IT Risk and Resilience—Cybersecurity Response to COVID-19

IT Risk and Resilience—Cybersecurity Response to COVID-19

Table of Contents




Abstract

The rapid and worldwide spread of the coronavirus and its illness is known as COVID-19 has made a huge impact on almost everything that has taken us all by surprise. We all are now experiencing a major unprecedented and unexpected global public health crisis. This pandemic has also triggered huge social upheavals, disrupted almost every industry, and impacted the life and work of everyone in almost every country. Businesses and educational institutions are closed, many employees are forced to work from their homes, supply chains have been disturbed, people are being required to self-isolate, and most travel, in-person meetings, and conventions have been banned. These disruptions could continue for months, and the resulting economic, business and social impact will last for years.

Introduction

The rapid and worldwide spread of the coronavirus and its illness is known as COVID-19 has made a huge impact on almost everything has taken us all by surprise. We all are now experiencing a major unprecedented and unexpected global public health crisis. This pandemic has also triggered huge social upheavals, disrupted almost every industry, and impacted the life and work of everyone in almost every country. Businesses and educational institutions are closed, many employees are forced to work from their homes, supply chains have been disturbed, people are being required to self-isolate, and most travel, in-person meetings, and conventions have been banned. These disruptions could continue for months, and the resulting economic, business and social impact will last for years.

Nevertheless, business operations and services must continue on, effectively, and uninterrupted. IT has been employed in the novel and traditional ways to meet these challenges. The migration of many operations and services online for remote work has become inevitable, and technologies, such as cloud computing, robots, drones, AI, chatbots, VPN, virtual dashboards, autonomous systems, and the Internet facilitate this digital transformation. IT has now taken a central role in every activity and has become an epicenter of operations in healthcare, business, education, governance, judiciary, community service, and more. What and how we do our daily personal and business activities are significantly transformed with the aid of recent developments in IT, as outlined in Table 1. It is very likely that even after we successfully emerge from the crisis, the business will not be “as usual” and we may continue new ways of working and offering various services.

The COVID-19 epidemic impacted IT too, primarily positively, benefiting IT industry and IT professionals and serving public goods. However, there are a few negative impacts as well, such as increased and novel cybersecurity threats and risks, performance issues due to significantly increased workload, and business continuity (BC), which the IT industry has tackled satisfactorily.

In this context, we, IT professionals and business executives, have to critically examine the following key questions:

  • Are the IT industry and other enterprises prepared for this makeover or change, and how well?
  • How has the IT industry responded to an explosion in demand for traditional and newer services? What innovations has this epidemic brought about? What else can we do?
  • Did this crisis expose cracks in our current IT planning and offerings, and business/IT risk management? What are they?
  • What has been the impact on its performance of a significant increase in the widespread use of IT?
  • What are the security and other risks the new operational environment poses and how can we assess and address them?
  • What lessons can we learn from responding to this crisis?
  • How will COVID-19 reshape IT, IT security, and risk assessment and management?
  • How can we proactively plan to successfully handle crises that we might face in the future?

By addressing this critical questions-not only during the COVID-19 crisis, but also regularly-as a standard practice, we will be better prepared for whatever comes. In this article, we examine some of these questions. We also invite you to share your thoughts and ideas.

It Security During the Pandemic Crisis

Pandemic events stress test IT systems, tactical security measures, and IT governance models causing strategic (long-term) disruption in the global digital fabric. The cybersecurity impact of the COVID-19 pandemic has spread to all sectors of international commerce including citizens, industry, government, and academic sectors. Cybersecurity professionals are urgently responding to increased cyber threats and their responses span the spectrum of information security and privacy management capabilities.

The NIST cybersecurity framework (CSF) which consists of Identify, Protect, Detect, Respond, and Recover functions (see Figure 1) offers a lightweight model for companies to address the new threats and attack surface presented by COVID-19 cybersecurity earthquake.1 Details of the framework and how diverse organizations used the methodology to improve their cybersecurity risk management are provided on the NIST CSF portal.2 We use the CSF model to frame our discussion of global cybersecurity response. Our story highlights a set of tables showing the CSF method and industry response examples to illustrate that “there is a method to the madness” of our cybersecurity response to COVID-19.

Planning for the Future

Infectious disease outbreaks and other forms of crisis-anticipated and unanticipated-are inevitable. However, their impact can be mitigated through better preparedness and more effective responses. History shows that changes that we adopted in a crisis are not always temporary-crises can fundamentally reshape not only our beliefs and behaviors,4 but also business and industry in many ways. And, IT will play an even more crucial role in the post-COVID era.

IT and other industries must continue to proactively plan, focus on research and development on key areas of practical relevance, and revisit and tailor their policies. They also need to revisit and amend necessary crisis management policies and IT and business risk management policies, strategies, and practices taking lessons from the current crisis.

An organization’s ability to effectively respond to disruption not only depends on how effective it was in the planning process, but also how effective it was with its preparation, trials, and the training of their staff, which is often neglected.

Conclusion

The COVID-19 pandemic is a wakeup call to all of us. The world, IT, and our life and work post-Corona, will not be the same. In the context of IT, the pandemic has offered opportunities; exposed weaknesses and vulnerabilities of our IT systems and IT planning and implementation; and presented us—the IT industry, professionals, and governments—a few challenges.

In this short article, we examined a few aspects of IT risks and resilience (see also the sidebar, “Further Reading”). There is a lot to think about, explore, plan, strategize, and act. Share your thoughts and ideas (by sending an e-mail to the authors) and join the new IEEE Computer Society’s Special Technical Community, IT in Practice, an online platform for sharing technical knowledge and professional experiences.

About KSRA

The Kavian Scientific Research Association (KSRA) is a non-profit research organization to provide research / educational services in December 2013. The members of the community had formed a virtual group on the Viber social network. The core of the Kavian Scientific Association was formed with these members as founders. These individuals, led by Professor Siavosh Kaviani, decided to launch a scientific / research association with an emphasis on education.

KSRA research association, as a non-profit research firm, is committed to providing research services in the field of knowledge. The main beneficiaries of this association are public or private knowledge-based companies, students, researchers, researchers, professors, universities, and industrial and semi-industrial centers around the world.

Our main services Based on Education for all Spectrum people in the world. We want to make an integration between researches and educations. We believe education is the main right of Human beings. So our services should be concentrated on inclusive education.

The KSRA team partners with local under-served communities around the world to improve the access to and quality of knowledge based on education, amplify and augment learning programs where they exist, and create new opportunities for e-learning where traditional education systems are lacking or non-existent.

FULL Paper PDF file:

IT Risk and Resilience—Cybersecurity Responseto COVID-19

Bibliography

author

T. Weil and S. Murugesan,

Year

2020

Title

IT Risk and Resilience—Cybersecurity Response to COVID-19

Publish in

in IT Professional, vol. 22, no. 3, pp. 4-10, 1 May-June 2020, 

Doi

IT Risk and Resilience—Cybersecurity Response to COVID-19

PDF reference and original file: Click here

+ posts

Somayeh Nosrati was born in 1982 in Tehran. She holds a Master's degree in artificial intelligence from Khatam University of Tehran.

Website | + posts

Professor Siavosh Kaviani was born in 1961 in Tehran. He had a professorship. He holds a Ph.D. in Software Engineering from the QL University of Software Development Methodology and an honorary Ph.D. from the University of Chelsea.

Website | + posts

Nasim Gazerani was born in 1983 in Arak. She holds a Master's degree in Software Engineering from UM University of Malaysia.

%d bloggers like this: