Security operations professionals are used to staying on top of the latest computer viruses and other malware targeting the organization’s IT infrastructure, but now a new contagion which spreads not via email or web, but person to person, has become headline news for even those who spend their days protecting the digital realm.
Indeed, Coronavirus (COVID-19) has become a universal havoc wreaker and a threat all humans need to be mindful of, including SOC practitioners (although there is no reason to panic!) In fact, you may have experienced your first official disruption related to the virus if you traveled to last week’s RSA Conference, where attendance was off by an estimated 10 to 15 percent due to late cancellations, according to reports.
Physical gatherings aside, why should a virus that transmits via respiratory droplets be something security analysts, engineers and managers are concerned about?
Here are four ways the outbreak is connected to SecOps:
1) The Close Quarters of a SOC
Security operations, whether within an enterprise or at an outsourced service provider, are traditionally performed in mission-control type settings, with women and men sitting and conversing in close range of one another, each with ample contact with computer devices such as keyboards and mice.
Because Coronavirus is not known for spreading via airborne transmission, unlike, for example, the chickenpox, you should not worry about potentially picking up the illness just by sharing the same air as an infected individual. That means the only means of transmission is if someone transmits the pathogen via human secretions, like a cough or sneeze.
Experts say the following best practices are far and away the best precautions you can take to minimize spread of the virus and diminish the risk of getting sick yourself.
- Disinfect frequently touched surfaces like chairs, desks and consoles, where the virus can stay alive for several days.
- Wash your hands for at least 20 seconds and use sanitizer when soap is unavailable.
- Avoid touching your eyes, nose, mouth and ears. (Yes, this is not easy.)
- Sneeze or cough into a tissue. If none is available, use the bend of your elbow.
- Stay home if you are sick.
- Limit closeness of contact. It may be awkward at first, but backing up a few paces during face-to-face interactions will limit the ability for germs to be emitted.
As for face masks, the U.S. Centers for Disease Control (CDC) and Prevention does not recommend for people in good health to wear them; they are more suggested for health care workers and ill patients who may transmit the virus to a healthy individual.
What else? TechCrunch takes a more cerebral look at the ramifications of a pandemic and how businesses should cope and respond.
2) A SOC Workbench That Lends Itself to Remote Work
The Coronavirus outbreak is prompting a surge in investment for collaboration tools like Slack and Zoom, as companies revisit work-from-home policies and encourage more employees to stay put (Twitter is a high-profile example). As mentioned earlier, the CDC recommends that anyone who is sick remain home, but the order to quarantine could theoretically expand if a widespread outbreak occurs or if a business decides to temporarily shutter its doors. Infosec operations professionals will be best served relying on a security orchestration, automation and response (SOAR) platform that acts as the central hub for day-to-day SOC activities and team collaboration.
3) Phishing Emails Related to Virus
Speaking of threats you will need to address, phishing and malicious spam are two of the most common use cases a SOC faces each day. Many email-based threats rely on authenticity to be successful, and this often involves latching onto a popular news story. Coronavirus is no different. Attackers have been well ahead of the news cycle, in fact, as they have been slinging messages purporting to be from the World Health Organization for several weeks. Cyber miscreants know that instilling a sense of panic in their messages increases open and click rates. To prepare for the continued onslaught, ensure you have implemented SOC phishing fundamentals and have your playbooks ready to go for responding to Coronavirus-specific threats.
4) A Partner for Crisis Management
If a massive outbreak does unfold, organizations will treat the event the same they would any emergency. Stakeholders may look to the SOC for business continuity and disaster recovery assistance and as a centralized unit from which critical information can be disseminated. This, of course, would extend the SOC’s role beyond traditional alert detection, response and containment and case handing – and more as a facilitator of crisis management. The SOC will, at the very least, help to ensure newly remote employees can work securely.
A Final Note
Remember, you should stay calm yet concerned. In fact, some epidemiologists are less distressed about the virus (even with its estimated 2 percent fatality rate) and more about people’s reactions to it, which may overwhelm public health systems.
Dan Kaplan is director of content at Siemplify.