CISOSHARE COVID-19 Cyber Security Progress Model
This forward-looking model is designed to support cyber security planning activities from the perspective of before, during and, after a pandemic event occurs. The goal of the model is to forecast the world and business landscapes in each phase to help organizations best consider and understand cyber security needs and activities in the coming landscape.
To accomplish this, we have created a 3-phase model that first aligns to the World Health Organization (WHO) pandemic scale, and then presents observations of how businesses respond to these environmental conditions at each phase to establish a world view. Then, the model identifies recommended cyber security guidance per phase, as well as a forecast of projected recommendations to prepare for future phases.
For example, in the Pandemic phase, organizations will see many layoffs, and as a result should focus on strong de-provisioning processes in this phase from a cyber security perspective. However, they should also begin professional development and hiring guidance to prepare for the return to hiring and projected demand for cyber security professionals after the pandemic ends.
By operating in this way, organizations will be better positioned to execute against the rapid and extreme changes that are projected along the lifecycle of this pandemic.
The model’s three phases in alignment with WHO’s phased model for pandemics is listed below:
Phase 1: Pre-Pandemic Cyber Progress
Phase 2: Pandemic Cyber Progress
Phase 3: Post-Pandemic Cyber Progress
Background — Why Focus on Cyber Security?
It’s clear that right now saving lives is the primary emphasis of our world during this pandemic, with a distant second being recovering our economies and rebuilding prosperity. Cyber security, while often misunderstood, plays a key role in both objectives.
From a healthcare perspective, ensuring effective cyber security during these times is critical to keeping life-saving systems at the hospitals running. We were already seeing attacks on healthcare related networks prior to COVID-19, and attacks are accelerating during this time of unrest.
Once we reach the rebuilding phases, cyber security will also be critical. The discipline already had a shortage of available cyber security talent before this pandemic occurred, which will be exacerbated as demand swells and even grows when organizations begin again to rebuild.
Phase 1: Pre-Pandemic Cyber Progress
Phases 0 - 4 WHO Pandemic Scale
This is the span of time before there was any spread of COVID-19, through the beginning of human infections, and lasting until sustained human to human transmission. This is the phase that exists right until the declaration of a pandemic.
During this period most organizations were only minimally impacted by COVID-19. However, from a cyber security perspective, most businesses were already experiencing a high level of attacks and had a shortage of available skilled cyber security professionals to assist them.
Towards the end of this period, as transmission rates began to increase, more employees were starting to work from home. This is important from a cyber security perspective, as working from home is often a significant vector for cyber security attacks at an organization. This phase ended on March 11, 2020 when the World Health Organization (WHO) declared the spread of COVID-19 as a Pandemic.
Common Phase 1 Cyber Activities
As a leading cyber security provider, CISOSHARE experienced a great deal of demand for security program and technical architecture assessments. Many inquiring organizations had low security program maturity and a lack of skilled resources.
Security Program Development — Prior to this pandemic, many organizations began undertaking security program development activities to measure their cyber security environments with best practice assessments and develop remediation roadmaps. Organizations often did this in response to low program maturity and insufficient resourcing prior to the additional stresses caused by the pandemic.
Security Architecture Development — Similar to program development, these efforts follow the same model of assessment then planning. Security architecture development instead focuses on the preventive and detective technical safeguards implemented within an environment. These efforts were often done in response to unrelenting cyber-attacks and breaches that plagued organizations.
Projected Phase 2 Preparation Activities
Retrofit Cyber Security Policies — Cyber security policies help define what people should do from a security perspective in the performance of their jobs. As people change the way they perform their jobs like working from home, having accurate and updated these documents help inform employees about the best cyber security decisions.
Correct Single Points of Failure in Staffing — With many organizations previously resource-constrained with their cyber security teams, this problem is only exacerbated as people become sick or otherwise unable to work. Identifying these single points of failure and documenting how jobs are performed to reduce the halt of your security processes is advised.
Document Existing Security Architecture — Start by documenting all the preventive and detective safeguards in your environment while ensuring there are no single points of failure in their management or operation. Once you understand what you have in your environment from a technological perspective, it will be easier to modify and adapt in future phases.
Phase 2: Pandemic Cyber Progress
Phases 5 - 6 WHO Pandemic Scale
This is the current phase with widespread human infection. Demand for business products and services either have rapidly surged in industries like healthcare, finance, and any industries that have an impact on the current situation; in other industries such as travel, hospitality, or retail, there is a drop in demand.
The government has directed many organizations to close due to health risks or to otherwise have organizations operate remotely. Large-scale layoffs have been implemented by these organizations to address the impacts to demand and revenue in highly impacted industries.
From a cyber security perspective, the increase in work from home has created a larger threat vector for attack. This compounds with the general unrest caused by the pandemic, which has also increased the attack landscape.
Further, as employees are laid off and organizations operate in distributed work models, the risk of internal threat rises as terminated employees may look to take intellectual property from the company. This risk likelihood also increases as many organizations have fewer preventive and detective monitoring safeguards to protect the business as employees work from home.
Suggested Phase 2 Cyber Activities
As cyber attackers look to take advantage of the unrest, organizations will want to harden their overall security architecture. Organizations will also want a tactical incident management program in place to respond quickly in the event of an attack.
Tactical Business Availability Planning — As demand surges or ebbs, plan for how to support organizational products or services during this time. Use a business continuity plan if one is available, or tactically plan on creating one.
Ensure the Availability of Your Cyber Team — As people become sick or are otherwise unavailable, use your planning from the previous phase, or begin it now if you have not, to ensure you have no single points of failure on your team.
Implement Work from Home Safeguards — Update your security policy regarding telecommuting so it appropriately informs employees of secure practices and organizational security expectations while working off-site. This should include what is acceptable and not acceptable behavior. Support this policy with effective and ongoing cyber security training and awareness campaigns.
Implement a strong communication system to create an effective channel for information to get into and out of your cyber security program.
Finally, make sure your security architecture can be changed to provide appropriate preventive and detective safeguards to protect the business and employees as much as possible during this time.
Design Safeguards Associated with Layoffs —As layoffs continue, update and ensure that your de-provisioning processes are adhere to for the secure departure of your employees.
Securely Shut Down Closed Services — As organizations go out of business, security programs will need to ensure these activities occur in a secure manner.
Projected Phase 3 Preparation Activities
Supply Chain Security — As organizations around the world experience rapid changes, prepare to start a measurement of your supply chain in the coming phases to assess their availability as well as the security of their operations.
Team Growth Planning — In order for organizations to rebuild in the next phase, you will need to begin to plan now for where to find cyber security professionals will come from as security teams grown again. Professional development programs such as CyberForward can prove valuable in this space.
Security Architecture Growth Planning — As organizations begin to rebuild in the next phases, there needs to be a shift in security architecture. These need to change from tactical configurations to those that are designed to support and secure your environment without slowing down growth.
Phase 3: Post-Pandemic Cyber Progress
Not tracked as a WHO Pandemic Phase
During this period, there is a possibility of recurrent infection, but the numbers of infection and spread will start to decrease from the peak. This will culminate in a movement to a post-pandemic environment and a normal world towards the end of this phase.
Organizations will begin to return to normal operations once the post-peak phase is attained, albeit with some additional health safeguards. You will also see the grassroots of organizations beginning to rebuild in this phase with an acceleration of business growth and rebuilding activities as we reach the post-pandemic WHO phase.
From a cyber security perspective, there will be continued attacks, as was the case before the pandemic occurred. You will also begin to see an increased demand for available cyber security talent as security programs must support existing cyber security activities, but these teams will also be required to secure organizational rebuilding. This need for talent will only accelerate as business growth returns and continues to accelerate during the rebuilding process.
Anticipated Cyber Considerations
Perform a Security Program Assessment — As organizations have rapidly changed from the effects of adapting to this pandemic, it's helpful to return to the beginning of the security program development process with an assessment of the current state of their security program. This step will serve as the first step in roadmap planning to support rebuilding and growth.
Hiring Processes — Secure provisioning processes should be developed to support the hiring of employees as the rebuild begins. If the organization participated in professional development programs such as CyberForward, this will also be the phase to convert resources into full-time employees.
Engagement of Managed Service Providers — Managed security providers will be critical to meeting the demand for cyber security resources to support existing security activities as well as additional growth.
Continued Supply Chain Security — Constant measurement of the supply chain will be required to ensure business partners and suppliers are focusing on security as they also rebuild.
Projected Ongoing Phase 3 Preparation Activities
Increase Program Maturity — As organizations return to normal high growth environments, the focus again will shift to improving overall security program maturity and having multi-year roadmaps to get there. This starts with a new security program assessment, if one doesn’t exist for the new environment.
Strategic Security Architecture — This will be a shift from the tactical architecture that has been in place to support the previous phases to support strategic planning and then development along with multi-year strategic objectives.
Increased Use of Automation — As with both the items above, automation will come in play to support the tremendous resource requirements that will be put on cyber security programs to support growth during this phase.