Security Implications of COVID-19 on Third-Party Providers

By Chris Gorsuch, Assessment Services Manager
mark

Security Implications of COVID-19 on Third-Party Providers


The physical, emotional, and financial implications of COVID-19 are being felt by families, companies and governments around the world. Lives and livelihoods are being affected, companies are failing, and governments are struggling in all aspects of daily function.

Today we will consider a few of the ways this is impacting third-party providers and business’ traditional security models.

Boom

For certain industries, COVID-19 has caused an increase of demand. For example: desks, chairs, and computer equipment are needed as people transition to working from home; disinfectants and personal protective equipment are in short supply; enhanced safety requirements for facilities need to be planned, deployed, and maintained.

While organizations operating in this space certainly benefit, they must find a way to meet this surge in demand while also being subjected to the same risks that are driving that need.  Their security processes, controls, and capacity may find itself stretched beyond the breaking point.

Would you invest in scaling up your operation to meet a demand that is expected to be short lived? Or, would you take risks and cut corners betting that things would return to normal before an incident could occur?

Bust

For most, COVID-19 is a catastrophe. Some customers will cut spending in response to reductions in revenue, while others will fail and leave debts unpaid.

In the wake of a sudden reduction in demand, prior investments in security processes, controls and capacity are no longer required. Additionally, staff may have to be released and expensive investments on licenses or hardware could go unrecovered.

Even those businesses that remain relatively intact will face the challenge of delivering services in a changed environment at an increased expense.

How do you manage your security expenses and maintain your security controls when the situation has changed so drastically?

Risk Transfer

While any disaster introduces risk, the ongoing nature of COVID-19 is particularly challenging. Something as simple as operating a business in this environment now requires the acceptance of risk and the need for solutions.

How do I maintain my supply chains, keep my people safe, and provide my products and services reliably? What will tomorrow hold?

Some organizations may see a rise in demand driven not by the quality of their product, but their customer’s desire to transfer the associated risks. Does your risk management program consider the threat of customers interested in your products, so that they have someone to blame if things go wrong?

Working from Home

Although ‘remote work’ has existed for some time, most organizations tied their official security posture to the concept of an office (and before the advent of the cloud, a data center). Visitor logs, security badges, secured workspaces, and management oversight all assume a physical presence. With people working from home, claims of security can no longer hinge upon such assumptions and new questions have surfaced:

Where are the people working? Who can see their screens and listen to their conversations? Are they available and capable of working? What is their mental state? Is their equipment REALLY ready to be on the unprotected Internet?

All of these risks that were often overlooked or taken as assumed have suddenly become worthy of legitimate discussion.

Download the latest Ponemon report to learn how Digital Transformation increases cyber risk

Secured Environments 

Imagine that you had committed to your customers that work will only be performed from physically security, extremely restrictive, environments. Your clients have stringent requirements around physical security, and with your employees no longer tied to a physical location, you are at a loss for how to move forward, and even more questions have surfaced: 

Are your employees operating in the same state? How much larger would the facility have to be in order to house all of your employees while maintaining social distancing standards? Will multiple spaces be needed? What are the costs associated with these new standards?

How do you explain to a customer that while nothing has changed regarding the nature of the data, the work performed, or the country in which it is being processed, you are suddenly no longer able to maintain that same type of protection?

Moving Forward

The ever-changing business sector requires innovation, and COVID-19 has been a catalyst in the emergence of those conversations. While the security implications of COVID-19 on Third-Party Providers are many, we hope today’s post has provided you a few to consider.

Which of these implications have impacted you the most, and how is your business moving forward?

Stay safe, and good luck.

On-Demand Webinar: Digital Transformation and Increased Cyber Risk

Chris Gorsuch

Assessment Services Manager

Mark
Mark

Join 5,000+ risk professionals who subscribe to the CyberGRX Newsletter