I was asked about the impact of Corona on the IT-Security. This is what I came up with.
Remark: As someone said when beta-reading this text, a lot of the risks mentioned are not really Corona-related. But Corona makes those risks visible or sometimes just more obvious.
- The bond between company & employee is weakened
- Easier to attack through social engineering, colleagues are also just voices on the phone
- Lacking skills for the remote management of people
- People-poaching becomes easier
- Fear for the personal future
- Easier to seduce people to "rogue activities"
- Hoarding of digital assets (customer data, source code)
- The separation between job and private life is dissolved further
- Use of company assets for illegal purposes (copyright violations, etc.)
- Use of private software on company systems
- Use of company software on private systems
- The feeling of "unobservability"
- The usage of private resources (hardware, internet, space)
- Personal components are being used as part of the workflow or as storage
- Resources are shared with third parties unknown to the company
- The home IT becomes a new shadow IT
- Critical Infrastructure
- Client-2-Site VPNs become part of the critical infrastructure while remaining vulnerable to denial-of-service attacks
- The dependency on the IT security of third party tools and services (Teams, WebEx, Zoom, DropBox) rises astronomically
- Security hardships
- A lot of traffic bypasses corporate and IT-security infrastructure
- Anomalies are the new normal, all thresholds for safe & secure behaviour have been invalidated
- Plans for crisis management or disaster recover will probably not work in the current environment or will take much longer
- Company devices have never been designed to survive in an hostile environment, they rely on a sheltered network and are not based on a zero trust concept