As society has dealt with the effects of Covid-19, the Corvus Smart Breach Response team has been tracking how the shifts in business, government, legal & social spheres have impacted breach response efforts.
What’s in Store for an Organization Affected by an Incident in the Near Future?
First, it should be said that the platform for cyber risk is simply higher during this time, creating an environment with the possibility of more breaches. We discussed elevated cyber risk in a previous post. But specific to breach response, many of the same problems that increase risk also complicate the response.
For organizations, simply getting in touch during an urgent situation can be difficult. With unusual work schedules, parents juggling full-time work and child care, and other factors, it may be harder to get everyone who needs to be informed and consulted about a potential data breach onto the same call at the same time. You can no longer tap everyone to huddle in a conference room.
Distractions, just like with any of our calls, are a factor in breach response as well. A pet jumping on the keyboard, choppy WiFi connections, a child needing attention - these interruptions can range from comical to a minor annoyance in normal business discourse. When dealing with an acute situation like a cyber incident, though, where every minute counts, such situations can become more onerous.
The effort to assemble a key team can be amped up dramatically in the case of a ransomware attack that has succeeded in shutting down access to IT for an entire organization’s employees, as happens in the most drastic ransomware events. Then, the inability to get a team together in a room can be truly crippling. If you can’t use your primary telephone or computer to log into a teleconference, what do you do? It can lead to some scrambling situations.
Forensics, IT Resources, and Shipping
Supply chains have been in flux due to Covid-19 for a number of reasons. Capacity is strained thanks to record use of online shopping and delivery services, making delays much more frequent. We’re even seeing that goods are lost more frequently.
This can come to bite during breach response when trying to get evidence to the forensics firm to conduct their investigation. While aspects of the forensics investigation can be sent and received electronically, often an organization has to send encrypted hard drives with forensic images of computers and servers to the forensics firm. Those deliveries have been delayed or lost more frequently during the pandemic. This highlights the importance of sending information on encrypted drives so that if stolen or lost, the data is not accessible to the unintended recipient.
On-site collection of evidence or recovery of systems by external firms -- something that is often needed for clients with smaller or outsourced IT departments -- faces similar challenges. In the early days of the pandemic, people hesitated to leave their homes. And even with a willing vendor partner, coordination between in-house personnel, external IT resources, and building management (to gain access to closed facilities) proved tricky.
Dateline 2021: What Breach Response Looks Like
Uncertainty reigns in questions about how long the pandemic will persist and what a new “normal” looks like for business practices. For now, it seems unlikely that many companies will rush back from their fully- or mostly-remote status, and may never get back to their previous numbers of daily in-office workers. That means several of the challenges described here could become permanent fixtures of breach response.
As we all adjust, look for new protocols and processes to be added to Incident Response Plans (IRPs) and Business Continuity Plans (BCPs) that factor in a more remote workforce. Now, more than ever, connecting with the right vendors who have experience guiding clients through breach response during the pandemic will help avoid the pitfalls other organizations experienced earlier this year.
The content of this article was adapted from a discussion between Lauren Winchester, VP of Smart Breach Response at Corvus, and Pasha Sternberg, an Attorney at Polsinelli PC specializing in privacy and cybersecurity matters. The two spoke during the Insurance Business America Broker Connect - Cyber virtual conference in June 2020.