Companies trying to stave off business disruption caused by the global Covid-19 pandemic may be ripe for compromise as they introduce new risks in the scramble to maintain business continuity, warned a retired senior CIA executive in a keynote presentation Wednesday at the InfoSec World 2020 digital conference.
In essence, the coronavirus has created ideal “crisis” conditions within organizations that attackers can take advantage of to conduct reconnaissance or data exfiltration operations while going unnoticed.
“In my own experience, the best time to spy is when there’s a crisis in the target, when there’s a crisis ongoing, because people tend to cut corners,” said Mark Kelton, director of MEK & Associates and former chief of the CIA’s Counterintelligence Center – one of multiple roles he held during his 34 years of experience in intelligence operations. “They tend to modify procedures. The procedures they put in place to protect information, to protect facilities and the like, tend to fray because people have to go forward and conduct business. The pace of business dictates compromise.”
Kelton said that in many cases where an employee compromises organization security, the act is not committed with criminal intent. Rather, “What you find are people who will say, ‘Well, I had to do it in order to get the job done. I had to modify this data-handling produces in order to get the job done. I had to give this person access in order to get the job done,’” explained Kelton in his session, “Real World Intelligence and Global Cybersecurity Threats.”
“And when you do that, you create vulnerabilities – and when people are away from the normal workspace, those vulnerabilities multiply,” he noted.
Indeed, the shift to a largely remote workforce in light of ..
Support the originator by clicking the read the rest link below.
