The coronavirus (COVID-19) outbreak has caused an increase in both the likelihood and impact of cyber attacks, as organisations react rapidly to potentially significant operational and financial challenges. The nature of the threat is also changing, with attackers exploiting uncertainty and unprecedented situations.
We expect that many initial organisational responses to COVID-19 will have a net-negative impact on the cyber security posture of the business. This will be both as a result of existing risks being left unaddressed as security expenditure is cut and IT changes are frozen, and as we see new risks emerging.
In our new whitepaper, we give an in-depth look at how COVID-19 has created new opportunities for cyber threat actors and the steps that organisations should take to mitigate these risks.
COVID-19 has forced organisations to shift rapidly to remote working at scale. This is likely to have a significant impact on both IT infrastructure requirements and the attack surface.
For example, security controls may not be applied to new systems or tools hastily stood up to support employees with remote working. Similarly, existing procedures and good practices may be side-stepped or become unavailable.
In our whitepaper, we outline a number of steps that organisations should take to ensure they maintain security while employees are working from home. These include:
Monitoring for shadow IT and moving users towards approved solutions;
Ensuring remote access systems are fully patched and securely configured;
Reviewing tactical actions and retrospectively implementing key security controls which may have been overlooked; and,
Ensuring remote access systems are sufficiently resilient to withstand DDOS attacks.
Organisations need to plan ahead so they can maintain resilient security functions as the COVID-19 outbreak develops. By closely following medical advice, you can plan for the expected peaks in COVID-19 cases and the higher numbers of employees likely to be absent from cyber security teams.
This will involve reducing the reliance on people, as well as maximising the use of process and technology to perform key cyber security activities. Further steps include:
Identifying and monitoring critical security activities;
Reviewing how privileged users are going to perform administration; and,
Deploying asset management tooling to ensure continued visibility as systems are moved away from the internal network.
As well as reinforcing their security technology, organisations need to remain alert to opportunistic threats. A big part of this will involve giving employees specific guidance on how to spot suspicious activity, such as targeted phishing campaigns using COVID-19 lures, or highlighting to finance teams increased risks of business email compromise attacks which attempt to exploit different or new ways of working.
Organisations should also guard against the increased risk of insider threats and apply quick-win technical controls across the IT estate where possible.
Threat actors are already exploiting the uncertainty and extraordinary response caused by the COVID-19 pandemic.
The criminal threat actor behind Emotet, which provides malware delivery services to sophisticated criminal actors including TrickBot, Ryuk and Dridex, began using COVID-19 phishing lures in January 2020, while the crisis was still in its early stages.
Other actors have since followed suit, with hundreds of new COVID-19 themed phishing lures being created each day. We have identified criminal and state-sponsored campaigns exploiting COVID-19 and anticipate they will also use VPN and video conferencing software lures to take advantage of users unfamiliar with remote working.
Advisory Director, Head of Risk Assurance, PwC Channel Islands
Tel: +44 7797 900015
