As the coronavirus pandemic continues to disrupt there is another threat that is rising by the day- the risk of cyberattacks. Work from home will suddenly change the security dynamics both from defense and offense perspective and the world is not prepared for it.
Here is a sample Email from a CISO to the Board:
I hope all of you and your family/friends are doing well and are safe from Coronavirus outbreak.
We are already in the midst of a black swan event. In today's scenario it is also quite probable to face a black swan doomsday event with our cloud or IT assets either due to security breach or due to some cloud provider outage.
Earlier I would have considered the probability as extremely low...now I will consider the probability has medium/high. Irrespective of the probability , the impact of such an event was anyway existential crisis.
I would strongly recommend taking immediate offline backup for everything including cloud which is "necessary and sufficient" for business continuity. You may exclude anything which is not part of "necessary and sufficient" condition.
Also please do keep in mind that irrespective of our security posture we can always be breached. It has happened to even the biggest and strongest with 100 million+ security budgets including the likes of Google, Microsoft, Facebook, Amazon etc....On top of it Work from home will suddenly change the security dynamics both from defense and offense perspective and the world is not prepared for it.
Let's be prepared for the worst and hope that it never happens.