COVID-19 is changing the way organizations prepare and respond to an incident. To address this, Marti Arvin and Clyde Hewitt are recording a mini-series on incident response. In this podcast, they discuss what must change as a result of becoming a remote workforce.
Links to stories:
To read more about incident response read our latest blog: https://insights.cynergistek.com/blog/thinking-about-the-unthinkable-preparing-for-incident-response-with-a-remote-workforce
Hello and welcome to CTEK Voices: The Risk Perspective. I’m your host Lauren Frickle today we’re back with part two of our podcast series, Incident Responses in the Time of a Crisis with Clyde Hewitt and Marti Arvin both executive advisors at CynergisTek and industry-recognized thought leaders.
Welcome Clyde and Marti, how are you doing?
Thank you, Lauren. I’m doing extremely well. This is Marti Arvin. We’re here today to continue to help support our clients even in these trying times.
I know working from home for all of us is a little bit of a different structure for us. But that’s exactly why we’re discussing this topic. Is that change in your workforce can have an impact on your incident response process.
I’ll turn it over to Clyde now to introduce himself and start talking about what these issues are. Clyde?
Thank you, Marti. Um, one thing that I would like to do is welcome everybody to the podcast. The second thing is, I wanted to do a very quick recap of what we talked about in the series one the first of this series of podcasts. We talked about what has happened on the development of incident response teams and how a lot of organizations have built their plans for incident response and recovery based upon the assumption that all their teams would be on-site. Then we talked about what had changed the fact that you know with a remote workforce, especially for non-clinical staff right now we have to evolve those procedures.
So today, we’re going to talk about the next step of the process within the cybersecurity framework, which is detect and we’re going to talk about how detect processes needed to change to adapt to be able to use remote workforces.
Under the detect series or detect function one of the things we’re seeing is we’re actually seeing higher attack rates right now on health care organizations. Even most recently, it was reported within the last day or two that the World Health Organization is now seen cyberattacks against it. We have seen a significant increase in the number of phishing emails that are sent out either advertising fake COVID detection kits, fake COVID vaccines, fake COVID cures, fake information, and there’s also been reports of active Russian interference.
Marti, do you think that I’ve covered everything there or have I missed some things that you need to add to that?
I have just one quick comment that I found interesting. My husband yesterday talked about that he couldn’t find anything on the web about these “home kits” to test yourself for COVID and I said to him well that’s in part because that’s a hoax. There really aren’t any true home kits that you can order to test yourself for it. So, you know, it impacts all of us and it is both global and very local.
But Clyde, in addition to the high rate of attacks there are also some limitations that might be seen in the healthcare industry when you have people working remotely that wouldn’t normally be working remotely in the time of incident response.
Do you want to talk a little bit about the desktop limitations that might be part of the issue here?
Absolutely Marti, well you will notice that when a lot of people work from home. Especially from the IT standpoint, we find out that they come to the situation with the tools they have. Some may have laptops; some may not have the fastest broadband connection into their house. So, they’re dealing number one with network availability depending upon which part of the country you’re in there may be speed limitations.
And from a detection standpoint, healthcare organizations have got things like STEM tools, they’ve got alert monitoring systems, if they’re more advanced they may have them connected into an email or they may have them connected into text messaging. But now that these workers who are responsible for detecting issues, we have to expect that the response time to be able to see these alerts and login to the specific systems is going to be slower.
We also rather than have like a security operation center where you know, someone is, you know setting in a room together, you know, we may find out that now you have a distributed staff out. So, it’s like, you know, hey Bill or hey Sally are you seeing the same thing I am seeing? And would you look at or check on this other server over here to check the CPU time? For example.
You can’t do that immediately in a remote working environment, because you know you would not be expected to have a conference bridge up 24 by 7, especially when you’re in a monitoring mode to detect a tax.
You know, there’s also going to be distractions at home for the staff that you normally have. So, you know, the dogs are going to be barking, you know the kids are going to come in, folks are going to have to get distracted with other things and deal with the home life situation as well. So, I’m thinking Marti, you know, you’ve already talked about, you know, you’ve got your husband there and you know, it creates some challenges for some remote workers.
Can you explain or you know, can I can you add anything to that?
Well, I think there obviously are a number of challenges for remote workers and things that people aren’t used to you may have staff that live in small spaces. So, being able to find that location to get away from the distraction is might be difficult for them. They might not have a home office. You and I work remotely from home when we’re not traveling with our work environment so we both have remote home offices set up.
That might not be something you see with your remote workforce and then there are other issues I know for remote workforce you want to start talking a little bit about those issue specific to the individuals as opposed to more the connection.
Absolutely Marti, we also see that you know, when you have a staff that is typically working five days a week eight hours a day in an office and they have their equipment setup to work there. So, in other words, maybe they need high bandwidth and things like that. Then you find out that all of a sudden if they’re going to a home office they may have to bring their own device or maybe they’re going to use their personal laptop or their personal desktop to connect back into to the mother ship or back into the corporate network and that creates some new threats and new risks.
Maybe they’re also setting in behind, for example, you know consumer-grade firewalls and routers, you know with their home. Maybe their Wi-Fi hasn’t been set up as secure at home because that literally is outside of the reach of a typical IT security department to be able to mandate certain security requirements for home networks.
If the organization then finds itself in a situation where they have to purchase new equipment, for example, to support additional workforce members because maybe you know as we get further into this crisis and more and more people fall ill to the COVID virus and they’re not able to work. Maybe they’re bringing in temporary workers or maybe they’re bringing additional staff. So, they’re going to need additional equipment for them rather than look at moving a piece of equipment such as a laptop from one person’s house that may have COVID into another person to do that function. So that’s going to be some challenges there.
So, Marti, I mean now that I’ve talked about the equipment you know, we’ve already seen some challenges on untrusted suppliers, but does that create any issues with vendor management?
Well, I think there are certainly going to be issues around vendor management and thinking through to your point if you are bringing in new individuals is that through a new vendor? And if you’ve got that new vendor then how are you going to do your usual due diligence around that vendor? What’s their access going to be? What’s the checking you’re going to do around that vendor?
But you did raise an issue that I hadn’t thought about before Clyde as you were talking about this. If you’re providing equipment to your employee to work from home and suddenly that employee gets sick and you’re going to try to transition that to a different employee and again thinking through if you need somebody else to support the remote detection function because the person has suddenly become ill. Can you move that equipment? What is the risk to the individual and taking that equipment out of a home that’s contaminated with COVID into the home of the new individual that might not be? And have you thought about the requirements for cleaning that equipment and ensuring that you have sanitized it so that you don’t put the new employee at risk or the different employees at risk for contacting COVID?
So, I know that kind of went off-topic of vendor management, and I didn’t know if you had any other thoughts around that Clyde, but it certainly was something that I thought about as you were speaking.
No, Marti, I don’t have any additional hints. I don’t know the vendor management, you know, we’ve smaller questions. Like how do you obtain satisfactory assurances? So, if you do get new, equipment for example and those vendors are expected to provide support that may actually touch PHI are the systems that support PHI you’re going to need things like business associate agreements. Under the HIPAA security rule in the HIPAA Privacy Rule, you have to have those satisfactory assurances. So, what does that mean from a remote workforce?
Now, I also talk about remote workforce here, but let’s look about some of the other things on remote detection. Some organizations have outsourced their Sim tools, for example, or they have outsourced their threat monitoring.
So, for those health care organizations. Have you looked into the additional risk that those third-party vendors have to support their employees when they are working remotely? So, there’s some additional challenges there that need to be looked at and maybe it’s time to start asking the questions of the vendors. You know, what is your remote workforce plan around COVID? Because for example, a lot of companies support structure within the IT field. A lot of companies will use call centers for example inside in other countries for example. Some of these other countries right now are on a hundred percent lockdown right now, which means nobody goes to work.
So, how are they going to support your detection processes if all of their employees or 100% of their employees are working from home? Do they have the ability? Does that increase risk for your organization?
So those are some things that you know, you need to think about now. I mean, I know that we’re still on the upside of the COVID curve, but we have not reached the peak yet. So, it’s time to start asking those questions of your vendors. You may not get an immediate response but at least you’re helping to alert them to start thinking about the same issues that we’re talking about today.
Yeah Clyde, I think those are all great points and we’ve covered I think a fair amount in this podcast on things to think about during the COVID crisis and your incident response process when you have to work with remote detection issues. I’d ask the audience to stay tuned for the additional podcast in this series as we go through the NIST process for detection response and recovery to talk through issues on that.
And with that, I’ll turn it back to you Lauren.
Yes, great thanks so much Marti and Clyde on that information on incident response and remote detection. I will encourage our listeners to find more information on this subject on our website cynergistek.com.
Also remember if there’s anything you need from CTEK during this time, please reach out and let us know.