How Can The Coronavirus (COVID-19) Disrupt Cybersecurity Operations?

As the global outbreak of the coronavirus deepens, with the novel virus now having been detected in more than 127 countries.

Having originated in Wuhan, in the Hubei province in China, the coronavirus (also abbreviated as the COVID-19) has become somewhat of a global havoc wreaker, and has now evolved into a full-fledged threat that all humans need to be mindful of.

Having said that, however, as the number of affected individuals rapidly increases, it is highly imperative that we keep calm, and educate ourselves on the outbreak as much as possible.

Instead of letting the coronavirus fuel panic and chaos even further, individuals need to adopt a more practical way of thinking, and think in real-time about the influence that the virus has, along with the cautionary measures that can be implemented.

Although the only virus that security and IT professionals are accustomed to are computer viruses, along with the other threats and vulnerabilities occupying the modern-day threat landscape- it is high time that they realize the significance of the corona contagion and the
impact that the outbreak could have on security operations (SecOps).

For individuals in the cybersecurity industry, the first “real” disruption caused by the coronavirus, was seen in the attendance at the RSA conference, which was off, at least by 10-15 percent of what was expected.

Most sponsors, guests and exhibitors that canceled late, including the likes of Verizon, AT&T and IBM, cited fears over the coronavirus as the reason behind their canceling.

Taking into consideration the low attendance at the esteemed RSA conference, it becomes quite evident that the effects of the coronavirus on an organization and it’s security operations are far-reaching.

With that being said, the extent to which the virus can cause disruption hugely depends on the nature of the organization’s core business.

Typically, since the responsibility of remedying a crisis falls on the shoulders of the security team, it is quite fair to assume that the organization’s security will be held accountable to manage the demand for intelligence by the multiple stakeholders within the organization.

In an attempt to aid security teams in the fulfillment of the aforementioned goal, we’ve compiled in articles that highlights the significance of the connection between the outbreak of the coronavirus and SecOps, which are as follows:

#1- The Closeness Within the Quarters of a SOC:

Whether security operations are taking place within an enterprise, or at an outsourced security service provider, far away from your actual organization- the traditional setup of a security operations center (usually abbreviated as SOC), dictates that the security teams work in a mission-control type of setting.

As is the case with most mission-control type settings, a SOC usually contains men and women working and conversing in close proximity with each other, along with having plenty of contact with computer devices such as mice, and keyboards.

Contrary to the popularly-held belief that the coronavirus spreads through airborne transmission, the COVID-19 can only be spread if an infected individual sneezes or coughs on another human. While working in a SOC, employees need not worry about contracting the virus,
simply by breathing the same air as an infected individual.

#2- The Outbreaks Opens Opportunities For Employees to Grow Accustomed to Remote Work:

As an increasing number of companies switch to a more relaxed stance on their work-from-home policies, along with a huge number of companies encouraging their employees to stay at home (tech giant Twitter being an high profile example)- the number of opportunities for employees to acquaint themselves with remote work also increase.

Moreover, the rampancy with which the coronavirus is propagating throughout the globe is also contributing to increased investments in the collaboration tools, which include the likes of Slack and Zoom.

As per the recommendations of the U.S Centers for Disease Control (CDC), as employees work-from-home, it would be best for SecOps teams to rely on the process of security orchestration, and amalgamate as many orchestration and collaborative tools into their security infrastructure as possible.

Additionally, companies may also utilize a SOAR (automation and response) platform as the backbone for day-to-day SOC related activities and team collaboration.

#3- A Rampant Increase in Phishing Emails Related to Coronavirus:

As dire as the whole corona outbreak is, there are still cybercriminals out there that are utilizing the situation for their own gains. Along with the rapid propagation of the coronavirus across the globe, there is also a whole lot of misinformation and propaganda that is being circulated with the same rampancy.

Although phishing and spam emails are routine threats that an organization’s SOC team is well acquainted with, these email-based threats still have a lot of potential to add to the “rumour train” that’s been wreaking havoc since November.

Since most phishers and scammers rely on a popular news story to lure their victims into clicking on a malicious link, and right now, nothing gets innocent (and scared) people as riled up as the coronavirus.

The cyber-perpetrators are well aware of the fact that panic increases the chances of their email being opened, which is further demonstrated by the fact that the phishers were posing as the WHO.

#4- SOC Plays a Critical Role in Crisis Management:

Although panic rarely ever leads to organizations creating a worthwhile security strategy, it is absolutely critical that security teams employ the stance of being concerned, and prepared for the worst.

In the instance that a massive corona outbreak does unfold, organizations will treat the event the same way that would any other security emergency, which is where the significance of the SecOps center becomes critical.

As we’ve already mentioned above, with various stakeholders demanding intelligence, the role of the SOC extends itself beyond its traditional limitations, which includes tasks such as alert detection, response and containment, along with case handling.

Moreover, as the corona outbreak disrupts an increasing number of an organization’s functions, it is upto the SOC to ensure that employee morale is lifted, by providing remote employees a means to work securely.

What Measures Can Be Employed to Minimize the Transmission of the Coronavirus?

Now that we’ve provided our readers with some highly real examples through which the coronavirus disrupts security operations, we’d also like to provide some of the best practices through which the propagation of the virus can be minimized, which consist of the following:

Disinfect frequently touched surfaces such as furniture, keyboards, etc, since the virus can stay alive on them for several days.
Frequently use sanitizer, and wash your hands for at least 20 seconds, or long enough to sing the happy birthday song twice.
Avoid sneezing or coughing into the open air, or on someone, and always use a tissue, or the bend of your elbow if no tissue is available.
Avoid your workplace, and other public gatherings if you display flu-like symptoms or feel sick.
Avoid close contact with anyone, and maintain some distance in face-to-face conversations.
According to the U.S CDC, it is inadvisable for healthy individuals to wear masks since there is a high chance they may actually cause other diseases.

Conclusion

At the end of the article, we’d like to advise our readers to stay calm in the face of adversity and educate as many people as they can, instead of promoting fake news regarding the COVID-19. Moreover, we can not stress enough on security teams to realize the significance of the virus, and prioritizing it on a similar level to any other digital threat.

Credits: Rebecca James, Enthusiastic Cybersecurity Journalist, A creative team leader, editor of privacycrypts.com.

This post How Can The Coronavirus (COVID-19) Disrupt Cybersecurity Operations? originally appeared on GB Hackers.