COVID-19 Cyber Blog
Coronavirus & Cyber Diligence
by Brian Berger, President Cytellix Corporation
As many organizations have made decisions for the health and safety of their employees to move to a remote work model, cyber diligence and resilience will be tested. Employees will now log-in from their homes changing the patterns and normal behaviors of the cyber monitoring. These new locations, IP addresses and user behaviors should throw off cyber alerts for your monitoring and security operations centers (SOC). If they are not alerting, then there is an issue with the cyber monitoring and event management of your solution. If they are alerting, then these are “potentially” false positives. Why potentially? Verify and validate it is the employee and their new location as a bad actor can take advantage of remote user model to get into your data impersonating a remote employee as part of the new alert noise. There should be a significant amount of new noise for cyber monitoring that needs to vetted for both valid user and valid access. Be diligent during these days of health and safety for both your company and your company employees.
Know who is on your network, always!