THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
With growing unrest in the US, there is growing concern that there will be unrest in the country following the Presidential election in November of 2020. While the country continues to deal with ongoing race riots and protests all over the country, it is important to remember that these may be localized to a particular city or even neighborhoods in which the protests are taking place. While it is important to listen to those that are protesting and what their concerns might be. It can’t be disputed that these actions continue to alienate a large part of the population. No matter where you are on the political spectrum, these civil disturbances can directly affect your business. This is not strictly effecting large or national businesses, as we have seen local independent companies effected just as much as the large chain stores. Protests vs. Large Scale Unrest When the terms protest and large scale unrest are used, they can be a little confusing. Protests may be short lived and for one political cause and may last a few hours to maybe even days. A large scales civil unrest is different in that it may encompass a large part of the country as a whole and large numbers of the population take to the streets to demand their demands to be heard. Additionally, large governmental infrastructure (power grid, Internet, supply lines, roadways) may also be impacted as protesters sabotage or disable them in order to make more of the population aware of what is going on. Also, killings of individuals may occur on a regular basis as the population on each side of the political divide fight for their cause. Business Continuity Planning As with any event that may have the possibility of impacting your business, it will be important to plan for the worst case scenario when it comes to a civil unrest situation. With a lot of things in 2020, the unexpected event is one thing you can expect this year. Within the IT Security community, we are treading on new ground as we have never been through a pandemic, and yet we find ourselves 7 months into one. We don’t know what to expect with a large scale civil unrest. Plan for Major Interruptions The one thing Business Continuity has shown us is that we can plan for those events that are most likely to happen instead of those events that may never happen. With civil unrest, the following should be the top of your list of impacting events to prepare for:
While there is not one area on the list that may directly impact your business, any combination of them surely will. Also, while other countries around the world have had to cope with similar issues or impacting events. It is important to realize that the US has not and that North America houses the largest majority of the global Internet infrastructure. So what happens on the continent could have global ramifications.
Pandemic with Civil Unrest The majority of businesses today are worried about just dealing with the global pandemic going on. But if the civil unrest were to materialize, then there will be a lot more to worry about. Just this one event could have the potential of derailing any sort of recovery effort that might be in the works at this time. Businesses should take the “lessons learned” from dealing with the pandemic and use them to potentially deal with a civil unrest scenario as most of the responses could be similar to those. Companies will find ways in which to deal with outages or interruptions, but when the violence comes to the individual neighborhoods or communities, then they may be effected in very different ways. Brining the Fight As with all disturbances, civil unrest can cause the business to be impacted in different ways compared to other potential scenarios. Choosing to fight against the opposing party may be part of that as personnel may be killed or injured. This can also cause issues if there are mass arrests that may happen as part of the rioting or protests that happen for longer than normal period of time. A company may also come under fire for supporting on faction over the other or may be forced to support one group over the other by mass crowds, or even in the media. (This is currently happening with groups like BLM, as they support Marxist and Communist ideologies, and the destruction of the nuclear family). Employees will be new the equation as most of the business continuity planning take only the company infrastructure or business operations into consideration in their recovery efforts. The loss of personnel will cause businesses to have to replace personnel or work differently than they did previously prior to the outbreak of the disturbances. Systems are easy to replace, personnel are not. Summary While this article may seem to be raising unreasonable concerns or un-needed worry. Just think a few months ago about the potential for a global pandemic, and yet here we are. Plan for the worst potential in hopes that they never materialize. I would not be doing my job if I would look the other way and not look at the potential that this time in our country could possibly impact the businesses we work for and with. Planning for a disaster is the same whether it is a man-made on or natural. It is still not too late to take action and address the various concerns that have been brought up here. Planning on how you would react if given a specific scenario helps to sharpen our skills in responding to disasters and also helps us be more confident in our recovery efforts if they may be needed. Disclaimer This article is meant to be a thought exercise on how businesses would recover in case of a large scale political unrest were to hit the US. This article in no way endorses or condones violence of any type (from any side). It is the hope of this author that all registered voters exercise their Constitutional right and vote in the upcoming election and that there may still be a middle ground in which both political sides can get together and discuss the issues affecting our country.
0 Comments
As I write this article today, I’m sitting in my home office coughing and having some difficulty breathing. Being right in the middle of a potential pandemic hot-zone of Washington State can help bring things into focus when it comes to planning for the worst-case scenario when it comes to planning for an incident to impact your business. Taking the right course of action in a timely manner can help to protect the business, but most importantly, the community at large as well. Epidemic Tracking Right now, we are concerned with the COVID-19 (Coronavirus) and the potential impact it may have on the population since it was an unknown virus to the human population just a few months ago. When the emergence of this virus started, I started to keep track of the numbers that we were seeing and how it was spreading. As part of my IT Security role, I have a responsibility for Business Continuity Management within the company. Therefore, I keep an eye out on these sorts of things, as they have a potential to turn quickly if we are not looking. I believe that this is what happened here, and I believe that China for the most part has not provided accurate information to the world at large. No matter what the epidemic is, planning to take action as a business or other organization should be the prudent move here. Planning for what the company may do if faced with a certain situation allows for calm and calculated planning to occur instead of being reactive to what is going on around them. Any decisions that the business makes will have an impact on the company, and ultimately the work force that you employ as well. Epidemic Impact No matter how you plan, the decisions you make or plan for will always change. Flexibility is the name of the game here. Have several different levels or ways to address an issue as it arises and plan on meeting those changes as they occur and not be reactive to them. Being cautious and taking, an aggressive approach at the onset may help prevent more of an outbreak than waiting on what the state, national, or global authorities may suggest. We are seeing this play out in Seattle and in King County, Washington, as the local authorities have suggested that employees work remotely if they can for a length of time in order to prevent a further spread of the virus. Businesses in the county will have to determine how they plans to address this issue. Will they take the steps that have been requested by the local government, or will they side on their own best interests in order to preserve their business? The impact of an epidemic is not just a personal one, but also a monetary one for the company that has to make those choices. This is one of the crucial aspects of the planning process that seems to be left out for most businesses, pandemic insurance or emergency funding in case it is needed. While organizations will focus on business operations for emergency funding, pandemic funding or planning for the potential impact of it should also be in consideration as well. "The suggestion is to have at least 3 months of operating capital on hand in case of a pandemic." - Erich Barlow Developing a Plan The first course of action should be to establish and develop a Pandemic Response Plan that will be implemented in case a pandemic or epidemic is declared. This plan should have the following areas:
Plan Testing One of the core issues that plans sometimes have is that they aren’t tested as often as they should be. This will lead to plans that are out dated or inaccurate and with personnel not knowing their particular role in the plan when it is activated. It is recommended that at least once a year a tabletop test be performed in order to validate the planning process. Testing your plan is one of the best ways of making sure that it will be there when it is needed in case a pandemic hits where you are located. Summary While there are a lot of different areas that need to be addressed when planning for a potential pandemic, the time that is taken in planning for it will pay off if it ever has to be implemented. This is what we are seeing play out right now with those organizations in Washington State that have not planned for such an event. While most businesses will have plans for fire, flood, or even an earthquake. Pandemic Response Planning is one of those areas that are not really planned for. Taking the proper steps in developing a robust response plan before you have to need it will go a long way in helping the company recover from a potential outbreak. Whether it is suggesting working remotely or limiting social interaction within large groups, it is important to address these issues ahead of time. Reader’s note: Due to the rapidly changing situation and the impact that the current epidemic is having on the community in which I live. I plan to update this article through the next few weeks as we deal with this outbreak and how we are going to react to it. Working from Home During the COVID-19 Pandemic – Blog Update May 23rd, 2020 After two months of working from home (and changing jobs in the process) it has been a huge change for me and those that I work with. While I saw most of my friends be laid-off or fired due to the impact of the virus, a large majority have been able to keep working. Essential Workers While a lot of jobs were declared “essential” and we saw that they were able to keep working (although with some modifications) and were still able to earn a paycheck. While the government was able to determine who was essential and who was not, this designation was not applied equally across the board and those folks that we all depend on everyday lost their jobs because the government decided that they posed a risk to our health. Pandemic Mental Health Like most of the people that I work with, I have been impacted on a personal level with the restrictions that have been imposed on me “for my health”, but it is my belief that our mental health has been impacted in ways that we don’t fully understand. Whether it is our kids that we are now all homeschooling or those of us who are social beings, we have had to change the way that we function in the world around us. Being able to go to the gym for a good workout and helping to relieve stress has been off the table of things I have been able to do (which I have seen some weight come back) for the last two months now. Additionally, being able to practice my faith have been prevented as well, which like a lot of people, has been a great source of comfort before the outbreak, and it still is, but the practice of it has had to change. Technology Work Changed Forever
While there are a lot of issues that we all have had to endure over the last couple of months, there are some bright spots. One of them is that working from home, or at least the ability to do so has become the norm and not the rarity that it once was. While there have been some difficulties in the adjustment to it, I think that it will become the way business is done in the future, even after being able to return to the office. More and more people are seeing the benefit of working remotely (not to mention the savings we get from not being in rush hour traffic). While a lot of companies were not sure about how they could make working remotely work, they were able to figure it out. Now with that infrastructure in place and working efficiently, why dismantle it when the pandemic is declared over? I think that we are going to see more businesses adopt the model and keep on working this way, or at least have it as a full option for workers if they choose to do so. Security at Home One of the biggest issues that companies have had with going to the work from home model of business, is how do you enforce security on personnel when they are not in an office? Businesses have quickly learned that the use of encryption for communications and network connections are an important aspect of those security measures. Additionally, making sure that employees are adhering to IT Security best practices has also been an important issue that has been addressed. Providing IT Security information to the end user has been a focus of the IT Security teams around the globe that are supporting the work from home business model. Additional Updates While I live in the Pacific Northwest, the Governors here are continuing to restrict business operations and the abilities of the people to go about their normal lives. The area that I live will be under these restrictions until at least the end of summer, if not later. So, I will be posting updates as we continue to deal with the pandemic in hopes of preventing its spread. Also, updates on what are considered best practices during this unprecedented outbreak will also be posted to this blog. How will you respond? When it comes to IT Security, there is nothing that strikes fear into the hearts and minds of young analysts like having to respond to a possible security breach. What do you do? Who needs to know about this? How is this going to affect our company? These are just some of the things that go through your mind when you get that call at 3:33 am. How are you going to handle this? Planning This is one of the most stressful issues to address as an organization, and it should be thought out thoroughly. This is when experience and knowledge come in handy. Knowing what to expect and having an idea about how to handle things ahead of time will go a long way in how you will address an incident. Planning the response to an incident should be done when the management team is not under stress, and clear and concise decisions need to be made. The planning process should address the most realistic types of events or ones that the company believes that will pose the largest risk to the business. We can all think of the worst-case scenarios and the once in a lifetime types of events, but realistically those events will be less likely to happen. Planning for exfiltration of data by an employee sending files attached to their personal private email account may be more realistic. Notification Being notified is the first step in the planning process, and should be the focus of your planning procedures. While notifications take many forms, how you get the information, and when, can be crucial to your response plan. Here are some ways to be notified:
Communication of Breach
How you communicate, the breach is almost as important as being able to detect it in the first place. This is a touchy subject for many organizations, since they may not know how much to communicate and what information is important to do so. While companies and organizations will want to keep things quiet, the key here is to reassure the public and your customers that you are doing all you can in order to correct whatever vulnerability was compromised or some other action that will get your organization back up and running. People want to trust that you are doing the right thing. Trying to avoid notifying the public, or being evasive, will only harm your business reputation. Which is not what you need right now. Need to Know Who in your organization or customers/stakeholders will need to know that you have had a security incident? This critical step and should be clearly defined in your Incident Management Plan or response. Employees should hear about a security incident from there company leadership, not the local news channel. When employees or customers know that management is handling a situation, it instills a sense of confidence about the recovery efforts. Documentation Documenting a breach is an area that can be overlooked and is a subject that many IT Security Professionals have difficulty with. (This is because if you don’t go through a breach of some sort, how do you know what you will need to have documented?) This is where consulting an expert in the field or an organization that specializes in the recovery of a business after a security breach will be beneficial. If the breach was criminal in nature, you will have to provide evidence that can be used in a court of law. This will require very specific handling of the information or assets (chain of custody), and may complicate the overall recovery efforts. Understanding how to navigate this critical area will go a long way in helping to prepare a case against the attackers. Some of the documentation or resources that you might need to provide are:
At this point in the process, you should be well underway in the recovery efforts for your organization. The recovery efforts should address all of the areas that were identified in the documentation process. In addition, the management team should have all of the information they will need to make the decisions for the business. Recovery efforts may take many forms depending on the type of impact the incident may have. This may include:
Testing Incident Response One of the most important areas of incident response is making sure that your plan will even work. The Incident Response Plan should be tested on a regular basis as part of your overall yearly operational readiness. You are only as effective as your last test. When you test your plan, you will find areas that may need more focus than what you thought of initially. You will find that changes may need to be made to address potential threat area or reduce risks to your business. Taking action on these areas after a test may help reduce the potential costs due to a breach; you may have to pay in the future. Summary When it comes to security incidents and the management of them, it comes down to developing a plan, testing it regularly, and reducing potential threats. It is important to understand what you need to protect and what steps you can take to reduce your risks. The key here is to make your organization less of a potential target. If someone wants into your network and access to your information, they will find a way to get in. It may be a matter of time before they do, but a determined attacker will find your weaknesses. The question you have to ask, is have I done everything to reduce that potential threat? IT Security is as much about the technology as it is about communication of risks to those in management and helping them to make the right decisions. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|