How to manage the cyber-risks of coronavirus COVID-19

03 April, 2020

The coronavirus COVID-19 outbreak is increasing the likelihood and impact of cyberattacks. As businesses scramble to react to significant challenges, vulnerabilities are possible. Persistent attackers are ready to exploit uncertainty in this unprecedented environment. What can you do to prepare your business to deal with the threats to your IT infrastructure that  COVID-19 is presenting?

Abstract image: a worm's eye view from inside an electricity pylon with a partially cloudy blue sky in the background.

The emerging COVID-19 threat landscape

Many operational responses to COVID-19 have the potential to have a detrimental effect on your cybersecurity. Existing risks could be missed as security expenditure is cut, controls are relaxed and IT changes are rushed through without the routine change protocols. The transition to remote working for the majority of staff creates its own cyber-risks, with network access being requested from multiple locations.

We have already seen evidence that cyberattackers are already exploiting the extraordinary response caused by COVID-19. The criminal threat actor behind Emotet, which provides malware delivery services, began using COVID-19 phishing lures in January 2020, while the crisis was still in its early stages. Other actors have since followed suit, with hundreds of new COVID-19 themed phishing lures appearing every day. We have identified criminal and state-sponsored campaigns exploiting COVID-19. We expect they will also use VPN and video conferencing software lures to take advantage of users unfamiliar with remote working.

With these threats in mind, what should you do now to ensure you, your staff and your business partners remain protected from cyberattacks?

Three ways to mitigate COVID-19 cybersecurity risks

1. Secure your new remote working practices

COVID-19 has forced businesses to shift to remote working at scale and at pace. Your IT infrastructure and requirements have changed, and so has the range of attack points for cybercriminals.

Have the right controls been applied to new systems or tools to support your employees with remote working? Are you ensuring that existing procedures and good practices are being maintained?

Businesses need to take a number of essential actions to ensure their security while employees work from home. These include:

Advising that cyberattacks are more likely, to be aware of agreed remote working practices and take responsibility for their connected activities.

Advising users to only use approved solutions and preventing them from using open-source or free cloud-based software.

Ensuring remote access systems are fully patched and securely configured.

Reviewing crisis-based tactical actions and implementing key security controls which may have been overlooked initially. 

Ensuring remote access systems are resilient to withstand DDoS attacks.

Advise employees on safe habits when working from home: Find a secure place at home to work ensuring that no one can read their screen or access their computer. Never leave devices unlocked while dealing with a domestic matter. Keep business conversations confidential.

2. Ensure continuity of critical security functions

As the COVID-19 outbreak develops, your business needs to plan ahead and be resilient. Ensure you have adequate cover for any key dependencies within your cybersecurity team. In turn this will mean maximising the use of automation to perform key cybersecurity activities. Is your IT infrastructure ready to support this way of working?

You might also consider

  • Identifying and monitoring critical security activities
  • Reviewing how key users are going to perform key tasks
  • Deploying asset tooling to ensure continued visibility as systems move away from the internal network

3. Counter any opportunistic cyberthreats

As well as reinforcing your security technology, organisations must remain alert for opportunistic threats. A big part of this will involve providing employees with specific guidance on how to spot suspicious activity. Make sure your staff are prepared for and aware of targeted phishing campaigns using COVID-19 lures, or email compromise attacks which attempt to exploit different ways of working. Responding to an incident rapidly can minimise its impact.

Organisations should also guard against the increased risk of insider threats, especially where third parties are performing key activities such as system administration and IT Support. Where possible, apply controls across your IT infrastructure that can track and monitor this type of activity.

How we can help you

We know that businesses are facing significant cybersecurity challenges which require rapid responses. Our experienced team is ready to work with you to address these issues and ensure your operations are robust and secure for the duration of the crisis and beyond.

We can help you with:

  • Designing security awareness programmes to address work-from-home (WFH) risks
  • Helping you make the right security design decisions to ensure that your remote working is secure
  • Providing you with network security monitoring tools that mitigate remote access risks
  • Assisting you with fulfilling your critical security functions in the absence of key personnel or business partners

Contact us

Pat Moran

Partner, PwC Ireland (Republic of)

Tel: +353 1 792 5308

Leonard McAuliffe

Director, PwC Ireland (Republic of)

Tel: +353 1 792 8632

Will O'Brien

Director, PwC Ireland (Republic of)

Tel: +353 1 792 8988

Ian Trinder

Director, PwC Ireland (Republic of)

Tel: +353 1 792 5343

Follow PwC Ireland