The Covid-19 crisis is increasing the likelihood and impact of cyberattacks. PwC’s Pat Moran has some advice for businesses.
Many operational responses to Covid-19 could have a detrimental effect on your cybersecurity. Existing risks could be missed as security expenditure is cut, controls are relaxed and IT changes are rushed through without the routine change protocols.
The transition to remote working for the majority of staff creates its own risks, with network access being requested from multiple locations.
We have already seen evidence that cyberattackers are exploiting the extraordinary response caused by Covid-19, with hundreds of new phishing lures appearing every day. They are also likely to use VPN and video conferencing software lures to take advantage of users unfamiliar with remote working.
Threats need to be detected and responded to in real time during the Covid-19 crisis, and this is a significant challenge for a lot of companies. So what can businesses do now to ensure it, its staff and its business partners remain protected from cyberattacks?
Secure your new remote working practices
Covid-19 has forced businesses to shift to remote working at scale and at pace. Your IT infrastructure and requirements have changed, and so has the range of attack points for cybercriminals.
Have the right controls been applied to new systems or tools to support your employees with remote working? Are you ensuring that existing procedures and good practices are being maintained?
Businesses need to advise employees that cyberattacks are more likely, to be aware of agreed remote working practices and take responsibility for their connected activities.
Remote access systems should be fully patched, securely configured and resilient to withstand DDoS attacks.
Remote users should be told to only use approved solutions and should be prevented from using open-source or free cloud-based software. They should also be advised on safe habits such as working from a secure place, ensuring no one can read or access their computer, etc.
Ensure continuity of critical security functions
As the Covid-19 outbreak develops, your business needs to plan ahead and be resilient. You will need to ensure you have adequate cover for any key dependencies within your cybersecurity team. This will mean maximising the use of automation to perform key cybersecurity activities.
Make sure that you have an effective incident response plan in place. You should also review tactical actions and implement security controls which may have been overlooked during your initial crisis response activities.
Review your other security controls such as malware protection, data loss prevention, automated backup solutions and endpoint detection. You might also consider deploying asset tooling to ensure continued visibility as systems move away from the internal network
Counter any opportunistic cyberthreats
As well as reinforcing your security technology, organisations must remain alert for opportunistic threats. A big part of this will involve providing employees with specific guidance on how to spot suspicious activity.
Because employees are now working in new, unfamiliar ways, they can be susceptible to social engineering attacks and phishing attacks. Make sure your staff are prepared for and aware of targeted phishing campaigns using Covid-19 lures or email compromise attacks, which attempt to exploit different ways of working. Responding to an incident rapidly can minimise its impact.
Organisations should also guard against the increased risk of insider threats, especially where third parties are performing key activities such as system administration and IT Support. Where possible, apply controls across your IT infrastructure that can track and monitor this type of activity.
As well as those considerations, people including disgruntled employees who have lost their jobs from the effects of Covid-19 may see an opportunity to benefit from the pandemic by exploiting cybersecurity gaps.
It is vital that you keep in contact with your employees and your teams now to make sure they remain aware and on guard for cyberthreats.
The communications you distribute should be supportive and helpful. They should be reviewed by communications staff for consistency of messaging, and to ensure they are sent at the right time and to the right people.
By Pat Moran
Pat Moran is the head of cybercrime and IT forensics and a partner at PwC Ireland.
A version of this article originally appeared on PwC’s blog.