Integrity Is Indispensable: Assessing Partnerships and Performance Metrics in a Crisis Response

On our third installment of Rapid7’s Remote Work Readiness Series, join us as we reflect on how to leverage partnerships to build trust and mitigate risk. From helping users customize their existing controls to improving vendor relationships, our service and security experts discuss what we can anticipate as COVID-19 continues to shape our security environment.

Reevaluating customer service needs

With the implementations of social distancing and lockdowns, businesses around the globe were forced to adapt their security posture. Initially, the focus for most companies was just keeping heads above water. Short-term changes to customer service focused on reevaluating attack surfaces for employees working remotely. But what about delivering meaningful value over the long haul? For SaaS businesses particularly—which are customer service-oriented by nature—that means solidifying relationships beyond the pandemic.

It’s the job of security leaders to assist customers in leveraging the full capacity of already available solutions. This starts with creating communications and services to help users customize controls to meet evolving needs. Disseminate a guide to help remote workers install agents at home (where they may not have an agent deployment system handy), to improve asset visibility for managers.

The revised playbook for managing security also includes a greater emphasis on empathy. Proactively reach out to customers. Even if you don’t have the answers, touching base is better than radio silence. Make arrangements that focus on sustainability over immediate profit. Be mindful that as dining and hospitality industries suffer, medical and biotech sectors may be overwhelmed by demand. Displaying sensitivity to individual financial circumstances goes a long way toward encouraging positive customer experiences.

Service forecasting: Cloud dependency and potential threats

Security professionals have long nursed hopes that everything could migrate to the cloud, and the unprecedented shift toward working remotely provides a unique opportunity to test cloud scalability. Services like Zoom had no problem increasing twenty-fold almost overnight. Disruptions (think Zoom bombing) occur, but because these result from malicious users and not service providers themselves, they don’t suggest deeper scalability issues. Tech vendors note that even previously cloud-averse regions of the world are now showing interest.

As a global pandemic coincides with a radical influx of remote workers, people at sea level are wondering what business will look like when we emerge from this crisis. And as security professionals take in lessons from their early response, they must now contend with a changing attack surface.

Attackers are nimbly conforming to the current landscape. Bad actors prey on pandemic anxiety through phishing scams, with an estimated 10% of rejected email threats coming up COVID-19-related. The experts also noted the danger of insider threats. As budget cuts force layoffs, businesses should also anticipate an uptick in data dumps from disgruntled ex-employees.

To correct vulnerabilities, you must first get out of the muck. Experts advise revisiting fundamental security principles, focusing on risk mitigation as well as security portfolio management to help prevent repeating past mistakes. Automation tools come to sight as productivity heroes, so security leaders can focus on higher-level operations instead of time-consuming, repetitive tasks. Outsource where you can, building security into the platform taxonomy.

Vendor performance metrics: What counts when we’re uncertain

Hopefully, you’re already prepared before crisis strikes, but since a return to normalcy looks a long way off, address vendor capacity for continued service. Measuring performance against extraordinary circumstances proves tricky, since the calculation extends well beyond dollars and cents. Intangible factors like trust and integrity become critical, since you don’t want to invest in someone who abandons ship at the first sign of trouble.

Faced with uncertainty about what might trigger your contract’s force majeure clause—which frees both parties when obligations go unfulfilled due to unforeseeable events—ask, how are your vendors adjusting? Have they successfully transferred more of the supply chain to cloud dependency? Are they working to inoculate security functions?

A silver lining to emergencies is watching people exhibit grace under pressure. Whether it’s a service provider that goes above and beyond or a former colleague who resurfaces just to check in, challenging times remind us about what’s important. Hint: It’s not just the bottom line. In a business relationship, friendliness and reliability spell value and longevity. The goal here is preserving partnerships, not quarterly gains.

Listen to the full webcast

Thanks to our contributors for another informative session. Check out the full webcast, the 13 Recommendations for Improving Cybersecurity for Remote Working, as well as the additional Rapid7 and Mimecast COVID-19 resources mentioned in this session. Be sure to subscribe so don’t miss our next session, where we tap Rapid7 partners, customers, and security practitioners around the world to share the latest advice for staying on top of the evolving crisis.