The rapid pace of change brought about by COVID-19 will introduce vulnerabilities into the business logic, the technology, and the people that work within the organization. We can't stop the business while we fix everything — so we must be ready to adapt.

In summary, while the long-term COVID-19 outlook and what it means for the world is unpredictable, this, in fact, leads to clear security advice that we can all start with today: Be more flexible.

Related Content:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 

Ran Shahor is the CEO and co-founder of HolistiCyber. He is a Brigadier General (Ret.) who founded the leading-edge cybersecurity program of the Israeli Defense Forces Intelligence branch. After 27 years of service, Ran had multiple leadership roles in the private sector. ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AmosSh
100%
0%
AmosSh,
User Rank: Apprentice
6/24/2020 | 6:49:42 PM
A great read
I'm used to everybody being so concentrated at barely keeping the head above the water and living the here and now without thinking about the future.
It's great seeing someone putting the effort to think about the longer-term issues.
It's always valuable, and especially so in such trying times.
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
6/24/2020 | 12:06:32 PM
Re: Insightful Covid 19 Cyber security post
Quite smart of your COO. I think in times like this what is most appropriately needed is direction from the top. Many private organizations as well as sections of government have failed in this regard. To define a path forward. Otherwise the masses are just marching in the dark.
cooperradecki
50%
50%
cooperradecki,
User Rank: Apprentice
6/24/2020 | 4:47:57 AM
Re: Pending Review
I hope so
RanShahor
100%
0%
RanShahor,
User Rank: Author
6/23/2020 | 4:48:41 PM
Re: Insightful Covid 19 Cyber security post
Thanks for your comment.

I would be glad to have this dialogue .

I could be reached at: [email protected]

Best Regards
jfranklincobaltiron
100%
0%
jfranklincobaltiron,
User Rank: Apprentice
6/22/2020 | 2:53:41 PM
Insightful Covid 19 Cyber security post
Great post with a lot of good insight for practical Covid 19 steps. I think using this time to schedule one on one meetings is especially important. With c-suite execs having events postponed and travel plans stopped, there's never been a better time to review your available security plans.

Our COO also did an interview discussing practical steps for COVID 19 and IT practices and the impact that it has had on the IT environmnet. I would be interested in your feedback and perspective.


Niriti
100%
0%
Niriti,
User Rank: Apprentice
6/22/2020 | 12:54:07 PM
Evident change in organizational culture
As the dust of the first COVID wave has settled  and countries are opening up and trying to get to a mode of "new normal  " we see  top managemnt driving  change to the organizatioanl culture .

Driving cultrual change  requires trainig - this includes with no doubt Cyber defense trainig to people and teams that ahd nothin to do with this is the past  

Operational aspects that were not heard of or pushed aside for years happened within days . Hopefully the same openess and flexibility mode happens with the right cyber defense plan . From  my  perosnal experice I see that some do and some dont. It will be intersting to see waht industires will catch up faster than others 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-6287
PUBLISHED: 2020-07-14
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create a...
CVE-2020-6289
PUBLISHED: 2020-07-14
SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site.
CVE-2020-6290
PUBLISHED: 2020-07-14
SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID.
CVE-2020-6291
PUBLISHED: 2020-07-14
SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration
CVE-2020-6292
PUBLISHED: 2020-07-14
Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.