The Coronavirus (COVID-19) pandemic has brought the entire world to a standstill. The impact is particularly significant on cyber security as businesses are forced to implement business continuity plans at a short notice. This is a challenge for organizations as cyber threats have increased manifold and security and compliance are mandatory. They will have to balance the needs of business continuity with cyber security and will have to device strategies, such as maintaining good cyber hygiene, verifying sources and staying up-to-date on official updates.
I, on behalf of dynamicCISO, interacted with Rohit Kachroo, CISO, Indiabulls Group, on this issue. Speaking about the current situation, Kachroo says that CISOs should be cautious while adopting any new tool or technology as they need to look at long term benefit for the organization and not only short term. However, there will be immense pressure from the business. He adds that organizations which have earlier invested in the right IT infrastructure, cyber security measures and a robust compliance posture have been able to comfortably transition to the current environment and have seamlessly adopted the “Work from Home” framework.
“There is a problem for organizations who have not paid adequate attention earlier towards cyber security and have now adopted the Work from Home model. They will face a tough situation when things get back to normal. Applications will need to be properly evaluated by security experts before any adoption,” he says.
Talking about the present situation, Kachroo also points out that this is the real test of business continuity, its readiness, business alignment and preparation.
Elaborating on the steps his organization took on the current crisis, he says that there was adoption of seamless zero-trust network, virtual desktop infrastructure, thin clients, remote desktop gateway services, virtual private networks, etc. The scale up was fast and there was a robust security infrastructure for critical applications accessed from an external network. Security monitoring had to be increased multi-fold in order to ensure the timely detection of security incidents.
“Invoking the BCP, running the call tree, fine-tuning the associated criticality matrix and most importantly, the crisis communication, became critical for us. For ensuring business resilience from a technology point of view, the Business Impact Analysis (BIA) came in handy for prioritization of key critical processes, people and applications and allowed a structured transition to the BCP in the shortest possible time,” says Kachroo.
The CISO adds that Cyber Security Risks, such as the inherent user-induced risks are more important and critical now. To curb them effectively, various security control measures have to be implemented and that there has to an agile approach towards development and security for ensuring business resiliency.