Cyber Risk Implications of the Coronavirus Outbreak
The outbreak of COVID-19 has caused significant disruption to businesses and a degree of panic within the employee community. Companies across the globe are activating contingency and business continuity plans and are allowing employees to work from home to limit the spread of the virus. In a new reality where millions of people are working remotely, secure networks are now more critical than ever, according to Aon.
Zamani Ngidi, Cyber Solutions Client Manager at Aon South Africa outlines the practical steps organisations can take to remain cyber resilient amid the crisis.
“Concern about the spread of the Coronavirus has triggered the largest “work-from-home” mobilisation in history. The Coronavirus outbreak is highlighting the risk resilience, or lack thereof, of organisations. Not only as far as restrictions implemented from the Presidency are concerned, but also from a sustainability perspective and what that constitutes in a world where global economic activity is impacted,” says Zamani.
“Covid-19 will fundamentally change the way we conduct business in future in respect of mobile and remote working, and this has significant cyber risk implications. Organisations will need to increase reliance on technology in order to navigate a business environment that is globally restricted in terms of physical movement and presence. The ability of employees to work from home (connectivity) will become more pronounced, and when coupled with possible disruptions from load shedding, creates a unique set of risks for South Africa.
“At the very least, organisations will need to reassess internal IT policies, crystalising risk mitigation efforts and re-assessing risk transfer programmes, arising from the dramatically increased reliance on technology for remote work forces,” says Zamani.
To remain operational and secure, Aon recommends that companies take the following steps:
- Defend Against the Phishing Wave
Malicious actors will leverage the intense focus placed on the virus and the fear and panic it creates. Security researchers have already observed phishing emails posing as alerts regarding COVID-19. These emails will typically contain attachments which purport to offer information about the outbreak or updates on how recipients may stay safe. In an environment where people are stressed and hungry for more information, there is a lack of commitment to security best practices.
This is the time for organisations to remind employees of the need for vigilance and the dangers of opening attachments and links from untrusted sources. Running a simulated spear phishing campaign can also demonstrate the level of resilience to these attacks. At a more technical level, up-to-date antivirus and monitoring tools can limit the effectiveness of these attacks.
Organisations will be experiencing an unprecedented amount of traffic accessing the network remotely. Companies with an agile workforce have been preparing for this contingency for some time and will be well-equipped to maintain network integrity through the use of sophisticated virtual private networks (VPNs) and multi-factor authentication. Enterprise security teams are recommended to increase monitoring for attacker activities deriving from work-from-home users, as employees’ personal computers are a weak point that attackers will leverage in order to gain access to corporate resources.
For those less prepared, COVID-19 presents a challenge. There is a risk that the increased volume of network traffic will place a strain on IT systems and personnel, in addition to employees accessing sensitive data and systems via unsecure networks or devices. We recommend that these organisations migrate as quickly as possible to remote working and Bring-Your-Own-Device (BYOD) standards. VPNs should be patched regularly (for example, a vulnerability in the Pulse Secure VPN was patched in April 2019 but companies which failed to update were falling victim to ransomware in December) and networks should be load-tested to ensure that the increased traffic can be handled.
A remote workforce can make it more difficult for IT staff to monitor and contain threats to network security. In an office environment, when a threat is detected, IT can immediately quarantine the device, disconnecting the endpoint (i.e. the compromised computer) from the corporate network while conducting investigations. Where users are working remotely, organisations should ensure that, to the extent possible, IT and Security colleagues are readily contactable and ideally able to physically address a compromise at its source. Sophisticated endpoint detection and response (EDR) software can also be used to quarantine workstations remotely, limiting the potential for malicious actors to move through the network.
As this risk moves beyond the technical, companies should adopt an enterprise risk approach. This can include rehearsing business continuity plans (BCP) and senior management response through tabletop crisis simulations that focus on cyber scenarios as well as how pandemics and other similarly disruptive events are likely to impact upon automation, connectivity and cyber resilience.
Companies can also safeguard against the increased risk of disruption through a robust cyber insurance policy which, in the event of a digital disruption to systems, can provide cover for business interruption losses, as well as the costs of engaging forensic experts to investigate and remediate a breach.
“COVID-19 presents many challenges to businesses across the entire globe but developments in technology means companies can remain operational and nimble in the face of uncertainty. Keeping a finger on the pulse of the pervasive cyber threats in the midst of this crisis is critical to ensuring that the increased reliance on connectivity and technology don’t scupper productivity any further,” concludes Zamani.
Breaking News »