Though the origins of OPSEC (Operations Security) began with the military, in our digital age, it encompasses private and public sectors alike. OPSEC during COVID-19 is an especially delicate matter. It refers to the process of assessing and protecting critical, sensitive, or otherwise classified data secure from adversary groups. The difference between OPSEC and InfoSec is that the former includes information as well as the security of people and their physical assets.
OpSec is taken especially seriously in the military, as it can mean the difference between victory and defeat, and the loss of life. In the Ukrainian and Syrian wars for example, soldiers taking selfies of themselves and posting them on social media exposed themselves to geolocation, thereby compromising their locations. In one case, a picture was used by their adversary to pinpoint the exact coordinates of a military base, sending a devastating airstrike soon after.
Why is OPSEC during COVID-19 especially sensitive? Because teamwork across all industries is being done remotely, often from home or a public space, where many digital fronts are more vulnerable than they would be in a controlled physical environment, and with a closed secure network.
“While government and military agencies are of the utmost importance,” Michael Fritzlo, Executive Chairman, Ironsphere, said in an interview with Pandemic Tech News, “the OPSEC principles established by top commanders with the rise of digital systems over the last several decades also apply to financial service institutions, healthcare providers, insurance companies, and more,”
Studies have shown that a number of cybersecurity breaches come from within a company, either by accident, through phishing for example, or with an insider employee working with competitors. In a world as interconnected as ours, data breaches can ruin a company, not only shaking its competitive edge, but also its customers’ trust.
“The definition [of OPSEC] continues to evolve and depends on each agency or enterprise’s mission and offering, but given the massive growth of cyberattacks, OPSEC is impossible to do well without software automation and AI” explains Fritzlo.
As institutions continue to expand their capabilities in OPSEC during COVID-19, it is possible that we will see a spike in automated cybersecurity adoptions. Entities that wish to retain the integrity of their information systems are forced to think outside the office.