Global & Digital Comprehensive Security Blog

Navigating Today's Security Landscape: How Businesses Can Be More Resilient in These Challenging Times

Written by Global Guardian Team | Aug 19, 2021 11:49:10 AM

A combination of a pandemic, global warming, cyberattacks, and rising crime in the United States is posing a challenge to businesses that is unlikely to abate anytime soon.

On August 17, Global Guardian hosted a webinar that sought to address these challenges. The panelists included Devi Sridhar, professor of global public health at the University of Edinburgh; Amanda Gorski, a senior cybersecurity analyst; Michael Ballard, director of intelligence at Global Guardian; and Global Guardian CEO Dale Buckner. Global Guardian COO Mark Post moderated the discussion.

COVID-19 Update: The Year of the Variant

At the start of the COVID-19 pandemic in 2020, countries struggled to respond as the virus spread around the world. Governments implemented lockdowns, social distancing, and mask mandates. Vaccinations were quickly developed, raising the prospect that an end was in sight. But the rapid mutation of the coronavirus that causes COVID-19 has resulted in variants—some more contagious than others—that are causing breakthrough infections in even those who have been vaccinated.

Sridhar described 2021 as the “year of the variant.” At present, the delta variant is causing infection and death rates to rise around the world. On August 17, New Zealand’s Prime Minister Jacinda Ardern announced a nationwide lockdown after a single case of COVID-19 was detected in the country. New Zealand had won praise for the way it had managed to contain the spread of COVID-19.

“What we’re seeing with delta is that the gamebook from 2020 is not as effective in 2021,” said Sridhar. New Zealand, she said, is in “a very difficult situation because they do not have very much vaccination coverage in their population. So to open up and to let that spread would be catastrophic, at the same time repeated lockdowns have major harms.”

Nevertheless, Sridhar said the world is “in a pretty strong position in terms of the scientific tools that have been developed”—effective vaccines, widespread testing, and treatments that improve the chances of survival.

Sridhar cited a “tale of two pandemics.” First, in high-income countries such as the United States and the United Kingdom, which have higher vaccination rates, the challenge is developing a vaccine for children and determining when to offer booster shots to those who have been vaccinated. And, second, in poor countries, the challenge is getting vaccines in the first place.

The challenge of providing vaccines to poorer countries relates to supply, said Sridhar. She suggested that this challenge can be addressed by taking the following steps:

  • Enhance manufacturing capacity, especially by setting up more facilities that specialize in mRNA technology.
  • Facilitate tech transfer to share critical technologies.
  • Provide emergency intellectual property waivers in times of crisis.

The way forward: Noting the large viral load of the delta variant—which means it is more easily transmissible—Sridhar said “what we are now seeing are transmission events that we would not have seen with the original virus type.” While outdoor transmission of the delta virus is still low, it is not impossible.

A year and a half since the start of the pandemic, populations around the world are still struggling with the disease. “At what point do governments say we have done enough and we have to let go of this issue? And at what point do governments say we have to continue [taking preventative measures], especially as new variants arise,” Sridhar questioned.

As for which variant is next on the horizon, Sridhar said “we are looking for what can outcompete delta. So far lambda (another variant) luckily does not seem to be showing that property.”

Reopening business: The question of how to return to office is a tricky one, Sridhar admitted. She predicted vaccine mandates will become inevitable. On top of this, she said, businesses will need to introduce behavioral changes, including regular testing of employees.

Sridhar said vaccine hesitancy can be addressed by educating people on the fact that everyone will get sick at some point but that the symptoms of COVID-19 can be reduced if one is vaccinated.

“It is going to be pretty impossible, even if you are sitting in New Zealand or Australia, to escape this virus forever,” she said. “It is a question of time and what you can do with that time to prepare yourselves so that you are in the best possible position to face this virus.”

Cyberattacks and How to Manage the Threat

On May 7, 2021, the Colonial Pipeline Company reported that it was the victim of a ransomware attack. The attack disabled the pipeline—the largest petroleum pipeline in the United States that provides nearly half of the East Coast’s fuel. The disruption resulted in price increases and fuel shortages.

Cyberattacks have become increasingly common. A significant number of these acts, including the one against the Colonial Pipeline, have been traced to hacker groups with ties to Russia.

What is ransomware? “Ransomware is malware that deploys asymmetric encryption to hold a victim’s information at ransom,” explained Gorski. “Attackers usually paralyze entire networks by targeting servers and critical databases in various ways, like injecting malicious code into legitimate applications or files. Then they demand payment to decrypt the data and get back access.”

“It is next to impossible to decrypt the files without having the private key, which is why most businesses just pay the ransom and move on,” she added.

Gorski cited some key takeaways from the Colonial Pipeline attack:

  • VPNs are essential, but need to be properly configured and managed to be useful.
  • Inactive accounts of former employees should be deactivated.
  • Russian cyberattacks are starting to affect regular Americans.

“As the international belligerent, Russia is constantly pushing the boundaries of what they can get away with using the internet,” said Gorski. Under pressure from economic and political sanctions, Russian President Vladimir Putin “relies on revenue from state-sanctioned cybercrime to fill in some of the holes in the national budget,” she said.

While there is no proof that the Russian government assists hackers, “it is clear that Russian authorities do more than just tolerate them. They are effectively protecting them by not cracking down on their operations,” said Gorski. The Russian government’s cyber units are involved in many international cybercrimes, she added.

While in a recent meeting with U.S. President Joseph R. Biden, Jr., Putin agreed to collaborate on cybersecurity, Gorski said this is problematic because it means working with Russia’s federal security service, the FSB. “Anything you tell them can, and probably will, be used against you some day,” she said.

How companies can address the challenge: Colonial Pipeline paid roughly $5 million in ransom to the hackers to recover its stolen data. Gorski said authorities urge companies not to pay the ransom because it will only encourage more bad behavior. “It usually comes down to a cost benefit analysis for most victims,” she said. “They weigh the price of the ransom against the value of the encrypted data.” Citing research from Trend Micro, a cybersecurity software company, she said that while 66 percent of companies say they would never pay a ransom as a point of principle, in practice, 65 percent do pay.

Gorski said some companies are preparing for ransomware attacks by building a reserve of bitcoins, updating their security, and turning to professionals like Global Guardian.

“We have to remember that in these cases we are dealing with criminals,” she said. Noting the importance of first determining whether an actual ransomware attack has taken place, she added, “It is important to have educated and experienced analysts assist to ensure that we aren’t involved in scareware attack before sending any money or risking company damage.”

Gorski provided a checklist of steps companies can take to secure themselves against ransomware attacks. These include:

  • Run regular software updates
  • Use only trusted software
  • Install anti-virus software and ensure that it is up to date
  • Implement a safe list to deny unauthorized applications from executing
  • Deactivate accounts of employers when they leave the company
  • Backup files—automatically and frequently
  • Engage a security service provider

Buckner emphasized the importance of platforms and technology, but also of training. “Most people are so focused on the technology… they forget about the training,” he said. “At the end of the day, it’s the human interaction with the technology that almost always leads to the fault.”

The Climate Change Threat Is Real

The effects of climate change are increasingly becoming obvious—from floods in China to wildfires in Greece and the Pacific Northwest to a progressively destructive Atlantic hurricane seasons.

Buckner discussed this challenge from a business continuity standpoint. Acknowledging that the term “climate change” has become politicized, he said what is not debatable is the effect these disasters are having on businesses worldwide. “Whether you believe [in climate change] or not, all of us can at least acknowledge and agree that there are changes going on… and it is affecting business,” he said. Describing this disruption as “very obvious,” “factual,” and “not debatable,” he said: “It is top of mind for us, and it is affecting our clients.”

Buckner described climate change as a threat multiplier. As businesses look to set up operations they will need to consider the weather pattern—the probability of hurricanes, wildfires, drought—more seriously, he said. “That is not a commonsensical thing that is very obvious to businesses…. It is starting to become the narrative,” he added. 

A recent climate report from the United Nations offered the bleak prediction that even if nations take immediate steps to cut emissions, global warming is likely to rise around 1.5 degrees Celsius within the next two decades. The report predicted an accelerated rate of severe heatwaves, drought, fire seasons, and hurricanes. “A 1.5 degree Celsius increase leads to a lot of bad things,” said Buckner. “These are things that are going to affect all of your businesses, your families, and your travel.”

A Growing Domestic Security Threat in the United States

The pandemic has had an impact on crime in the United States. While mass shootings paused as schools and workplaces shut down in response to COVID-19, in 2021 it “was almost as if a switch was flipped,” said Ballard. Multiple mass shootings have taken place already this year, including in Atlanta, Boulder, and San Jose. 

While crimes of opportunity, such as burglaries, were down in the United States in 2020, the murder rate spiked. This upward trend in the murder rate has carried through into 2021 fueled in part by the drug trade.

Ballard attributed the rise in crime to a confluence of factors, including the fact that fewer criminals are being kept in prison due to challenges posed by COVID-19; some police departments, faced with anti-police protests, are less willing to go into certain neighborhoods; and high levels of unemployment and a lack of social services.

Further, domestic terrorism, epitomized by the January 6, 2021 insurrection at the U.S. Capitol building in Washington, highlights the threat posed by anti-government groups. Ballard, citing the increased polarization of society in the United States, said “none of this is good from a peace perspective.”

Buckner also noted a fraying of the social fabric in the United States and a reduction of trust in government.

“People are now looking for corporations to take a stand” on topics that are politicized, he said. Both Buckner and Ballard said companies that are taking public positions on such issues are increasingly being targeted by groups on the Left, Right, or Center. “It is kind of a fraught time to be in the public spotlight right now,” Ballard acknowledged.

Eventually, Buckner said, those looking to do business with a Fortune 1000 company need to keep in mind that their achievements on critical issues like diversity and the environment will be measured. “If you’re in the business of monitoring what companies you are executing RFPs with, take a look, those topics are hot and they are not going away,” he said.

STANDING BY TO SUPPORT

The Global Guardian team is standing by to support your security requirements. To learn more about our security services, click below or call us at + 1 (703) 566-9463.