Thu, Mar 19, 2020

'Relaxed' Cyber Security is the New Abnormal but Not a Sustainable Model

The Trump administration has recently moved to change the rules concerning medical privacy to enable doctors to consult with patients remotely using popular services that were previously prohibited because of security concerns. Given the need to adapt to the age of the coronavirus (COVID-19), this change certainly makes sense, and the result seems to be a significant uptick in doctors using telemedicine, with some reporting 10- or 20-fold growth in online video consultations. 

But as many security professionals have pointed out, the reason that many of the video conferencing systems were previously prohibited was the limited level of security provided. Add to this the fact that cyber criminals and other bad actors are well aware that this is a productive time for them. Companies have had to rush into work from home processes, often without the time to do so with the right level of security. Moving from secure corporate networks to those based on home routers (which may have security challenges) results in a lower overall level of security. While these moves are needed right now, do we want to just accept weakened cyber security as the new normal?

Does Urgency Trump Security?

When it comes to cyber security, what people are calling “the new normal” may well involve a reduced level of security. For example, a company’s cyber security staff may have to work from home, without all of the capabilities available in their security operations centers. And the substantial increase in the number of team members working from home may mean that there are a lot of new network endpoints and external traffic that were never considered when establishing a security monitoring environment.

So, we would like to suggest that organizations stop accepting degraded security situations as “the new normal” and think of them as “the new abnormal,” understanding they will need to be carefully evaluated and addressed as soon as possible.

Thinking of them as abnormal is more likely to motivate both technology security professionals and senior executives to recognize that working with reduced cyber security is not a sustainable model. There must be an immediate push to answer the question “what can we do to get back to the level of security we need?”

Focusing on the Endpoints

One of the first things that can be done is to arrange for endpoint monitoring of all of the devices that now make up your network. Organizations like ours can work with your IT and security teams to remotely install software sensors that can be monitored by professionals 24/7. Any incidents that are detected can result in an immediate notification and a decision can be made on what to do to prevent or remediate the problem, even including automated responses (e.g., if Kroll detects ransomware staging and activity consistent with preparation to begin encrypting, containment steps can be taken before business interruption occurs). If pushing endpoint tools to new devices is not possible (e.g., personal devices), ensure that multi-factor authentication is required and increase monitoring of the traffic from these endpoints to your organization’s networked devices. 

If an organization must use tools and methods that are not up to appropriate security standards for purposes of business continuity and operate with employees working for home for weeks or months, this is the time to not just accept the lower security model, but to figure out how to restore the “right” level of cyber security for your organization. Consider your email: if you are using hosted email services (e.g., O365, GSuite, Rackspace, GoDaddy, etc.), ensure that minimum levels of security protections and monitoring are enabled. These configurations are unlikely to affect remote use capabilities and enable greater oversight to security teams. 

This is particularly challenging for small and medium businesses that have never had a chief information security officer (CISO) or full-time cyber security specialists. Many of our clients recognize that they need a shared CISO to help them establish and maintain an effective security strategy, and that’s when a Virtual CISO program provides the most benefits.

However you approach it, accepting a lower level of cyber security can be practical, but can be mostly advantageous for cybercriminals. While we may have to accept a short-term disruption, don’t accept it as being normal. It’s abnormal and must be recognized as something that we should only tolerate for a short period, and we should begin to immediately taking action to restore (or even improve) your pre-COVID-19 cyber security.


Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Virtual CISO (vCISO) Advisory Services

Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.


Proactively monitor, detect and respond to threats virtually anywhere – on endpoints and throughout the surface, deep and dark web.

Office 365 Security, Forensics and Incident Response

Digital forensic experts investigate hundreds of Office 365 incidents per year and help strengthen your security.

Computer Forensics

Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.