Cybersecurity continuity risks: Lessons learned from the COVID-19 pandemic
Start Date
30-10-2021 10:00 AM
End Date
30-10-2021 10:30 AM
Location
Online Zoom Session
Abstract
The value of a strong business continuity plan has become obvious with the changes and disruptions brought about by the COVID-19 pandemic. Further, the increase in remote working arrangements brought about by COVID-19 has highlighted the importance of cybersecurity and continuity planning. Thus, the two concepts, Business Continuity Planning (BCP) and cybersecurity, are linked as they both deal with managing risk. This article used a study conducted at the height of the COVID-19 pandemic to identify business continuity and cybersecurity blind spots that arose during the crisis. This study was conducted in the state of Florida using the data from a community resource development center. The primary cybersecurity related impacts of COVID-19 were the following: off-site working options, enhancing second mode of business operations, changing the business model, changing the business hours, and business closure.
The primary finding of this article is that pre-COVID cybersecurity and continuity planning focused on the potential for single axis attacks/incidents related to one business aspect and attacks such as phishing, ransomware, and crypto-jacking. It is argued that going forward, businesses should focus on how to mitigate the risks of multi-pronged attacks that disrupt not only business operations but how and where the work is performed and by whom. As multi-pronged attacks exposed vulnerabilities that many thought were unlikely pre-COVID, we make recommendations that incorporate both common cybersecurity and business continuity planning concepts to mitigate such broad impacts going forward. These include practices such as daily system backups, avoiding public networks, conducting vulnerability testing, multifactor authentication, employee response training, cyber insurance, fostering a culture of cybersecurity, use of secure VPNs, multiple revenue sources, multimodality workforce planning, cross training employees, and multi-incident continuity planning.
Template formatting revisions
Cybersecurity continuity risks: Lessons learned from the COVID-19 pandemic
Online Zoom Session
The value of a strong business continuity plan has become obvious with the changes and disruptions brought about by the COVID-19 pandemic. Further, the increase in remote working arrangements brought about by COVID-19 has highlighted the importance of cybersecurity and continuity planning. Thus, the two concepts, Business Continuity Planning (BCP) and cybersecurity, are linked as they both deal with managing risk. This article used a study conducted at the height of the COVID-19 pandemic to identify business continuity and cybersecurity blind spots that arose during the crisis. This study was conducted in the state of Florida using the data from a community resource development center. The primary cybersecurity related impacts of COVID-19 were the following: off-site working options, enhancing second mode of business operations, changing the business model, changing the business hours, and business closure.
The primary finding of this article is that pre-COVID cybersecurity and continuity planning focused on the potential for single axis attacks/incidents related to one business aspect and attacks such as phishing, ransomware, and crypto-jacking. It is argued that going forward, businesses should focus on how to mitigate the risks of multi-pronged attacks that disrupt not only business operations but how and where the work is performed and by whom. As multi-pronged attacks exposed vulnerabilities that many thought were unlikely pre-COVID, we make recommendations that incorporate both common cybersecurity and business continuity planning concepts to mitigate such broad impacts going forward. These include practices such as daily system backups, avoiding public networks, conducting vulnerability testing, multifactor authentication, employee response training, cyber insurance, fostering a culture of cybersecurity, use of secure VPNs, multiple revenue sources, multimodality workforce planning, cross training employees, and multi-incident continuity planning.