Saturday, April 25, 2020

Risk management and Covid19

April is coming to an end, since beginning of the year, Covid19  had rampage the world for approximately 4 months. The virus was first discovered in a part of China, Wuhan in December 2019 and months after, there have yet to have a confirmation over the source and where it could have start, i.e. we have not clearly identify the zero patient. Some argued that it was a Chinese disease, some claimed that it was a lab-released mistakes. We tend to believe none of these are true but understanding how nature has always behave, this is an evolution. If humans can innovate, what is stopping other forms of life beings to evolve? How much have we truly understood the micro organsm? These questions probably best answered by scientists.

Before Covid19, the threat landscape was focusing on digitalisation, cybercrimes, cloudsecurity, Internet of things (IoT). On the health front, WHO released the following list of 10 threats in Jan 2019:

1. Air pollution and climate change
2. Noncommunicable diseases
3. Threat of a global influenza pandemic
4. Fragile and vulnerable settings, such as regions affected by drought and conflict
5. Antimicrobial resistance
6. Ebola and high-threat pathogens
7. Weak primary care
8. Vaccine hesitancy
9. Dengue
10. HIV

On 15 Jan 2020, WHO released the following list of 10 threats:

1. Climate crisis
2. Health care delivery in areas of conflict and crisis
3. Health care equity
4. Access to treatments
5. Infectious disease prevention
6. Epidemic preparedness
7. Unsafe products
8. Underinvestment in health workers
9. Adolescent safety
10. Improving public trust of health care workers

Infectious disease prevention, epidemic preparedness, access to treatments, underinvestment in health workers, were less threatening than climate crisis which had stayed at No.1 for 2019 and 2020 assessments. However, after Covid19, I supposed the threat landscape on technology would probably heightened while the no.1 threat on WHO now could be "Global Influenza pandemic" follow by Vaccine Hesitancy, Weak primary care, Fragile and vulnerable settings instead of climate crisis or air pollution. These being said, risk management is about relativity.

The virus is more threatening because it had showed its impact to the global economy and had expedite the oikcrisis because of #stayhome, #lockdown, #cruiseships, #airline, #financialindustry. Along with it, cybercrime could get rampant due to public stability and social impacts of #stayhome, #lockdown and the lack of entertainment or security resources. On the flipside, digitalisation could speed up because of the sudden surge demand on remote office, remote socialisation, virtual teams, virtual coffee place, and the list goes on. Some of the more obvious changes are video conferencing technology like Zoom, Skype, Microsoft teams which had already used widely by educators, students, public speakers, corporate enterprise. What are the associated risks to these technology?

1. Data Loss incidents could escalate
2. Cybercrimes over the intellectual property (information shared via these technologies)

Hence, I felt that information risk practitioners need to reassess their administrative controls such as  information classifications, information security during BCP, systems availability and recovery, software management controls to technical controls such as antivirus preventive controls, firewall rules and packets inspection.


No comments:

Post a Comment