The Response to COVID-19: Cybersecurity Operations Centers

Continuing to closely explore various types of installations that are among the most important at cybersecurity operations centers right now.

Kelly Okerson Leave a Comment
The Response to COVID-19: Cybersecurity Operations Centers

We began our series with a look into how emergency operations centers are responding to the outbreak. Next, we’re diving into the world of cybersecurity operations.

Cybersecurity Risks During COVID-19 Pandemic

As society becomes more dependent than ever on our digital tools, hackers are targeting our most vital form of connection.

The internet has quickly shifted into the primary channel for conducting work as well as the main source for human interaction. Our increased dependency on the digital infrastructure makes the price of any failure that much higher.

The fear and need for information surrounding the COVID-19 pandemic has also given hackers a new target. Recently, the US Department of Health and Human Services was the target of cyber attackers who aimed to disrupt operations and information flow.

There are also hackers posing as the CDC and WHO in phishing attempts.

Cybercriminals exploit weaknesses, especially in prolonged times of crisis, to penetrate defenses. They take advantage of fear and uncertainty.

Businesses with an unprecedented amount of people working from home are also at risk, due to the different devices and networks being used to handle important information.

According to Phil Reitinger, president and CEO of the Global Threat Alliance, the pandemic “offers a slew of new opportunities, and if there’s one thing we know about cyber adversaries, it’s they’re adaptive and reactive.”

Even with incidents that don’t involve remote work, attackers very quickly launch phishing campaigns based around the current threat.

“What COVID-19 gives the adversaries is an opportunity both to phish – to sort of weaponize the desire for information – and at the same time a new set of opportunities to target,” said Reitinger. “With all of these people working remotely, there’s an opportunity to invade home networks and move laterally on those devices.”

During the social isolation and the panic caused by COVID-19, operators in 24/7 cybersecurity operations centers play a pivotal role in protecting organizations and the public.

Cybersecurity Operations Centers During Pandemic

Even under regular, “business-as-usual” conditions, data is a lucrative target for cyber criminals. There are multiple types of cyber-attacks, from advanced persistent threats (APTs) and phishing to malware, cryptojacking and ransomware.

Under our current pandemic conditions, the risk to our digital assets is even greater. Cybercriminals often take advantage of major global events, and those defending our digital landscape are working harder than ever.

The increased sophistication of cyberattacks means the tools we use to defend them must be just as sophisticated. This is where cybersecurity operations centers (CSOCs) come in.

Threats need to be assessed in real-time so the CSOC can provide proactive, advanced threat detection as well as immediate incident response. Organizations with CSOCs have vastly improved response times. They can detect threats early, in turn preventing major damage.

As with many security applications, in cybersecurity time is the most critical element. The less time there is between a breach and its detection, the less of an impact the cyberattack will have on an organization.

Early detection limits damage, and the best tool for early detection is the cyber SOC. Highly effective SOCs combine comprehensive threat intelligence with advanced automation tools and analytics.

In addition, these cyber SOCs can distribute important information to at-home employees about how to practice cyber-health during the pandemic, ensuring that human error doesn’t contribute to the increased risks during this time.

Effective Cybersecurity Operations Centers

In addition to a top-notch team, a cyber security operations center must provide an effective space to work in that will help, rather than hinder, their security monitoring. This means that not only is the security technology important, so is the design of the space itself.

Using the right video wall to display vital, real-time data is paramount to ensuring that the time between breach and detection is minimal. From display resolution to sizing and placement, the selection of an operations center video wall plays a key role in ensuring proper display of data.

It’s also important to select video wall technology that can withstand the demands of a cybersecurity operations center; not all displays are made equal, and those in a CSOC must remain on 24/7 for constant monitoring.

That means they need to be resilient, and the design of the audiovisual integration should include redundancies in case of any system failure.

The furniture in a CSOC can also be specifically designed to assist the function of your operations. A popular solution is arranging workstations in open pod configurations to streamline collaboration and communication.

Another way to promote operators working together within a command center is the inclusion of set collaboration areas. These include huddle spaces or adjacent conference rooms where operators have a designated area to collaborate that is set aside but still within the cybersecurity space.

A successful cyber SOC implements design solutions that will benefit operator productivity and situational awareness. Sit-stand consoles contribute to operator health, and the versatility contributes to improved mood and energy, allowing operators better focus.

The placement of the command center furniture in relation to the video wall is also important to operator awareness. Sight line analyses to determine proper viewing angles to the video wall ensures that the operators monitoring applications have maximum situational awareness.

Moments of crisis often remind us how invaluable the multiple types of operations centers involved in emergency response can be. It’s important that emergency operations centers, medical command centers, and social media monitoring centers be up to date in order to provide efficient, reliable response.

If your mission critical environment hasn’t been updated in several years, the technology may not be as reliable as it should be for around-the-clock use in a crisis situation.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!