COVID-19: The impact of cyber on critical infrastructure in the next normal

When companies suddenly become critical to national welfare, it changes the implications of cyberattacks. Threat actors are motivated by monetary, political, economic or another impetus to achieve a malicious goal. Beyond cyberthreats, critical and essential organizations are subject to regulatory compliance that may require the adoption of new technologies and processes for many of the newly classified organizations.

While many regulatory bodies around the world are relaxing enforcement during the crisis, newly critical organizations need to plan for longer-term regulatory compliance, because stronger enforcement will return once we go back to life the way it was. Data security and data management will both be challenges after the crisis–in some cases, newly critical organizations will need to dispose of data that they no longer need.

The first step for all critical infrastructure companies–both new and traditional–is to reassess their cyber risk. Processes will change (the work at home model being an excellent example), and habits developed during the pandemic (such as ordering groceries online) are likely to become permanent for many people. These changes will have a corresponding impact on each organization’s risk footprint, requiring an evolution of both security and compliance technologies and processes.

Newly critical organizations are under tremendous stress right now, because they are not accustomed to operating in a world where failure is not an option. By taking steps to implement proven security frameworks and adopting best practices, they can not only reduce the risk of business interruptions during the pandemic; they can also support potentially greater business agility and resilience in the next normal.