Post-corona – The digital future is now

From just in time to just in case

Is the pandemic a reset button? A pause button? Maybe a stop button? The corona crisis is more of a forward button.  Trends that I expected in 2030 or 2035 are suddenly already a reality. Happened in days that we thought would happen in ten years, just look at working from home and digital meetings.

The virus has also partially shut down the corporate immune system. We see that effort we all spent for many years is changed within one or two weeks.

Businesses are working hard on more shock-resistant supply lines, they will permanently think differently about travel distances and digital services. They want to be much less dependent on distant suppliers. The keywords that always sound are: online, sustainable, local, buffers, deglobalization, shock resistance. The business model is changing from just in time to just in case.

The digital future is now

Almost everyone agrees that the crisis is giving a lasting impulse to digitization. But how much of that digitization remains after the crisis? Twitter and Facebook want to completely abolish the office for a significant part of their employees. Indian company Tata Consultancy Services thinks three-quarters of its employees will work from home by 2025.

Many other companies expect that working from home will remain the standard for around 15 percent of the work, I expect that digitization will make a difference for all kinds of work processes. “It has major implications for cloud and cyber security, as well as ethical issues such as privacy and data protection.”

I also see a surprising side effect of the mass working from home: employers suddenly have to become more aware of the well-being of their employees who work from home in new and sometimes difficult circumstances.

The crisis accelerates the transition to digital sales channels – logical with all lockdowns. You could already order a Tesla completely online, now. Now almost all manufacturers are busy making everything digital. You can now see ideas that were already a good idea accelerating. Partly from an overreaction – the new normal is becoming more digital, but not entirely digital.

I think there is a good way to assess whether a process will remain digital even after the crisis. If the feeling is positive on both sides of the transaction, it will remain. For certain conversations, doctors and patients both prefer to feed them remotely. For technical inspection services, it now appears how strange it actually was that people had to get on an airplane while they turned out to work excellently in virtual reality or augmented reality.

But besides the optimism about sustainability, digitization and the decision speed, it is obvious that this shock will also cause a lot of damage.

What we are experiencing now is something that we have not seen in the last eighty years. There is also a strong possibility that this will be a regressive crisis. So a crisis that destroys more than it creates. If things turn out differently than multinationals and their advisers currently hope, the pandemic could also rewind time instead of moving forward.

My advice is to reconsider the recommendations below and develop the strategies again:

  • Ensuring good cyber security measures now is the best way to address the cyber threat.
  • Consider incorporating the following proactive strategies:
  • Review the business continuity plans and procedures.
  • Ensure that systems, including (virtual) networks and firewalls, are up to date with the most recent security patches.
  • Increase the cyber security measures in anticipation of the higher demand on remote access technologies and test them ahead of time.
  • Ensure that work devices, such as laptops and mobile phones, are secure.
  • Implement multi-factor authentication for remote access systems and resources (including cloud services).
  • Ensure protection against Denial of Service (DoS) threats.
  • Ensure companies and people are informed and educated in cyber security practices, such as detecting socially-engineered messages.
  • Ensure people working from home have physical security measures in place.  This minimizes the risk that information may be accessed, used, modified or removed from the premises without authorization.

Industrial Control Security Management

Informatie- en industriële controle systemen (ICS) worden gebruikt om industriële machines te controleren en bewaken. ICS zijn essentieel voor de continuïteit van vitale infrastructuren en daarom is het van belang om deze systemen optimaal te beveiligen. Wij kunnen helpen uw ICS te beschermen tegen onbevoegden, manipulatie van processen en schade aan systemen.

Supply Chain Security Management

Hoogwaardige beveiligingsinbreuken hebben aangetoond dat het beveiligen van uw Supply Chain van essentieel belang is voor de informatiebeveiliging van uw organisatie. Wij beoordelen de beveiliging binnen uw Supply Chain door het in kaart brengen van alle suppliers die bedrijfsgevoelige informatie bezitten, het beoordelen van de contracten en de daarin gemaakte afspraken en het beoordelen van de reeds door de organisatie getroffen maatregelen. Op basis van dit onderzoek geven wij aanbevelingen om de informatiebeveiliging binnen de Supply Chain te verbeteren.

Onafhankelijke Security Advies

Wilt u de informatiebeveiliging liever niet volledig uitbesteden maar wenst u een sparringpartner of tijdelijke ondersteuning op afstand of intern? Denk hierbij aan een strategische verandering, het implementeren van een nieuw process, het verhogen van het bewustzijn van informatiebeveiliging enzovoort. Wij bieden Independent Security Advisors aan, die kunnen optreden als uw informatie beveiligingspartner, direct beveiligingsexpertise verlenen en specialistische vaardigheden bieden. Wij helpen u graag verder op weg in het beveiligen van uw informatie.

Cyber Weerbaarheid

Tegenwoordig is de kans dat er een cyberincident plaatsvindt zeer groot. Hierbij is het cruciaal dat de onderneming juist en tijdig reageert op een cyberaanval met behulp van een vooraf gedefinieerd en getest Cyber Response Plan. Wij kunnen uw organisatie ondersteunen met het opsporen van en verdedigen tegen bedreigingen van aanvallers, georganiseerde misdaad en (kwaadwillende) insiders.

Healthcheck

De Healthcheck is een strategische tool waarin reeds getroffen informatiebeveiligingsmaatregelen worden beoordeeld, verbeterd en aanvullende maatregelen geadviseerd. Dit wordt gedaan door een stapsgewijze analyse waarin diverse onderwerpen aan bod komen en bevindingen worden gedaan. Op basis van deze bevindingen worden er aanbevelingen opgesteld en in een persoonlijk gesprek teruggekoppeld. De onderwerpen van onze Healthcheck zijn:

  • Beleid, bedrijf en verantwoordelijkheden
  • Incident Management
  • Industrial Control Systems
  • Intellectuele eigendommen
  • Middelenbeheer
  • Operationeel Management
  • Supply Chain Management
  • Toegangsbeheer
  • Verandermanagement

Risicomanagement

Risicomanagement is een proces waarbij informatie risico’s worden geïdentificeerd, beoordeeld en beheerst zodat er een totaalbeeld wordt gecreëerd. Met het implementeren van het Risk Management proces is uw organisatie in staat weloverwogen keuzes te maken omtrent toekomstige plannen en investeringen. Wij begeleiden uw informatiebeveiligingsmedewerkers met het implementeren van het vijf-fasen proces bestaande uit:

  • Stap 1: Scope bepalen
  • Stap 2: Risk Assessment
    • Stap 2a: Identificeren van de risico’s
    • Stap 2b: Analyseren en evalueren van de risico’s
  • Stap 3: Business Impact Assessment
  • Stap 4: Risicobeheersing
  • Stap 5: Monitoren en controleren van de risico’s en de getroffen maatregelen

Deze aanpak is geschikt voor grote bedrijven waarbij de inbreuk op bedrijfsgevoelige informatie een grote impact heeft voor zowel de interne als de externe omgeving van het bedrijf.

Risk Management

Risk Management is a process to identify, assess and control information risks to provide an overall picture. By implementing the Risk Management process, the company will be able to make informed choices about future plans and investments. It will help your information risk practitioners to implement the five-phase process consisting:

  • Step 1: Scoping
  • Step 2: Risk Assessment
    • Step 2a: Identify risks
    • Step 2b: Analyse and evaluate the risks
  • Step 3: Business Impact Assessment
  • Step 4: Risk Treatment
  • Step 5: Monitor and control the risks and the taken measures

This approach is suitable for organisation where a cybersecurity breach has a big impact on the internal- and external environment.

Healthcheck

The Healthcheck is a strategic tool to assess and improve security arrangements. Through a step-by-step analysis, we assess the current information security by evaluating the current measures and advice improvements of these measures. Also, we give additional recommendations to improve the organisation’s information security. The subjects of our Healthcheck are:

  • Policy, company and responsibilities
  • Incident Management
  • Industrial Control Systems
  • Intellectual property
  • Asset Management
  • Operational Management
  • Supply Chain Management
  • Acces Management
  • Change Management

Cyber Resilience

Nowadays, the chance of a cyber incident is very high. It is crucial that the company responds correctly and timely to a cyber-attack using a predefined and tested Cyber Response Plan. We support your organization with tracking down the and defend from attackers, organized crime and (malicious) insiders.

Independent Security Advisory

Do you prefer not to outsource the information security completely but do you want a sparring partner or temporary support at a distance or internally? With this you can think about a strategic change, implementing a new process, to improve security awareness etc. We offer Independent Security Advisers. We act as your information security partner, provide instant security expertise, specialty skills, and experience to keep you on track.

Supply Chain Managementshield

High profile security breaches have shown that securing your supply chain is essential to protect your organisation. We provide organizations with an independent assessment of its approach to supply chain risk management. By identifying all suppliers with critical information and/or sensitive data, evaluating the contracts and agreements. Based on this research we provide recommendations to improve information security in the Supply Chain.

Industrial Control Security Management

Information and industrial control systems (ICS) are used to control and monitor industrial machines. ICS are essential for the continuity of vital infrastructures and therefore it is important to ensure optimal security of these systems. We can help protect your ICS against unauthorized persons, process manipulation and system damage.