Managing the impact of COVID-19 on Cybersecurity
Overnight businesses across the globe are operating in an environment of unprecedented digital dependency. The spread of the Corona virus means that today approximately one third of the world is in some form of lockdown, schools are closed, offices are closed, international travel is restricted, and most employees are working remotely.
No industry is immune to Covid-19. Companies in every economic sector have had to rapidly activate their business continuity plans in order to remain open. This dramatic shift in working arrangements on an unprecedented scale has propelled cyber security to the top of the business agenda.
Combine this with the knowledge that cyber criminals take advantage of any major disruption to launch attacks and cause malicious damage and the fact that most internal IT support teams are also working remotely and it is clear why cyber security is a key concern for business leaders.
Mitigating cyber security risks is imperative in order to ensure successful business continuity in the new world we are all operating in.
There are a number of critical cyber security risks which have emerged as directly as a result of the COVID-19 outbreak. There has been significant amounts of disinformation published online about the origin of the virus, ways to reduce the effect of the symptoms as well as stories about the effects of different strategies to combat the spread of the virus. At the same time there has also been a marked uptick in the number of phishing emails posing as Covid-19 information alerts.
Employees risk clicking on phishing messages in an attempt to stay up to date on important news and health advice. These phishing emails typically contain unsafe attachments which purport to offer new information about the outbreak or updates on how to remain safe. And there is little doubt that as the current restrictions persist, hackers and cyber criminals will continue to devise new and more effective phishing methods to target those working from home.
Work from home devices have also emerged as a potential weak point in many network’s security chains as an unprecedented amount of people across the globe access data remotely. This is putting many businesses operations and reputations at undue risk. Security breaches could result in avoidable downtime, increased costs and reputational damage at a time when management teams are trying to grapple with the economic effects of current restrictions on business.
As all business is being conducted remotely, our only connection to the world is often online. Therefore, maintaining a business’ online reputation becomes even more important to current operations as well as future business development.
Any security breach will have a greater impact on a business that is unprepared. Although most business leaders are aware that cyber risk is a priority to ensure that a business can remain open, many leaders have found that they do not have the structures in place to identify the new risks facing their business in the current working environment.
In recent years there has been little focus on pandemic risk when businesses have been updating their continuity planning as it was considered lower risk. In Aon’s latest Global Risk Management survey, the risk of a pandemic was the considered the 60th most important risk to the business community in 2019.
In order to mitigate these specific cyber security risks to ongoing business operations, Aon is recommending that all Irish businesses take a number of important steps. Firstly, run a formal vulnerability testing programme including a simulated spear phishing campaign which will test security best practices as well as show the level of resilience your operation has to this type of attack.
Secondly make sure that a sophisticated virtual private network is in place so that all employees have safe access to sensitive company data as they continue to work from home. It is imperative too that appropriate “patches” are applied in a timely manner. Companies should also ensure appropriate “BYOD - Bring Your Own Device” protocols are in place and staff are trained adequately. Finally, we recommend you seek to put in place an appropriate cyber insurance policy which will help to address the costs of defending claims arising from cyber incidents and costs associated with engaging technology experts to investigate any security breaches as well as resolving them. The Cyber insurance market and coverage has evolved rapidly in recent years in response to this fast-evolving exposure.
Business leaders are facing huge pressures to try and maintain day-to-day operations and generate cashflow as this crisis continues, but they must also ensure they protect their balance sheet. With the growing costs associated with cyber risk, businesses can reach out for help.
At Aon, we’ve developed the Cyber Quotient Evaluation (CyQu) to help provide companies pinpoint the greatest cyber risks to their organisation and the steps that can be taken to improve their cyber resilience.
Far too often, cyber becomes a priority only after a cyber incident has occurred. To better prepare against attack and risks, companies need to continually assess their risk profile, identify any gaps in their systems and proactively manage their defence.
For the latest insights and supports to help manage the pandemic risk faced by the Irish business community, check out our COVID-19 Response Site. For information on how to protect your business from critical cyber risks, check out https://www.aon.com/cyber-solutions/solutions/